From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: Rajat Jain <rajatja@google.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Len Brown <lenb@kernel.org>, Bjorn Helgaas <bhelgaas@google.com>,
linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, rajatxjain@gmail.com,
dtor@google.com, jsbarnes@google.com,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Pavel Machek <pavel@denx.de>,
Oliver O'Halloran <oohall@gmail.com>,
Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted
Date: Sat, 22 Jan 2022 15:46:05 +0100 [thread overview]
Message-ID: <YewYrQeHsJWpNI5p@kroah.com> (raw)
In-Reply-To: <20220121214117.GA1154852@bhelgaas>
On Fri, Jan 21, 2022 at 03:41:17PM -0600, Bjorn Helgaas wrote:
> [+cc Greg, Jean-Philippe, Mika, Pavel, Oliver, Joerg since they
> commented on previous "external-facing" discussion]
>
> On Wed, Jan 19, 2022 at 04:04:09PM -0800, Rajat Jain wrote:
> > Today the pci_dev->untrusted is set for any devices sitting downstream
> > an external facing port (determined via "ExternalFacingPort" property).
> > This however, disallows any internal devices to be marked as untrusted.
>
> This isn't stated quite accurately. "dev->untrusted" is currently set
> only by set_pcie_untrusted(), when "dev" has an upstream bridge that
> is either external-facing or untrusted.
>
> But that doesn't disallow or prevent internal devices from being
> marked as untrusted; it just doesn't implement that.
>
> > There are use-cases though, where a platform would like to treat an
> > internal device as untrusted (perhaps because it runs untrusted
> > firmware, or offers an attack surface by handling untrusted network
> > data etc).
Who is making this policy decision?
> > This patch introduces a new "UntrustedDevice" property that can be used
> > by the firmware to mark any device as untrusted.
Is this in the ACPI standard? If so, where?
This notion of "trust" for PCI devices is crazy, as I have stated a
number of times before. But at least you are not trying to say kernel
code is trusted or not.
thanks,
greg k-h
next prev parent reply other threads:[~2022-01-22 14:46 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 0:04 [PATCH] PCI: ACPI: Allow internal devices to be marked as untrusted Rajat Jain
2022-01-20 2:25 ` Dmitry Torokhov
2022-01-20 15:08 ` Rajat Jain
2022-01-27 23:02 ` Rajat Jain
2022-01-21 21:41 ` Bjorn Helgaas
2022-01-22 14:46 ` Greg Kroah-Hartman [this message]
2022-01-24 6:27 ` Mika Westerberg
2022-01-25 10:58 ` Mika Westerberg
2022-01-25 11:15 ` Greg Kroah-Hartman
2022-01-25 12:55 ` Mika Westerberg
2022-01-25 14:45 ` Rafael J. Wysocki
2022-01-27 22:26 ` Rajat Jain
2022-01-28 7:48 ` Mika Westerberg
2022-01-28 21:34 ` Rajat Jain
2022-01-30 14:30 ` Rafael J. Wysocki
2022-01-31 6:41 ` Mika Westerberg
2022-01-31 19:57 ` Rajat Jain
2022-02-02 2:05 ` Rajat Jain
2022-01-28 9:55 ` Jean-Philippe Brucker
2022-01-25 14:40 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YewYrQeHsJWpNI5p@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=bhelgaas@google.com \
--cc=dtor@google.com \
--cc=helgaas@kernel.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jsbarnes@google.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=oohall@gmail.com \
--cc=pavel@denx.de \
--cc=rafael@kernel.org \
--cc=rajatja@google.com \
--cc=rajatxjain@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.