Re: Linux guest kernel threat model for Confidential Computing

From: Richard Weinberger
Date: Thu Jan 26 2023 - 09:25:13 EST

Next message: syzbot: "[syzbot] [f2fs?] UBSAN: shift-out-of-bounds in f2fs_fill_super (2)"
Previous message: Jianhua Lu: "[PATCH v3 1/2] dt-bindings: arm: qcom: Add Xiaomi Mi Pad 5 Pro (xiaomi-elish)"
In reply to: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 25, 2023 at 3:22 PM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
> Any virtual device exposed to the guest that can transfer potentially
> sensitive data needs to have some form of guest controlled encryption
> applied. For disks this is easy with FDE like LUKS, for NICs this is
> already best practice for services by using TLS. Other devices may not
> have good existing options for applying encryption.

I disagree wrt. LUKS. The cryptography behind LUKS protects persistent data
but not transport. If an attacker can observe all IO you better
consult a cryptographer.
LUKS has no concept of session keys or such, so the same disk sector will
always get encrypted with the very same key/iv.

--
Thanks,
//richard

Next message: syzbot: "[syzbot] [f2fs?] UBSAN: shift-out-of-bounds in f2fs_fill_super (2)"
Previous message: Jianhua Lu: "[PATCH v3 1/2] dt-bindings: arm: qcom: Add Xiaomi Mi Pad 5 Pro (xiaomi-elish)"
In reply to: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]