From: Lukas Wunner <lukas@wunner.de>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
"Shishkin, Alexander" <alexander.shishkin@intel.com>,
"Shutemov, Kirill" <kirill.shutemov@intel.com>,
"Kuppuswamy,
Sathyanarayanan" <sathyanarayanan.kuppuswamy@intel.com>,
"Kleen, Andi" <andi.kleen@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
"Poimboe, Josh" <jpoimboe@redhat.com>,
"aarcange@redhat.com" <aarcange@redhat.com>,
Cfir Cohen <cfir@google.com>, Marc Orr <marcorr@google.com>,
"jbachmann@google.com" <jbachmann@google.com>,
"pgonda@google.com" <pgonda@google.com>,
"keescook@chromium.org" <keescook@chromium.org>,
James Morris <jmorris@namei.org>,
Michael Kelley <mikelley@microsoft.com>,
"Lange, Jon" <jlange@microsoft.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jonathan Cameron <Jonathan.Cameron@Huawei.com>,
linux-pci@vger.kernel.org
Subject: Re: Linux guest kernel threat model for Confidential Computing
Date: Wed, 25 Jan 2023 22:53:33 +0100 [thread overview]
Message-ID: <20230125215333.GA18160@wunner.de> (raw)
In-Reply-To: <Y9FDZPV7qENtNNyk@work-vm>
[cc += Jonathan Cameron, linux-pci]
On Wed, Jan 25, 2023 at 02:57:40PM +0000, Dr. David Alan Gilbert wrote:
> Greg Kroah-Hartman (gregkh@linuxfoundation.org) wrote:
> > Great, so why not have hardware attestation also for your devices you
> > wish to talk to? Why not use that as well? Then you don't have to
> > worry about anything in the guest.
>
> There were some talks at Plumbers where PCIe is working on adding that;
> it's not there yet though. I think that's PCIe 'Integrity and Data
> Encryption' (IDE - sigh), and PCIe 'Security Prtocol and Data Model' -
> SPDM. I don't know much of the detail of those, just that they're far
> enough off that people aren't depending on them yet.
CMA/SPDM (PCIe r6.0 sec 6.31) is in active development on this branch:
https://github.com/l1k/linux/commits/doe
It will allow for authentication of PCIe devices. Goal is to submit
this quarter (Q1). Afterwards we'll look into retrieving measurements
via CMA/SPDM and bringing up IDE encryption.
It's a kernel-native implementation which uses the existing crypto and
keys infrastructure and is wired into the appropriate places in the
PCI core to authenticate devices on enumeration and reauthenticate
when CMA/SPDM state is lost (after resume from D3cold, after a
Secondary Bus Reset and after a DPC-induced Hot Reset).
The device authentication service afforded here is generic.
It is up to users and vendors to decide how to employ it,
be it for "confidential computing" or something else.
Trusted root certificates to validate device certificates can be
installed into a kernel keyring using the familiar keyctl(1) utility,
but platform-specific roots of trust (such as a HSM) could be
supported as well.
I would like to stress that this particular effort is a collaboration
of multiple vendors. It is decidedly not a single vendor trying to
shoehorn something into upstream, so the criticism that has been
leveled upthread against other things does not apply here.
The Plumbers BoF you're referring to was co-authored by Jonathan Cameron
and me and its purpose was precisely to have an open discussion and
align on an approach that works for everyone:
https://lpc.events/event/16/contributions/1304/
> a) there's no good way to authenticate a PCI device yet
> - any nasty device can claim to have a given PCI ID.
CMA/SPDM prescribes that the Subject Alternative Name of the device
certificate contains the Vendor ID, Device ID, Subsystem Vendor ID,
Subsystem ID, Class Code, Revision and Serial Number (PCIe r6.0
sec 6.31.3).
Thus a forged Device ID in the Configuration Space Header will result
in authentication failure.
Thanks,
Lukas
next prev parent reply other threads:[~2023-01-25 21:53 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 12:28 Linux guest kernel threat model for Confidential Computing Reshetova, Elena
2023-01-25 12:43 ` Greg Kroah-Hartman
2023-01-25 13:42 ` Dr. David Alan Gilbert
2023-01-25 14:13 ` Daniel P. Berrangé
2023-01-25 15:29 ` Dr. David Alan Gilbert
2023-01-26 14:23 ` Richard Weinberger
2023-01-26 14:58 ` Dr. David Alan Gilbert
2023-01-26 15:13 ` Richard Weinberger
2023-01-26 15:22 ` Dr. David Alan Gilbert
