On Thu, Sep 30, 2021 at 11:35:09AM -0400, Alan Stern wrote: > On Thu, Sep 30, 2021 at 10:58:07AM -0400, Michael S. Tsirkin wrote: > > On Thu, Sep 30, 2021 at 10:43:05AM -0400, Alan Stern wrote: > > > I don't see any point in talking about "untrusted drivers". If a > > > driver isn't trusted then it doesn't belong in your kernel. Period. > > > When you load a driver into your kernel, you are implicitly trusting > > > it (aside from limitations imposed by security modules). > > > > Trusting it to do what? Historically a ton of drivers did not > > validate input from devices they drive. Most still don't. > > Trusting it to behave properly (i.e., not destroy your system, among > other things). I don't think the current mitigations under discussion here are about keeping the system working. In fact most encrypted VM configs tend to stop booting as a preferred way to handle security issues. > The fact that many drivers haven't been trustworthy is beside the > point. By loading them into your kernel, you are trusting them > regardless. In the end, you may regret having done so. :-( > > Alan Stern -- MST