在 2023/2/1 19:01, Michael S. Tsirkin 写道:
On Wed, Feb 01, 2023 at 11:52:27AM +0100, Christophe de Dinechin Dupont de Dinechin wrote:
On 31 Jan 2023, at 18:39, Michael S. Tsirkin <mst@xxxxxxxxxx> wrote:
On Tue, Jan 31, 2023 at 04:14:29PM +0100, Christophe de Dinechin wrote:
Finally, security considerations that apply irrespective of whether the
platform is confidential or not are also outside of the scope of this
document. This includes topics ranging from timing attacks to social
engineering.
Why are timing attacks by hypervisor on the guest out of scope?
Good point.
I was thinking that mitigation against timing attacks is the same
irrespective of the source of the attack. However, because the HV
controls CPU time allocation, there are presumably attacks that
are made much easier through the HV. Those should be listed.
Not just that, also because it can and does emulate some devices.
For example, are disk encryption systems protected against timing of
disk accesses?
This is why some people keep saying "forget about emulated devices, require
passthrough, include devices in the trust zone".
One problem is that the device could be yet another emulated one that is
running in the SmartNIC/DPU itself.
Thanks
