Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 15, 2024 at 10:21:48AM -0700, Kees Cook wrote:

> Anyway, following the threat model, it doesn't seem like half measures
> make any sense. If the threat model is "we cannot trust bus members" and
> authentication is being used to establish trust, then anything else must
> be explicitly excluded. If this can only be done via the described
> firewalling, then that really does seem to be the right choice.

There is supposed to be a state machine here, devices start up at VM
time 0 unable to DMA to secure guest memory under any conditions. This
property must be enforced by the trusted platform.

Further the trusted plaform is supposed to prevent "replacement"
attacks, so once the VM says it trusts a device it cannot be replaced
with something else.
 
When the guest decides it would like the device to reach secure memory
the trusted platform is part of making that happen.


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux