Re: [PATCH] docs: security: Confidential computing intro and threat model

From: James Bottomley <jejb@linux.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: "Reshetova, Elena" <elena.reshetova@intel.com>, "Christopherson, ,
	Sean" <seanjc@google.com>, Carlos Bilbao <carlos.bilbao@amd.com>,
	"corbet@lwn.net" <corbet@lwn.net>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"ardb@kernel.org" <ardb@kernel.org>,
	"kraxel@redhat.com" <kraxel@redhat.com>,
	"dovmurik@linux.ibm.com" <dovmurik@linux.ibm.com>,
	"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
	"Dhaval.Giani@amd.com" <Dhaval.Giani@amd.com>,
	"michael.day@amd.com" <michael.day@amd.com>,
	"pavankumar.paluri@amd.com" <pavankumar.paluri@amd.com>,
	"David.Kaplan@amd.com" <David.Kaplan@amd.com>,
	"Reshma.Lal@amd.com" <Reshma.Lal@amd.com>,
	"Jeremy.Powell@amd.com" <Jeremy.Powell@amd.com>,
	"sathyanarayanan.kuppuswamy@linux.intel.com" 
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	"alexander.shishkin@linux.intel.com" 
	<alexander.shishkin@linux.intel.com>,
	"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"dgilbert@redhat.com" <dgilbert@redhat.com>,
	"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
	"dinechin@redhat.com" <dinechin@redhat.com>,
	"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
	"berrange@redhat.com" <berrange@redhat.com>,
	"tytso@mit.edu" <tytso@mit.edu>,
	"jikos@kernel.org" <jikos@kernel.org>,
	"joro@8bytes.org" <joro@8bytes.org>,
	"leon@kernel.org" <leon@kernel.org>,
	"richard.weinberger@gmail.com" <richard.weinberger@gmail.com>,
	"lukas@wunner.de" <lukas@wunner.de>,
	"cdupontd@redhat.com" <cdupontd@redhat.com>,
	"jasowang@redhat.com" <jasowang@redhat.com>,
	"sameo@rivosinc.com" <sameo@rivosinc.com>,
	"bp@alien8.de" <bp@alien8.de>,
	"security@kernel.org" <security@kernel.org>,
	Andrew Bresticker <abrestic@rivosinc.com>,
	Rajnesh Kanwal <rkanwal@rivosinc.com>,
	Dylan Reid <dylan@rivosinc.com>, Ravi Sahita <ravi@rivosinc.com>
Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model
Date: Thu, 27 Apr 2023 14:27:41 -0400	[thread overview]
Message-ID: <a8379b813d5c5118420c3b7a7e0de69d0166d033.camel@linux.ibm.com> (raw)
In-Reply-To: <20230427131542-mutt-send-email-mst@kernel.org>

On Thu, 2023-04-27 at 13:19 -0400, Michael S. Tsirkin wrote:
> On Thu, Apr 27, 2023 at 09:18:08AM -0400, James Bottomley wrote:
> > I think the problem is that the tenor of the document is that the
> > CSP should be seen as the enemy of the tenant. Whereas all CSP's
> > want to be seen as the partner of the tenant (admittedly so they
> > can upsell services). In particular, even if you adopt (b) there
> > are several reasons why you'd use confidential computing:
> > 
> >    1. Protection from other tenants who break containment in the
> > cloud. These tenants could exfiltrate data from Non-CoCo VMs, but
> > likely would be detected before they had time to launch an attack
> > using vulnerabilities in the current linux device drivers.
> >    2. Legal data security.  There's a lot of value in a CSP being
> > able to make the legal statement that it does not have access to a
> > customer data because of CoCo.
> >    3. Insider threats (bribe a CSP admin employee).  This one might
> > get as far as trying to launch an attack on a CoCo VM, but having 
> > checks at the CSP to detect and defeat this would work instead of
> > every insider threat having to be defeated inside the VM.
> 
> And generally, all these are instances of adopting a zero trust
> architecture, right? Many CSPs have no need to access VM memory
> so they would rather not have the ability.

Yes, and no: Zero trust is more an architectural end point statement. 
I was aiming for minimizing trust contact points.  In the limit they're
definitely the same thing, but there's still lots of security value to
minimizing trust even before you get to zero.

James