Re: Linux guest kernel threat model for Confidential Computing

From: Michael S. Tsirkin
Date: Wed Feb 08 2023 - 08:01:04 EST

Next message: Simon Horman: "Re: [PATCH -next] net: bridge: clean up one inconsistent indenting"
Previous message: John Paul Adrian Glaubitz: "Re: [PATCH V2 3/3] SH: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK"
In reply to: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Theodore Ts'o: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 08, 2023 at 10:44:25AM +0000, Reshetova, Elena wrote:
> Because for the
> drivers that CoCo guest happens to need, there is no way to fix this problem by
> either of these mechanisms (we cannot disable the code that we need), unless somebody
> writes a totally new set of coco specific drivers (who needs another set of
> CoCo specific virtio drivers in the kernel?).

I think it's more about pci and all that jazz, no?
As a virtio maintainer I applied patches adding validation and intend to
do so in the future simply because for virtio specifically people
build all kind of weird setups out of software and so validating
everything is a good idea.

--
MST

Next message: Simon Horman: "Re: [PATCH -next] net: bridge: clean up one inconsistent indenting"
Previous message: John Paul Adrian Glaubitz: "Re: [PATCH V2 3/3] SH: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK"
In reply to: Dr. David Alan Gilbert: "Re: Linux guest kernel threat model for Confidential Computing"
Next in thread: Theodore Ts'o: "Re: Linux guest kernel threat model for Confidential Computing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]