Re: Linux guest kernel threat model for Confidential Computing

From: Michael S. Tsirkin
Date: Wed Jan 25 2023 - 12:49:06 EST

Next message: Dionna Amalie Glaze: "Re: [PATCH v13 1/4] virt/coco/sev-guest: Add throttling awareness"
Previous message: Li, Xin3: "RE: [RFC PATCH v5 0/2] sysret_rip update for the Intel FRED architecture"
In reply to: Kirill A. Shutemov: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 25, 2023 at 07:02:03PM +0300, Kirill A. Shutemov wrote:
> On Wed, Jan 25, 2023 at 10:45:48AM -0500, Michael S. Tsirkin wrote:
> > On Wed, Jan 25, 2023 at 04:16:02PM +0100, Greg Kroah-Hartman wrote:
> > > Everyone wants a subset, different from other's subset, which means you
> > > need them all. Sorry.
> >
> > Well if there's a very popular system (virtual in this case) that needs
> > a specific config to work well, then I guess
> > arch/x86/configs/ccguest.config or whatever might be acceptable, no?
> > Lots of precedent here.
>
> OS vendors want the single kernel that fits all sizes: it should be
> possible (and secure) to run a generic disto kernel within TDX/SEV guest.

If they want that, sure. But it then becomes this distro's
responsibility to configure things in a sane way. At least if
there's a known good config that's a place to document what
is known to work well. No?

--
MST

Next message: Dionna Amalie Glaze: "Re: [PATCH v13 1/4] virt/coco/sev-guest: Add throttling awareness"
Previous message: Li, Xin3: "RE: [RFC PATCH v5 0/2] sysret_rip update for the Intel FRED architecture"
In reply to: Kirill A. Shutemov: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]