On Thu, Jul 11, 2024 at 06:01:00PM +0100, Jonathan Cameron wrote: > Control plane for the nasty stuff should all be in control > of one entity in the system - termed a fabric manager. > > > > > Sounds sketchy to me :) > > Yes. The model is with the intent that this is only exposed by > hardware to a BMC / Fabric Manager - so security is by wiring. If you rely on physical seperation then I'd say that the Linux who gets access to that physical HW should have rights to operate it, even from userspace. You may say only root/user/label should have those special rights, but it is kind of baked into the model that the special physical connection lets you harm other nodes too. It is important to think what things should be in fwctl, if I were to take a similar situation for IB, the fabric manager plugs into /dev/infiniband/umad* and that is the special interface for exchanging packets between nodes to do fabric management. But IB has a well defined container for fabric management and it is easy to steer things into proper places. Jason