Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1265572rwd; Thu, 8 Jun 2023 15:13:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6f2y2fGq/dJW3On9jnThqjwyOfTxXsMNr+wpSNu1exAKk4I8LOp0B7CjqOM65jSk7aLWvX X-Received: by 2002:a05:6a21:6da4:b0:116:d935:f74b with SMTP id wl36-20020a056a216da400b00116d935f74bmr3946275pzb.10.1686262383327; Thu, 08 Jun 2023 15:13:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686262383; cv=none; d=google.com; s=arc-20160816; b=LGw+xuPb6pr1Ogpwr5wfp86FLs3wydKT4JrTGOS//DP8kx61T5+WEwAcnvXNoSLXM+ EQ2miTNgip8+srT50UHpHk4ZV+gpw6ccNoh2Q+NdYmq/hMHrjxlS66ChU8UXJYyA1jv6 Jjbwvus+zspWMv7ANaw+7XzuS2cAdDW83WwFBuXWvA68PfJbR/zjPZy8LC/VJbBzZUPB c9uWHljgsAHNUGc5IcdhYFm8Pafol4qmnFKZu5Nk1SMn8Sv8MlfyULkx1iXQpwV8fljV 3bDz9j27nGTP6WW5wX4BsIY+89WpjddvgTXrBWnWAAN+oWuabZ+5nUDM+SStRl2Tv9/f Iowg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=P2ZH4jD9vKKGvduRgpk9rgSsx1Vrj/BJgxU7sD1sU5E=; b=Ey58tei75E9+qr243lI6hRRSf4pB0mzGWSjfczoxrWLzSzrMSWvx2no1DYgNAgeszH dLzwj3rhGmu2JhCGIE52jkqU0EzI3H1dQUNr+Wtu6XX8hsr50ERgeooJto62rsoaZe1A proI8DJ0PZyu4iJ9AN64j11HKd7Zb71y+EiaHaGr1w/TlFBwL87Uj+XTyKQ8eP7fU6Gg 8ZNQUfIZ4ngrjze+DMs5JGU895PXv1A20kYrwn9+uI2fT/1bNNRMnHSIr+6PyX3GD18a 0xV/HmnXpnbS82ggt4STb3Z3WLgb7BaP5tX6LbWKIf4A3nU1r3C2PZacdAsGrPtGTH+z 3jcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PY2OcR2X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s21-20020a63af55000000b00543ec6d7272si1578207pgo.321.2023.06.08.15.12.49; Thu, 08 Jun 2023 15:13:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PY2OcR2X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234560AbjFHVzf (ORCPT + 99 others); Thu, 8 Jun 2023 17:55:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229920AbjFHVzd (ORCPT ); Thu, 8 Jun 2023 17:55:33 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD9B61FE9 for ; Thu, 8 Jun 2023 14:55:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 51E5A65130 for ; Thu, 8 Jun 2023 21:55:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92874C433D2; Thu, 8 Jun 2023 21:55:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686261331; bh=jLLIY+6XSJEnROaCzPa2cWfvfUfImfLErJ0cuoIYyGM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PY2OcR2XIqmjOkJa9pEgbQUEQtTTesBr8kBDccpp+O9oUuJZarlgUG2A/BKmmrYfZ a42HZQ0ESa5M2JKbDiQ40tREnJzfUk9mKKZbkyoLKHYuN2YiVBBdJmSWemmmuvzvG9 ZNHfAwdY9gtdTLkSRfbeHkDukF87wFfCe1Aya3mPo6sfgChzHDJRxrRJ3bCb09AYTQ SDNsT2KXlyU1rm9xCFQ2qW9nSyS4/lz3x3oCQ6O5fcfNwrrHEPc67d/V2x2stK7m6k nmWyp1PDWfA7yrZzWIz+ZazhJhIFmeggvTNA3Z0q2jdXEoL6SDG32yhz4tPIoEtIZ0 6gNggbFSCE1lQ== Date: Thu, 8 Jun 2023 22:55:26 +0100 From: Will Deacon To: Mostafa Saleh Cc: Oliver Upton , maz@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, tabba@google.com, kaleshsingh@google.com, catalin.marinas@arm.com, yuzenghui@huawei.com, suzuki.poulose@arm.com, james.morse@arm.com Subject: Re: [PATCH] KVM: arm64: Use different pointer authentication keys for pKVM Message-ID: <20230608215525.GA2742@willie-the-truck> References: <20230516141531.791492-1-smostafa@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 29, 2023 at 11:17:51AM +0000, Mostafa Saleh wrote: > On Fri, May 26, 2023 at 08:47:52PM +0000, Oliver Upton wrote: > > On Tue, May 16, 2023 at 02:15:31PM +0000, Mostafa Saleh wrote: > > > When the kernel is compiled with CONFIG_ARM64_PTR_AUTH_KERNEL, it > > > uses Armv8.3-Pauth for return address protection for the kernel code > > > including nvhe code in EL2. > > > > > > Same keys are used in both kernel(EL1) and nvhe code(EL2), this is > > > fine for nvhe but not when running in protected mode(pKVM) as the host > > > can't be trusted. > > > > But we trust it enough to hand pKVM a fresh set of keys before firing > > off? I understand there is some degree of initialization required to get > > pKVM off the ground, but I question in this case if key handoff is > > strictly necessary. > > > > There are potentially other sources of random directly available at EL2, > > such as the SMCCC TRNG ABI or FEAT_RNG. Should pKVM prefer one of these > > random implementations and only fall back to host-provided keys if > > absolutely necessary? > > > According to my understanding, the kernel is still completely trusted at > this point (it sets the initial page table for the hypervisor), so I > believe it should be fine to trust it for ptrauth keys. However, I agree, > it would be better if the hypervisor can get its own keys through > firmware/hardware if supported. I will add this in V2. I appreciate the sentiment, but I think we should avoid adding additional complexity here if it adds no security benefit. If nothing else, it adds pointless overhead, but beyond that it gives the false illusion of a security boundary. Prior to deprivilege, the kernel can write to the hypervisor text, modify its stage-1 page-table and change its data values. I think the pointer auth keys are the least of our worries if it's compromised... Will