Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp692187rdb; Mon, 29 Jan 2024 15:33:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IGtoo6iNk+q3YnPZ46RzbySl615TL0+mWgeSI5fhN6lkfz8vvEhmhi7tvy2jN0I3zT8HXfU X-Received: by 2002:a05:6402:504:b0:55e:f164:7765 with SMTP id m4-20020a056402050400b0055ef1647765mr3119991edv.32.1706571224859; Mon, 29 Jan 2024 15:33:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706571224; cv=pass; d=google.com; s=arc-20160816; b=Z2/4uwRJDIvyVaEcsnMbsyDh/r/dLoHB8Q9Qs9ImgJIUfyo/+xup6Kql/97joQSOpo Z2WtJWX6dBJgw1vfDfkPCO4BxWlMdVFUrp2covtR4jKzbC1z3ab2p3kDBORFLvKme28L uQQzlLuW4ua866PXDroaxCTtPj8y25dRUzLxiDddv9UGd/Saz2S15TdI9D/Lg9AmLyGN SOXwSU5AjdfT41q4rf37JIZ1QyFuHhhU6cvMd9K+3+hQyuvxXUCRIuBsvaY2I6WDCVwT cmO3yE+aHEiewHr7Ml9vvyrYSOk4JN/cCXAxCLW6oCuyztIOE5PRq0V/eFCEYr9SC0ki QF+g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:references:in-reply-to :user-agent:subject:cc:to:from:date:dkim-signature:dkim-filter; bh=dMdxJcUP8c3cDYLuvHfVw+2PnigP9QSwGBLu/phk4io=; fh=irW/4zVowq22TPklJI42vpo0NYi9tFeOt72wIT/QcmY=; b=isKCy0XmsMWjyFHJitG1LKuI44JakQZSzCqQXgGfpuqJQGxGX/jwjJ1KytkGwcD/Dc jmq7M0CRAU3yiecm0vPczqTncCzcH8b6J0ZHhNjjSV+TogAzkIP4GRHr7kF73GzncdI4 9+GALRZuHba7V1KyCW1ed5WoX8VIqXTFLZcaU+R+8ZF1nsdPE6VWAjRskDuR5Z/DSmjW 6eOPZD7o/BSIakUeocywTbH9MIb1rT8k7cThGUzDxercm6f7mpcXIG3BeU1IfsyYfgE1 wliAOqqLLgzm+GjGw+Jd/LL5e3oyYtlvorn2Ue1N9TGPr3h28VsG2S9uFkCbrQrgqWEH DZjw== ARC-Authentication-Results: i=2; mx.google.com; dkim=temperror (no key for signature) header.i=@zytor.com header.s=2024011201 header.b=WYbVoSWU; arc=pass (i=1 spf=pass spfdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-43632-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43632-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id u21-20020a50c055000000b0055f1893ea28si860028edd.430.2024.01.29.15.33.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jan 2024 15:33:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-43632-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@zytor.com header.s=2024011201 header.b=WYbVoSWU; arc=pass (i=1 spf=pass spfdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-43632-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43632-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 97B7F1F249E8 for ; Mon, 29 Jan 2024 23:33:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BF954524BB; Mon, 29 Jan 2024 23:33:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="WYbVoSWU" Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CDA52C6B0 for ; Mon, 29 Jan 2024 23:33:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706571219; cv=none; b=t31SzzbnPf/Y5eZefV12Izic0SMRBdAbEdOyyypbMirnn8Ij0daBgmdBVdRU02dhZ99dJTXR/Pur9sUhQBVQrInWJ5ebM45jyj4Ostt6Imr2vgt5YZZDgSk08XPlZMJI43p2YeIuJ0mZfZTNjWDhYlLHUT13j2VspHFxnilYKDg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706571219; c=relaxed/simple; bh=YjwfMXWZsf+XqE4Tw9Kf9JKK1SZ7QehrSXajKRuMlMU=; h=Date:From:To:CC:Subject:In-Reply-To:References:Message-ID: MIME-Version:Content-Type; b=k7iAG4e+t5Hg21cHncV4Hw/oIoiHO70mZ4KdOkGAn45ZVEYHS5AGwA8b3EOBqivMg9Rq7s1KBDuSxXWRheTfUO6rP6VkZPmm8eqs4BOCw2FNT+a3WQb7ss8AGY7DIY5YhRPreubjHFOlwWtnD2SLUyxpHimJLT9Z7ysBxIWHpFY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=fail (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=WYbVoSWU reason="signature verification failed"; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Received: from [127.0.0.1] ([76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 40TNWtEG2398380 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 29 Jan 2024 15:32:56 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 40TNWtEG2398380 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024011201; t=1706571178; bh=dMdxJcUP8c3cDYLuvHfVw+2PnigP9QSwGBLu/phk4io=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=WYbVoSWUCVa0XSn6inNrYE19r8IJncWYZS3Mw6nN1tkOJPN2bKLoBJxf1SxJhwaI1 nXfCwMs4T4+mLwifphUG1QlIHFjoSKuGWXpn4vBRxP+hirIDWxINMRnsnOVGtmVhYo Yg9uoa1TfE7kmwVlrRao9kQED+bdrQslwpG6DGOhjGDHpvqr7gK7JIhZ/4mq/2wfdH il0jEXj41XQ8pAPWoWbMai8neRcul9sp8AqCNrKBoPthDNG2DmmCyrwlJ40As4QZbq yTr4q4IsvNSA1PniQsZ2e1swPk5Ju2ub9MCujLYT6Tb9g4d9PFAWwTH4GURRMvb9Ie pT4RwWTJl17mA== Date: Mon, 29 Jan 2024 15:32:52 -0800 From: "H. Peter Anvin" To: Dave Hansen , "Kirill A. Shutemov" CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "Theodore Ts'o" , "Jason A. Donenfeld" , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [RFC] Randomness on confidential computing platforms User-Agent: K-9 Mail for Android In-Reply-To: References: <20240126134230.1166943-1-kirill.shutemov@linux.intel.com> <276aaeee-cb01-47d3-a3bf-f8fa2e59016c@intel.com> <3a37eae3-9d3c-420c-a1c7-2d14f6982774@intel.com> Message-ID: <5861735E-8DE0-42D4-B7CE-E69F129CA7C8@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On January 29, 2024 2:18:50 PM PST, Dave Hansen = wrote: >On 1/29/24 13:33, Kirill A=2E Shutemov wrote: >>> Let's assume buggy userspace exists=2E Is that userspace *uniquely* >>> exposed to a naughty VMM or is that VMM just added to the list of thin= gs >>> that can attack buggy userspace? >> This is good question=2E >>=20 >> VMM has control over when a VCPU gets scheduled and on what CPU which >> gives it tighter control over the target workload=2E It can make a >> difference if there's small window for an attack before RDRAND is >> functional again=2E > >This is all a bit too theoretical for my taste=2E I'm fine with doing >some generic mitigation (WARN_ON_ONCE(hardware_is_exhausted)), but we're >talking about a theoretical attack with theoretical buggy software when >in a theoretically unreachable hardware state=2E > >Until it's clearly much more practical, we have much bigger problems to >worry about=2E Again, do we even have a problem with the "hold the boot until we have ent= ropy"option?