Re: [PATCH] docs: security: Confidential computing intro and threat model

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: jejb@xxxxxxxxxxxxx, "Reshetova, Elena" <elena.reshetova@xxxxxxxxx>, "Christopherson, , Sean" <seanjc@xxxxxxxxxx>
Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model
From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Date: Thu, 27 Apr 2023 09:46:31 -0700
Cc: Carlos Bilbao <carlos.bilbao@xxxxxxx>, "corbet@xxxxxxx" <corbet@xxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "ardb@xxxxxxxxxx" <ardb@xxxxxxxxxx>, "kraxel@xxxxxxxxxx" <kraxel@xxxxxxxxxx>, "dovmurik@xxxxxxxxxxxxx" <dovmurik@xxxxxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "Dhaval.Giani@xxxxxxx" <Dhaval.Giani@xxxxxxx>, "michael.day@xxxxxxx" <michael.day@xxxxxxx>, "pavankumar.paluri@xxxxxxx" <pavankumar.paluri@xxxxxxx>, "David.Kaplan@xxxxxxx" <David.Kaplan@xxxxxxx>, "Reshma.Lal@xxxxxxx" <Reshma.Lal@xxxxxxx>, "Jeremy.Powell@xxxxxxx" <Jeremy.Powell@xxxxxxx>, "sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx" <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, "alexander.shishkin@xxxxxxxxxxxxxxx" <alexander.shishkin@xxxxxxxxxxxxxxx>, "thomas.lendacky@xxxxxxx" <thomas.lendacky@xxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "dgilbert@xxxxxxxxxx" <dgilbert@xxxxxxxxxx>, "gregkh@xxxxxxxxxxxxxxxxxxx" <gregkh@xxxxxxxxxxxxxxxxxxx>, "dinechin@xxxxxxxxxx" <dinechin@xxxxxxxxxx>, "linux-coco@xxxxxxxxxxxxxxx" <linux-coco@xxxxxxxxxxxxxxx>, "berrange@xxxxxxxxxx" <berrange@xxxxxxxxxx>, "mst@xxxxxxxxxx" <mst@xxxxxxxxxx>, "tytso@xxxxxxx" <tytso@xxxxxxx>, "jikos@xxxxxxxxxx" <jikos@xxxxxxxxxx>, "joro@xxxxxxxxxx" <joro@xxxxxxxxxx>, "leon@xxxxxxxxxx" <leon@xxxxxxxxxx>, "richard.weinberger@xxxxxxxxx" <richard.weinberger@xxxxxxxxx>, "lukas@xxxxxxxxx" <lukas@xxxxxxxxx>, "cdupontd@xxxxxxxxxx" <cdupontd@xxxxxxxxxx>, "jasowang@xxxxxxxxxx" <jasowang@xxxxxxxxxx>, "sameo@xxxxxxxxxxxx" <sameo@xxxxxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "security@xxxxxxxxxx" <security@xxxxxxxxxx>, Andrew Bresticker <abrestic@xxxxxxxxxxxx>, Rajnesh Kanwal <rkanwal@xxxxxxxxxxxx>, Dylan Reid <dylan@xxxxxxxxxxxx>, Ravi Sahita <ravi@xxxxxxxxxxxx>
In-reply-to: <8f212b0dfa9eb00ccc7acc5bf1483c9615277590.camel@linux.ibm.com>
References: <20230327141816.2648615-1-carlos.bilbao@amd.com> <ZEfrjtgGgm1lpadq@google.com> <DM8PR11MB575046B6DAA17B41FFED8080E7659@DM8PR11MB5750.namprd11.prod.outlook.com> <7502e1af0615c08167076ff452fc69ebf316c730.camel@linux.ibm.com> <ZElOfzn37kmesy7e@google.com> <DM8PR11MB57509EBCB1E2146C1768A6EEE76A9@DM8PR11MB5750.namprd11.prod.outlook.com> <efda0be02fb0b5bf23aec11b5398d20908a821ba.camel@linux.ibm.com> <DM8PR11MB57502E1C09CDE4842B7F9B30E76A9@DM8PR11MB5750.namprd11.prod.outlook.com> <8f212b0dfa9eb00ccc7acc5bf1483c9615277590.camel@linux.ibm.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0


On 4/27/23 09:16, James Bottomley wrote:
> Public but not open source is still a problem.  The federal government
> has walked into several cloud accounts demanding a source code security
> review, which means the code was made public to them but not generally.

Apparently we have different definitions of "public".
I don't call that public.

> Without all customers or some third party being able to build the code
> and verify it (or ideally supply it ... think something like Red Hat
> built the OVMF code this cloud is using and you can prove it using
> their build signatures) how do you know the source you're given
> corresponds to the binary the signature verifies.


-- 
~Randy

References:
- [PATCH] docs: security: Confidential computing intro and threat model
  - From: Carlos Bilbao
- Re: [PATCH] docs: security: Confidential computing intro and threat model
  - From: Sean Christopherson
- RE: [PATCH] docs: security: Confidential computing intro and threat model
  - From: Reshetova, Elena
- Re: [PATCH] docs: security: Confidential computing intro and threat model
  - From: James Bottomley
- Re: [PATCH] docs: security: Confidential computing intro and threat model
  - From: Sean Christopherson
- RE: [PATCH] docs: security: Confidential computing intro and threat model
  - From: Reshetova, Elena
- Re: [PATCH] docs: security: Confidential computing intro and threat model
  - From: James Bottomley
- RE: [PATCH] docs: security: Confidential computing intro and threat model
  - From: Reshetova, Elena
- Re: [PATCH] docs: security: Confidential computing intro and threat model
  - From: James Bottomley

Prev by Date: Re: [PATCH] docs: security: Confidential computing intro and threat model
Next by Date: Re: [PATCH v3 1/2] dt-bindings: hwmon: add MAX31827
Previous by thread: Re: [PATCH] docs: security: Confidential computing intro and threat model
Next by thread: Re: [PATCH] docs: security: Confidential computing intro and threat model
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]