2023-01-26 15:55 ` Daniel P. Berrangé
2023-01-27 9:02 ` Jörg Rödel
2023-01-26 15:43 ` Daniel P. Berrangé
2023-01-27 11:23 ` Reshetova, Elena
2023-01-30 11:30 ` Christophe de Dinechin
2023-01-25 14:22 ` Greg Kroah-Hartman
2023-01-25 14:30 ` James Bottomley
2023-01-25 14:57 ` Dr. David Alan Gilbert
2023-01-25 15:16 ` Greg Kroah-Hartman
2023-01-25 15:45 ` Michael S. Tsirkin
2023-01-25 16:02 ` Kirill A. Shutemov
2023-01-25 17:47 ` Michael S. Tsirkin
2023-01-25 15:50 ` Dr. David Alan Gilbert
2023-01-25 18:47 ` Jiri Kosina
2023-01-26 9:19 ` Jörg Rödel
2023-01-25 21:53 ` Lukas Wunner [this message]
2023-01-26 10:48 ` Dr. David Alan Gilbert
2023-01-26 11:24 ` Jonathan Cameron
2023-01-26 13:32 ` Samuel Ortiz
[not found] ` <CAGXJix9-cXNW7EwJf0PVzj_Qmt5fmQvBX1KvXfRX5NAeEpnMvw@mail.gmail.com>
2023-01-26 10:58 ` Jonathan Cameron
2023-01-26 13:15 ` Samuel Ortiz
2023-01-26 16:07 ` Jonathan Cameron
2023-01-27 7:02 ` Samuel Ortiz
2023-01-26 15:44 ` Lukas Wunner
2023-01-26 16:25 ` Michael S. Tsirkin
2023-01-26 21:41 ` Lukas Wunner
2023-01-27 7:17 ` Samuel Ortiz
2023-01-25 20:13 ` Jiri Kosina
2023-01-26 13:13 ` Reshetova, Elena
2023-01-25 15:29 ` Reshetova, Elena
2023-01-25 16:40 ` Theodore Ts'o
2023-01-26 8:08 ` Reshetova, Elena
2023-01-26 11:19 ` Leon Romanovsky
2023-01-26 11:29 ` Reshetova, Elena
2023-01-26 12:30 ` Leon Romanovsky
2023-01-26 13:28 ` Reshetova, Elena
2023-01-26 13:50 ` Leon Romanovsky
2023-01-26 20:54 ` Theodore Ts'o
2023-01-27 19:24 ` James Bottomley
2023-01-30 7:42 ` Reshetova, Elena
2023-01-30 12:40 ` James Bottomley
2023-01-31 11:31 ` Reshetova, Elena
2023-01-31 13:28 ` James Bottomley
2023-01-31 15:14 ` Christophe de Dinechin
2023-01-31 17:39 ` Michael S. Tsirkin
2023-02-01 10:52 ` Christophe de Dinechin Dupont de Dinechin
2023-02-01 11:01 ` Michael S. Tsirkin
2023-02-01 13:15 ` Christophe de Dinechin Dupont de Dinechin
2023-02-01 16:02 ` Michael S. Tsirkin
2023-02-01 17:13 ` Christophe de Dinechin
2023-02-06 18:58 ` Dr. David Alan Gilbert
2023-02-02 3:24 ` Jason Wang
2023-02-01 10:24 ` Christophe de Dinechin
2023-01-31 16:34 ` Reshetova, Elena
2023-01-31 17:49 ` James Bottomley
2023-02-02 14:51 ` Jeremi Piotrowski
2023-02-03 14:05 ` Reshetova, Elena
2023-01-27 9:32 ` Jörg Rödel
2023-01-26 13:58 ` Dr. David Alan Gilbert
2023-01-26 17:48 ` Reshetova, Elena
2023-01-26 18:06 ` Leon Romanovsky
2023-01-26 18:14 ` Dr. David Alan Gilbert
2023-01-26 16:29 ` Michael S. Tsirkin
2023-01-27 8:52 ` Reshetova, Elena
2023-01-27 10:04 ` Michael S. Tsirkin
2023-01-27 12:25 ` Reshetova, Elena
2023-01-27 14:32 ` Michael S. Tsirkin
2023-01-27 20:51 ` Carlos Bilbao
2023-01-30 11:36 ` Christophe de Dinechin
2023-01-30 12:00 ` Kirill A. Shutemov
2023-01-30 15:14 ` Michael S. Tsirkin
2023-01-31 10:06 ` Reshetova, Elena
2023-01-31 16:52 ` Christophe de Dinechin
2023-02-02 11:31 ` Reshetova, Elena
2023-02-07 0:27 ` Carlos Bilbao
2023-02-07 6:03 ` Greg Kroah-Hartman
2023-02-07 19:53 ` Carlos Bilbao
2023-02-07 21:55 ` Michael S. Tsirkin
2023-02-08 1:51 ` Theodore Ts'o
2023-02-08 9:31 ` Michael S. Tsirkin
2023-02-08 10:44 ` Reshetova, Elena
2023-02-08 10:58 ` Greg Kroah-Hartman
2023-02-08 16:19 ` Christophe de Dinechin
2023-02-08 17:29 ` Greg Kroah-Hartman
2023-02-08 18:02 ` Dr. David Alan Gilbert
2023-02-08 18:58 ` Thomas Gleixner
2023-02-09 19:48 ` Dr. David Alan Gilbert
2023-02-08 13:00 ` Michael S. Tsirkin
2023-02-08 13:42 ` Theodore Ts'o
2023-02-08 7:19 ` Greg Kroah-Hartman
2023-02-08 10:16 ` Reshetova, Elena
2023-02-08 13:15 ` Michael S. Tsirkin
2023-02-09 14:30 ` Reshetova, Elena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230125215333.GA18160@wunner.de \
--to=lukas@wunner.de \
--cc=Jonathan.Cameron@Huawei.com \
--cc=aarcange@redhat.com \
--cc=alexander.shishkin@intel.com \
--cc=andi.kleen@intel.com \
--cc=cfir@google.com \
--cc=dave.hansen@intel.com \
--cc=dgilbert@redhat.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=jbachmann@google.com \
--cc=jlange@microsoft.com \
--cc=jmorris@namei.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=marcorr@google.com \
--cc=mika.westerberg@linux.intel.com \
--cc=mikelley@microsoft.com \
--cc=mst@redhat.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=sathyanarayanan.kuppuswamy@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).