From: Baolu Lu <baolu.lu@linux.intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Steve Wahl <steve.wahl@hpe.com>, David Airlie <airlied@linux.ie>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Will Deacon <will@kernel.org>, Christoph Hellwig <hch@lst.de>,
Ashok Raj <ashok.raj@intel.com>, Ingo Molnar <mingo@redhat.com>,
Kevin Tian <kevin.tian@intel.com>,
Jani Nikula <jani.nikula@linux.intel.com>,
Ning Sun <ning.sun@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org,
Daniel Vetter <daniel@ffwll.ch>, Borislav Petkov <bp@alien8.de>,
Robin Murphy <robin.murphy@arm.com>
Subject: Re: [PATCH 6/7] x86/boot/tboot: Move tboot_force_iommu() to Intel IOMMU
Date: Wed, 18 May 2022 15:38:08 +0800 [thread overview]
Message-ID: <efab101f-14e2-ab5c-810d-c355aebaad52@linux.intel.com> (raw)
In-Reply-To: <20220517111350.GR1343366@nvidia.com>
On 2022/5/17 19:13, Jason Gunthorpe wrote:
> On Tue, May 17, 2022 at 10:05:43AM +0800, Baolu Lu wrote:
>> Hi Jason,
>>
>> On 2022/5/17 02:06, Jason Gunthorpe wrote:
>>>> +static __init int tboot_force_iommu(void)
>>>> +{
>>>> + if (!tboot_enabled())
>>>> + return 0;
>>>> +
>>>> + if (no_iommu || dmar_disabled)
>>>> + pr_warn("Forcing Intel-IOMMU to enabled\n");
>>> Unrelated, but when we are in the special secure IOMMU modes, do we
>>> force ATS off? Specifically does the IOMMU reject TLPs that are marked
>>> as translated?
>>
>> Good question. From IOMMU point of view, I don't see a point to force
>> ATS off, but trust boot involves lots of other things that I am not
>> familiar with. Anybody else could help to answer?
>
> ATS is inherently not secure, if a rouge device can issue a TLP with
> the translated bit set then it has unlimited access to host memory.
Agreed. The current logic is that the platform lets the OS know such
devices through firmware (ACPI/DT) and OS sets the untrusted flag in
their device structures. The IOMMU subsystem will disable ATS on devices
with the untrusted flag set.
There is some discussion about allowing the supervisor users to set the
trust policy through the sysfs ABI, but I don't think this has happened
in upstream kernel.
> Many of these trusted iommu scenarios rely on the idea that a rouge
> device cannot DMA to arbitary system memory.
I am not sure whether tboot has the same requirement.
Best regards,
baolu
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2022-05-18 7:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-14 1:43 [PATCH 0/7] iommu/vt-d: Make intel-iommu.h private Lu Baolu
2022-05-14 1:43 ` [PATCH 1/7] iommu/vt-d: Move trace/events/intel_iommu.h under iommu Lu Baolu
2022-05-16 18:04 ` Jason Gunthorpe via iommu
2022-05-14 1:43 ` [PATCH 2/7] agp/intel: Use per device iommu check Lu Baolu
2022-05-16 18:04 ` Jason Gunthorpe via iommu
2022-05-14 1:43 ` [PATCH 3/7] iommu/vt-d: Remove unnecessary exported symbol Lu Baolu
2022-05-16 18:04 ` Jason Gunthorpe via iommu
2022-05-14 1:43 ` [PATCH 4/7] drm/i915: Remove unnecessary include Lu Baolu
2022-05-16 7:28 ` Jani Nikula
2022-05-16 18:04 ` Jason Gunthorpe via iommu
2022-05-14 1:43 ` [PATCH 5/7] KVM: x86: " Lu Baolu
2022-05-16 18:05 ` Jason Gunthorpe via iommu
2022-05-14 1:43 ` [PATCH 6/7] x86/boot/tboot: Move tboot_force_iommu() to Intel IOMMU Lu Baolu
2022-05-16 18:06 ` Jason Gunthorpe via iommu
2022-05-16 22:58 ` Jacob Pan
2022-05-17 2:05 ` Baolu Lu
2022-05-17 11:13 ` Jason Gunthorpe via iommu
2022-05-18 7:38 ` Baolu Lu [this message]
2022-05-14 1:43 ` [PATCH 7/7] iommu/vt-d: Move include/linux/intel_iommu.h under iommu Lu Baolu
2022-05-16 18:06 ` Jason Gunthorpe via iommu
2022-05-16 5:54 ` [PATCH 0/7] iommu/vt-d: Make intel-iommu.h private Christoph Hellwig
2022-05-18 18:41 ` Steve Wahl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efab101f-14e2-ab5c-810d-c355aebaad52@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=airlied@linux.ie \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=daniel@ffwll.ch \
--cc=dave.hansen@linux.intel.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=jani.nikula@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=ning.sun@intel.com \
--cc=pbonzini@redhat.com \
--cc=robin.murphy@arm.com \
--cc=rodrigo.vivi@intel.com \
--cc=steve.wahl@hpe.com \
--cc=tglx@linutronix.de \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).