Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
From: Jason Gunthorpe <jgg@xxxxxxxxxx>
Date: Mon, 15 Jul 2024 21:11:42 -0300
Cc: Dan Williams <dan.j.williams@xxxxxxxxx>, Kees Cook <kees@xxxxxxxxxx>, Lukas Wunner <lukas@xxxxxxxxx>, Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>, Bjorn Helgaas <helgaas@xxxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, linux-pci@xxxxxxxxxxxxxxx, linux-cxl@xxxxxxxxxxxxxxx, linux-coco@xxxxxxxxxxxxxxx, keyrings@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, linuxarm@xxxxxxxxxx, David Box <david.e.box@xxxxxxxxx>, "Li, Ming" <ming4.li@xxxxxxxxx>, Ilpo Jarvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Wilfred Mallawa <wilfred.mallawa@xxxxxxx>, Alexey Kardashevskiy <aik@xxxxxxx>, Dhaval Giani <dhaval.giani@xxxxxxx>, Gobikrishna Dhanuskodi <gdhanuskodi@xxxxxxxxxx>, Peter Gonda <pgonda@xxxxxxxxxx>, Jerome Glisse <jglisse@xxxxxxxxxx>, Sean Christopherson <seanjc@xxxxxxxxxx>, Alexander Graf <graf@xxxxxxxxxx>, Samuel Ortiz <sameo@xxxxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>
In-reply-to: <5f7fca8b-ab74-4fba-8df8-152ad6f94227@kernel.org>
References: <ZpOPgcXU6eNqEB7M@wunner.de> <202407151005.15C1D4C5E8@keescook> <20240715181252.GU1482543@nvidia.com> <66958850db394_8f74d2942b@dwillia2-xfh.jf.intel.com.notmuch> <20240715220206.GV1482543@nvidia.com> <57791455-5c70-4ede-97d9-d5784eef7abe@kernel.org> <20240715230333.GX1482543@nvidia.com> <f228526a-984f-4754-8ade-3f998a8b436a@kernel.org> <20240715234259.GZ1482543@nvidia.com> <5f7fca8b-ab74-4fba-8df8-152ad6f94227@kernel.org>

On Tue, Jul 16, 2024 at 08:57:14AM +0900, Damien Le Moal wrote:

> Initially, we can certainly treat them like that. But eventually, we
> may need something more as CC VMs access to storage has to be
> trusted too and so will require both HBA and the device to be
> trusted. For the TDISP handling, I am however not sure how that
> should looks like (is it the HBA or the storage device secrets that
> are used, both ?). As I said, I have not spent any time yet thinking
> about that use case.

My guess for CC VM's is you do both.

Follow-Ups:
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Dan Williams

References:
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Lukas Wunner
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Kees Cook
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Jason Gunthorpe
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Dan Williams
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Jason Gunthorpe
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Damien Le Moal
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Jason Gunthorpe
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Damien Le Moal
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Jason Gunthorpe
- Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
  - From: Damien Le Moal

Prev by Date: Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
Next by Date: [no subject]
Previous by thread: Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
Next by thread: Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration
Index(es):
- Date
- Thread

[Index of Archives] [Kernel] [Gnu Classpath] [Gnu Crypto] [DM Crypt] [Netfilter] [Bugtraq]