> On 2024-11-04 at 08:33+0000, Elena Reshetova wrote: > > This statement *is* for integrity section. We have a separate TDX guidance > > on side-channels (including speculative) [3] and some speculative attacks > > that affect confidentiality (for example spectre v1) are listed as not covered > > by TDX but remaining SW responsibility (as they are now). > > Thanks for the additional info, Elena. Given that clarification, I > definitely see direct map removal and TDX as complementary. Jus to clarify to make sure my comment is not misunderstood. What I meant is that we cannot generally assume that confidentiality leaks from CoCo guests to host/VMM via speculative channels are completely impossible. Spectre V1 is a prime example of such a possible leak. Dave also elaborated on other potential vectors earlier. The usefulness of direct map removal for CoCo guests as a concrete mitigation for certain types of memory attacks must be precisely evaluated per each attack vector, attack vector direction (host -> guest, guest ->host, etc) and per each countermeasure that CoCo vendors provide for each such case. I don't know if there is any existing study that examines this for major CoCo vendors. I think this is what must be done for this work in order to have a strong reasoning for its usefulness. Best Regards, Elena.
