From: James Bottomley <jejb@linux.ibm.com>
To: "Reshetova, Elena" <elena.reshetova@intel.com>, "Christopherson, ,
Sean" <seanjc@google.com>
Cc: Carlos Bilbao <carlos.bilbao@amd.com>,
"corbet@lwn.net" <corbet@lwn.net>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"ardb@kernel.org" <ardb@kernel.org>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"dovmurik@linux.ibm.com" <dovmurik@linux.ibm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"Dhaval.Giani@amd.com" <Dhaval.Giani@amd.com>,
"michael.day@amd.com" <michael.day@amd.com>,
"pavankumar.paluri@amd.com" <pavankumar.paluri@amd.com>,
"David.Kaplan@amd.com" <David.Kaplan@amd.com>,
"Reshma.Lal@amd.com" <Reshma.Lal@amd.com>,
"Jeremy.Powell@amd.com" <Jeremy.Powell@amd.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"alexander.shishkin@linux.intel.com"
<alexander.shishkin@linux.intel.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"dgilbert@redhat.com" <dgilbert@redhat.com>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"dinechin@redhat.com" <dinechin@redhat.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"berrange@redhat.com" <berrange@redhat.com>,
"mst@redhat.com" <mst@redhat.com>,
"tytso@mit.edu" <tytso@mit.edu>,
"jikos@kernel.org" <jikos@kernel.org>,
"joro@8bytes.org" <joro@8bytes.org>,
"leon@kernel.org" <leon@kernel.org>,
"richard.weinberger@gmail.com" <richard.weinberger@gmail.com>,
"lukas@wunner.de" <lukas@wunner.de>,
"cdupontd@redhat.com" <cdupontd@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"sameo@rivosinc.com" <sameo@rivosinc.com>,
"bp@alien8.de" <bp@alien8.de>,
"security@kernel.org" <security@kernel.org>,
Andrew Bresticker <abrestic@rivosinc.com>,
Rajnesh Kanwal <rkanwal@rivosinc.com>,
Dylan Reid <dylan@rivosinc.com>, Ravi Sahita <ravi@rivosinc.com>
Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model
Date: Thu, 27 Apr 2023 09:18:08 -0400 [thread overview]
Message-ID: <efda0be02fb0b5bf23aec11b5398d20908a821ba.camel@linux.ibm.com> (raw)
In-Reply-To: <DM8PR11MB57509EBCB1E2146C1768A6EEE76A9@DM8PR11MB5750.namprd11.prod.outlook.com>
On Thu, 2023-04-27 at 12:43 +0000, Reshetova, Elena wrote:
>
> > On Wed, Apr 26, 2023, James Bottomley wrote:
> > > On Wed, 2023-04-26 at 13:32 +0000, Reshetova, Elena wrote:
[...]
> > > > the practical deployment can differ of course. We can rephrase
> > > > that it "allows to exclude all the CSP's infrastructure and SW
> > > > out of tenant's TCB."
> > >
> > > That's getting even more inaccurate. To run in a Cloud with
> > > CoCo you usually have to insert some provided code, like OVMF
> > > and, for AMD, the SVSM. These are often customized by the CSP to
> > > suit the cloud infrastructure, so you're running their code. The
> > > goal, I think, is to make sure you only run code you trust (some
> > > of which may come from the CSP) in your TCB, which is very
> > > different from the statement above.
> >
> > Yes. And taking things a step further, if we were to ask security
> > concious users what they would choose to have in their TCB: (a)
> > closed-source firmware written by a hardware vendor, or (b) open-
> > source software that is provided by CSPs, I am betting the
> > overwhelming majority would choose (b).
>
> As I already replied in my earlier message from yesterday, yes, this
> is the choice that anyone has and it is free to make this choice. No
> questions asked. (Btw, please note that the above statement is not
> 100% accurate since the source code for intel TDX module is at least
> public). However, if as you said the majority choose (b), why do they
> need to enable the Confidential cloud computing technologies like TDX
> or SEV-SNP? If they choose (b), then the whole threat model described
> in this document do not simply apply to them and they can forget
> about anything that we try to describe here.
I think the problem is that the tenor of the document is that the CSP
should be seen as the enemy of the tenant. Whereas all CSP's want to be
seen as the partner of the tenant (admittedly so they can upsell
services). In particular, even if you adopt (b) there are several
reasons why you'd use confidential computing:
1. Protection from other tenants who break containment in the cloud.
These tenants could exfiltrate data from Non-CoCo VMs, but likely
would be detected before they had time to launch an attack using
vulnerabilities in the current linux device drivers.
2. Legal data security. There's a lot of value in a CSP being able
to make the legal statement that it does not have access to a
customer data because of CoCo.
3. Insider threats (bribe a CSP admin employee). This one might get
as far as trying to launch an attack on a CoCo VM, but having
checks at the CSP to detect and defeat this would work instead of
every insider threat having to be defeated inside the VM.
In all of those cases (which are not exhaustive) you can regard the CSP
as a partner of the tenant when it comes to preventing and detecting
threats to the CoCo VM, so extreme device driver hardening becomes far
less relevant to these fairly considerable use cases.
> Now from the pure security point of view the choice between (a) and
> (b) is not so easily done imo. Usually we take into account many
> factors that affect the risk/chances that certain piece of SW has a
> higher risk of having vulnerabilities. This includes the size of the
> codebase, its complexity, its attack surface exposure towards
> external interfaces, level of testing, whenever the code is public,
> code dependency chains, etc. Smaller codebase with no dependencies
> and small set of exposed interfaces is usually easier to review from
> security point of view given that the code is public.
This reads like an argument that, from a security point of view,
smaller proprietary code is better than larger, open source, code. I
really don't think we want to open this can of worms. Most industry
players have already bought the idea that open source improves security
because even if you can't rely on the community entirely, you can take
the code to a third party for analysis.
James
next prev parent reply other threads:[~2023-04-27 13:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 14:18 [PATCH] docs: security: Confidential computing intro and threat model Carlos Bilbao
2023-03-29 10:40 ` Greg KH
2023-03-30 17:32 ` Carlos Bilbao
2023-04-22 3:17 ` Bagas Sanjaya
2023-04-21 21:09 ` Kaplan, David
2023-04-25 13:43 ` Carlos Bilbao
2023-04-25 15:02 ` Sean Christopherson
2023-04-26 13:32 ` Reshetova, Elena
2023-04-26 15:08 ` Carlos Bilbao
2023-04-26 15:51 ` Sean Christopherson
2023-04-26 19:21 ` Carlos Bilbao
2023-04-26 19:53 ` Sean Christopherson
2023-04-26 20:15 ` Carlos Bilbao
2023-04-26 21:33 ` Sean Christopherson
2023-04-26 22:27 ` Carlos Bilbao
2023-04-27 12:29 ` Reshetova, Elena
2023-04-27 14:16 ` Carlos Bilbao
2023-04-27 15:18 ` Sean Christopherson
2023-04-27 17:59 ` Carlos Bilbao
2023-04-26 20:12 ` Dave Hansen
2023-04-26 15:18 ` James Bottomley
2023-04-26 16:17 ` Sean Christopherson
2023-04-27 12:43 ` Reshetova, Elena
2023-04-27 13:18 ` James Bottomley [this message]
2023-04-27 15:47 ` Reshetova, Elena
2023-04-27 16:16 ` James Bottomley
2023-04-27 16:46 ` Randy Dunlap
2023-04-27 17:19 ` Michael S. Tsirkin
2023-04-27 18:27 ` James Bottomley
2023-04-27 12:56 ` Reshetova, Elena
2023-04-26 15:46 ` Dave Hansen
2023-04-26 16:03 ` Sean Christopherson
2023-04-27 19:06 ` Peter Gonda
2023-04-27 18:47 ` Peter Gonda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efda0be02fb0b5bf23aec11b5398d20908a821ba.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=David.Kaplan@amd.com \
--cc=Dhaval.Giani@amd.com \
--cc=Jeremy.Powell@amd.com \
--cc=Reshma.Lal@amd.com \
--cc=abrestic@rivosinc.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=bp@alien8.de \
--cc=carlos.bilbao@amd.com \
--cc=cdupontd@redhat.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dgilbert@redhat.com \
--cc=dinechin@redhat.com \
--cc=dovmurik@linux.ibm.com \
--cc=dylan@rivosinc.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=jikos@kernel.org \
--cc=joro@8bytes.org \
--cc=kraxel@redhat.com \
--cc=leon@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=michael.day@amd.com \
--cc=mst@redhat.com \
--cc=pavankumar.paluri@amd.com \
--cc=ravi@rivosinc.com \
--cc=richard.weinberger@gmail.com \
--cc=rkanwal@rivosinc.com \
--cc=sameo@rivosinc.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).