From: Kai Huang <kai.huang@intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Hans de Goede <hdegoede@redhat.com>,
Mark Gross <mgross@linux.intel.com>
Cc: "H . Peter Anvin" <hpa@zytor.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
linux-kernel@vger.kernel.org,
platform-driver-x86@vger.kernel.org
Subject: Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver
Date: Wed, 20 Apr 2022 11:02:44 +1200 [thread overview]
Message-ID: <79119cc04552617ad462d314dcd8bdbec90a1b20.camel@intel.com> (raw)
In-Reply-To: <ec60ed6f-eafc-80eb-affc-3102c5dc3165@intel.com>
On Tue, 2022-04-19 at 15:49 -0700, Dave Hansen wrote:
> On 4/19/22 15:21, Kai Huang wrote:
> > On Tue, 2022-04-19 at 07:13 -0700, Dave Hansen wrote:
> > > On 4/19/22 00:47, Kai Huang wrote:
> > > > > From security's perspective, attestation is an essential part of TDX. That
> > > > being said, w/o attestation support in TD guest, I guess nobody will seriously
> > > > use TD guest.
> > > Are you saying you can't think of a single threat model where there's a
> > > benefit to running a TDX guest without attestation? Will TDX only be
> > > used in environments where secrets are provisioned to guests on the
> > > basis of attestation?
> > >
> > I don't think anyone should provision secret to a TD before it get attested that
> > it is a genuine TD that he/she expected. If someone does that, he/she takes the
> > risk of losing the secret. Of course if someone just want to try a TD then w/o
> > attestation is totally fine.
>
> Yeah, but you said:
>
> w/o attestation support in TD guest, I guess nobody will
> seriously use TD guest.
>
> I'm trying to get to the bottom of that. That's a much more broad
> statement than something about when it's safe to deploy secrets.
>
> There are lots of secrets deployed in (serious) VMs today. There are
> lots of secrets deployed in (serious) SEV VMs that don't have
> attestation. Yet, the world somehow hasn't come crashing down.
>
> I think it's crazy to say that nobody will deploy secrets to TDX VMs
> without attestation. I think it's a step father into crazy land to say
> that no one will "seriously" use TDX guests without attestation.
>
> Let's be honest about this and not live in some fantasy world, please.
OK agree. No argument about this.
--
Thanks,
-Kai
next prev parent reply other threads:[~2022-04-19 23:02 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-15 22:01 [PATCH v3 0/4] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-04-15 22:01 ` [PATCH v3 1/4] x86/tdx: Add tdx_mcall_tdreport() API support Kuppuswamy Sathyanarayanan
2022-04-19 2:29 ` Kai Huang
2022-04-19 3:37 ` Sathyanarayanan Kuppuswamy
2022-04-19 3:51 ` Kai Huang
2022-04-19 3:53 ` Sathyanarayanan Kuppuswamy
2022-04-15 22:01 ` [PATCH v3 2/4] x86/tdx: Add tdx_hcall_get_quote() " Kuppuswamy Sathyanarayanan
2022-04-19 2:59 ` Kai Huang
2022-04-19 4:04 ` Sathyanarayanan Kuppuswamy
2022-04-19 4:40 ` Kai Huang
2022-04-19 5:28 ` Sathyanarayanan Kuppuswamy
2022-04-19 7:21 ` Kai Huang
2022-04-20 3:39 ` Aubrey Li
2022-04-20 7:16 ` Sathyanarayanan Kuppuswamy
2022-04-20 8:08 ` Aubrey Li
2022-04-22 17:24 ` Isaku Yamahata
2022-04-25 3:06 ` Aubrey Li
2022-04-15 22:01 ` [PATCH v3 3/4] x86/tdx: Add TDX Guest event notify interrupt support Kuppuswamy Sathyanarayanan
2022-04-15 22:01 ` [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-04-19 7:47 ` Kai Huang
2022-04-19 8:13 ` Borislav Petkov
2022-04-19 12:48 ` Sathyanarayanan Kuppuswamy
2022-04-20 22:00 ` Borislav Petkov
2022-04-20 22:09 ` Sathyanarayanan Kuppuswamy
2022-04-21 9:10 ` Borislav Petkov
2022-04-21 14:54 ` Sathyanarayanan Kuppuswamy
2022-04-19 8:16 ` Kai Huang
2022-04-19 14:00 ` Sathyanarayanan Kuppuswamy
2022-04-19 22:38 ` Kai Huang
2022-04-19 14:13 ` Dave Hansen
2022-04-19 14:19 ` Sathyanarayanan Kuppuswamy
2022-04-19 14:24 ` Dave Hansen
2022-04-19 14:26 ` Sathyanarayanan Kuppuswamy
2022-04-19 22:21 ` Kai Huang
2022-04-19 22:49 ` Dave Hansen
2022-04-19 23:02 ` Kai Huang [this message]
2022-04-20 1:20 ` Isaku Yamahata
2022-04-20 1:26 ` Sathyanarayanan Kuppuswamy
2022-04-21 7:04 ` Isaku Yamahata
2022-04-21 14:44 ` Sathyanarayanan Kuppuswamy
2022-04-20 23:18 ` Kai Huang
2022-04-20 23:45 ` Sathyanarayanan Kuppuswamy
2022-04-21 0:11 ` Kai Huang
2022-04-21 2:42 ` Sathyanarayanan Kuppuswamy
2022-04-21 6:57 ` Isaku Yamahata
2022-04-21 10:33 ` Kai Huang
2022-04-21 14:53 ` Sathyanarayanan Kuppuswamy
2022-04-21 16:53 ` Isaku Yamahata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=79119cc04552617ad462d314dcd8bdbec90a1b20.camel@intel.com \
--to=kai.huang@intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mgross@linux.intel.com \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).