Re: Linux guest kernel threat model for Confidential Computing

From: Jiri Kosina
Date: Wed Jan 25 2023 - 15:14:23 EST

Next message: Kees Cook: "Re: [PATCH] drm/nouveau/disp: Fix nvif_outp_acquire_dp() argument size"
Previous message: Jonathan Corbet: "Re: [PATCH] docs/sp_SP: Add process magic-number translation"
In reply to: Samuel Ortiz: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 25 Jan 2023, Greg Kroah-Hartman wrote:

> How do you trust you got real data on the disk? On the network? Those
> are coming from the host, how is any of that data to be trusted? Where
> does the trust stop and why?

This is all well described in AMD SEV-SNP documentation, see page 5 of
[1]. All the external devices are treated as untrusted in that model.

[1] https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

--
Jiri Kosina
SUSE Labs

Next message: Kees Cook: "Re: [PATCH] drm/nouveau/disp: Fix nvif_outp_acquire_dp() argument size"
Previous message: Jonathan Corbet: "Re: [PATCH] docs/sp_SP: Add process magic-number translation"
In reply to: Samuel Ortiz: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]