Re: Linux guest kernel threat model for Confidential Computing

From: Michael S. Tsirkin
Date: Wed Feb 08 2023 - 04:32:42 EST

Next message: ye.xingchen: "[PATCH] mfd: atmel-flexcom: use devm_platform_get_and_ioremap_resource()"
Previous message: Ilpo Järvinen: "[PATCH 4/4] selftests/resctrl: Check for return value after write_schemata()"
In reply to: Greg Kroah-Hartman: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 07, 2023 at 08:51:56PM -0500, Theodore Ts'o wrote:
> Why not just simply compile a special CoCo kernel that doesn't have
> any drivers that you don't trust.

Or at least, start with that? You can then gradually expand that until
some config is both acceptable to distros and seems sufficiently trusty
to the CoCo project. Lots of kernel features got upstreamed this way.
Requirement to have an arbitrary config satisfy CoCo seems like a very
high bar to clear.

--
MST

Next message: ye.xingchen: "[PATCH] mfd: atmel-flexcom: use devm_platform_get_and_ioremap_resource()"
Previous message: Ilpo Järvinen: "[PATCH 4/4] selftests/resctrl: Check for return value after write_schemata()"
In reply to: Greg Kroah-Hartman: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Reshetova, Elena: "RE: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]