Re: Linux guest kernel threat model for Confidential Computing
From: Jiri Kosina
Date: Wed Jan 25 2023 - 13:48:35 EST
On Wed, 25 Jan 2023, Greg Kroah-Hartman wrote:
> Argument that it doesn't work? I thought that ship sailed a long time
> ago but I could be wrong as I don't really pay attention to that stuff
> as it's just vaporware :)
Greg, are you sure you are talking about *SEV-SNP* here? (*)
That ship hasn't sailed as far as I can tell, it's being actively worked
on.
With SEV-SNP launch attestation, FDE, and runtime remote attestation (**)
one thing that you get is a way how to ensure that the guest image that
you have booted in a (public) cloud hasn't been tampered with, even if you
have zero trust in the cloud provider and their hypervisor.
And that without the issues and side-channels previous SEV and SEV-ES had.
Which to me is a rather valid usecase in today's world, rather than
vaporware.
(*) and corresponding Intel-TDX support counterpart, once it exists
(**) which is not necessarily a kernel work of course, but rather
userspace integration work, e.g. based on Keylime
--
Jiri Kosina
SUSE Labs