Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/19/22 15:21, Kai Huang wrote:
> On Tue, 2022-04-19 at 07:13 -0700, Dave Hansen wrote:
>> On 4/19/22 00:47, Kai Huang wrote:
>>>> From security's perspective, attestation is an essential part of TDX.  That
>>> being said, w/o attestation support in TD guest, I guess nobody will seriously
>>> use TD guest.
>> Are you saying you can't think of a single threat model where there's a
>> benefit to running a TDX guest without attestation?  Will TDX only be
>> used in environments where secrets are provisioned to guests on the
>> basis of attestation?
>>
> I don't think anyone should provision secret to a TD before it get attested that
> it is a genuine TD that he/she expected.  If someone does that, he/she takes the
> risk of losing the secret.  Of course if someone just want to try a TD then w/o
> attestation is totally fine.

Yeah, but you said:

	w/o attestation support in TD guest, I guess nobody will
	seriously use TD guest.

I'm trying to get to the bottom of that.  That's a much more broad
statement than something about when it's safe to deploy secrets.

There are lots of secrets deployed in (serious) VMs today.  There are
lots of secrets deployed in (serious) SEV VMs that don't have
attestation.  Yet, the world somehow hasn't come crashing down.

I think it's crazy to say that nobody will deploy secrets to TDX VMs
without attestation.  I think it's a step father into crazy land to say
that no one will "seriously" use TDX guests without attestation.

Let's be honest about this and not live in some fantasy world, please.



[Index of Archives]     [Linux Kernel Development]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux