Re: Linux guest kernel threat model for Confidential Computing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




在 2023/2/1 19:01, Michael S. Tsirkin 写道:
On Wed, Feb 01, 2023 at 11:52:27AM +0100, Christophe de Dinechin Dupont de Dinechin wrote:

On 31 Jan 2023, at 18:39, Michael S. Tsirkin <mst@xxxxxxxxxx> wrote:

On Tue, Jan 31, 2023 at 04:14:29PM +0100, Christophe de Dinechin wrote:
Finally, security considerations that apply irrespective of whether the
platform is confidential or not are also outside of the scope of this
document. This includes topics ranging from timing attacks to social
engineering.
Why are timing attacks by hypervisor on the guest out of scope?
Good point.

I was thinking that mitigation against timing attacks is the same
irrespective of the source of the attack. However, because the HV
controls CPU time allocation, there are presumably attacks that
are made much easier through the HV. Those should be listed.
Not just that, also because it can and does emulate some devices.
For example, are disk encryption systems protected against timing of
disk accesses?
This is why some people keep saying "forget about emulated devices, require
passthrough, include devices in the trust zone".


One problem is that the device could be yet another emulated one that is running in the SmartNIC/DPU itself.

Thanks





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux