KVM Forum: Trusted I/O BoF summary

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry for the delay on getting this out, it's been a crazy couple of weeks since KVM Forum. Here's my summary of the discussion had at the KVM Forum Trusted I/O BoF.

Some initial discussion of why Trusted I/O is really needed:

  - Secure end-to-end path between the CVM and the device
  - Performance advantage to avoid bounce buffering through shared memory
  - Attestation of device

The discussion turned to the device model and was more guest focused:

  - Where should the support to transition the TDI live?
    - PCI subsystem?
    - Device driver?
    - Other (such as in an SVSM)?

  - TDI readiness
    - Use an SVSM to take TDI to run state and hand to the OS
    - Firmware or kernel takes device to run state
    - Hot-plug like
      - Leave unlocked until guest requests to make device secure

  - Attestation
    - Generic or device specific?
      - Is it a device specific policy?
      - How to account for firmware revisions
      - Should we just care about the measurement?

    - Don't do any attestation
      - Use SYSFS to present an interface to "activate" secure device
      - Until activation, OS enforces DMA to shared memory
      - Remote attestation can be performed to decide activation

  - DMA security
    - Can MMIO be locked but still not make DMA secure to allow the device
      to be used similar to today
      - Allow DMA, but only allow to shared memory (software enforced)
      - Start in "OS non-secure" and move to "OS secure"
        - vIOMMU prevents access to the whole address space
        - Device driver work to transition DMA buffers
        - Can this state be detected?
          - What if OVMF has transitioned the device to secure
      - Firmware, e.g. OVMF, would need to do the same

      - The device should always be available for use
        - Device does not need to be attested to be used
        - Attestation could be done later to then move the device to
          "OS secure"

It was hard to hear at times during the discussion. Thanks to Christophe de Dinechin for recording the session and getting a copy of it to me.

Hopefully I didn't miss too much.

Thanks,
Tom



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux