-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDT and page table code causing trouble in Confidential Computing space #417
Comments
Hi, thanks for reaching out!
This is true, but also misleading. It's true that the compiler generated entry-code suffers from those shortcomings, but we don't restrict user to only use compiler generated code. It's perfectly fine to write custom entry-code. In practice this is likely something that a library cannot fully implement for the user as entry-code will likely vary heavily between kernels and by its very nature will have to be implemented by each kernel.
I disagree for the reasons mentioned above.
Sort of, kind of. The page table implementations in this crate are very simple. They don't support any concurrent modification or sharing parts of page tables. I don't think this is something we would want to have in this crate, simply because this would make a lot of choices that we don't necessarily can and want to make for the user. There is no one-size-fits-all solution. I'm not sure what they mean by "problems when support for non-contiguous mappings". We don't have any page table implementations that only map contiguous memory.
Sure, we're always open to hearing new ideas and contributions. My takes on this:
Small side note: I already talked about some of the concerns listed here with the author of the post, though we talked in private at the time, so there is value in discussing it again in public. Cc @joergroedel |
There is a divergence in confidential computing technology for AMD's SEV-SNP system (AMD's original https://github.com/AMDESE/linux-svsm, SUSE's COCONUT https://github.com/coconut-svsm/svsm) due to issues claimed by SUSE engineers that I wanted to bring here to discuss. I'm not an expert in this code base, but I am concerned about a root of trust code system that could underpin most cloud workloads in the future.
From https://lwn.net/ml/linux-coco/[email protected]/
(Emphasis mine)
Technical reasons here
RMPADJUST is a new x86-64 instruction for SEV-SNP that allows changing the virtual memory privilege level (VMPL) of a page. SEV-SNP introduced a new dimension of privilege on memory to allow "supervisor code" to run within a confidential context in a way that the rest of the guest code can't tamper with it. This is very important for implementing technologies like virtual TPMs to provided measured boot integrity with strong security guarantees, such as a Cloud Service Provider can't spoof a measured boot attestation and have a guest run a compromised image.
Is this a big problem to change?
I'd be interested to dive in and start contributing if there isn't anything controversial about supporting the kinds of things SUSE needs for their diverging system to fold back into AMD's. I'm hopeful that we can come together for one solid supervisor module.
The text was updated successfully, but these errors were encountered: