Re: Linux guest kernel threat model for Confidential Computing

From: Kirill A. Shutemov
Date: Wed Jan 25 2023 - 11:02:13 EST

Next message: Liam Merwick: "Re: [PATCH v10 0/9] KVM: mm: fd-based approach for supporting KVM"
Previous message: Alexei Starovoitov: "Re: [PATCH bpf-next v3 2/7] bpf: Enable cpumasks to be queried and used as kptrs"
In reply to: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 25, 2023 at 10:45:48AM -0500, Michael S. Tsirkin wrote:
> On Wed, Jan 25, 2023 at 04:16:02PM +0100, Greg Kroah-Hartman wrote:
> > Everyone wants a subset, different from other's subset, which means you
> > need them all. Sorry.
>
> Well if there's a very popular system (virtual in this case) that needs
> a specific config to work well, then I guess
> arch/x86/configs/ccguest.config or whatever might be acceptable, no?
> Lots of precedent here.

OS vendors want the single kernel that fits all sizes: it should be
possible (and secure) to run a generic disto kernel within TDX/SEV guest.

--
Kiryl Shutsemau / Kirill A. Shutemov

Next message: Liam Merwick: "Re: [PATCH v10 0/9] KVM: mm: fd-based approach for supporting KVM"
Previous message: Alexei Starovoitov: "Re: [PATCH bpf-next v3 2/7] bpf: Enable cpumasks to be queried and used as kptrs"
In reply to: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Michael S. Tsirkin: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]