Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Feb 2023 11:24:51 +0800
From: Jason Wang <>
To: "Michael S. Tsirkin" <>,
 Christophe de Dinechin Dupont de Dinechin <>
Cc: Christophe de Dinechin <>,
 James Bottomley <>,
 "Reshetova, Elena" <>,
 Leon Romanovsky <>,
 Greg Kroah-Hartman <>,
 "Shishkin, Alexander" <>,
 "Shutemov, Kirill" <>,
 "Kuppuswamy, Sathyanarayanan" <>,
 "Kleen, Andi" <>, "Hansen, Dave"
 <>, Thomas Gleixner <>,
 Peter Zijlstra <>, "Wunner, Lukas"
 <>, Mika Westerberg <>,
 "Poimboe, Josh" <>,
 "" <>, Cfir Cohen <>,
 Marc Orr <>, ""
 <>, "" <>,
 "" <>,
 James Morris <>, Michael Kelley <>,
 "Lange, Jon" <>,
 "" <>,
 Linux Kernel Mailing List <>,
 Kernel Hardening <>
Subject: Re: Linux guest kernel threat model for Confidential Computing

在 2023/2/1 19:01, Michael S. Tsirkin 写道:
> On Wed, Feb 01, 2023 at 11:52:27AM +0100, Christophe de Dinechin Dupont de Dinechin wrote:
>>> On 31 Jan 2023, at 18:39, Michael S. Tsirkin <> wrote:
>>> On Tue, Jan 31, 2023 at 04:14:29PM +0100, Christophe de Dinechin wrote:
>>>> Finally, security considerations that apply irrespective of whether the
>>>> platform is confidential or not are also outside of the scope of this
>>>> document. This includes topics ranging from timing attacks to social
>>>> engineering.
>>> Why are timing attacks by hypervisor on the guest out of scope?
>> Good point.
>> I was thinking that mitigation against timing attacks is the same
>> irrespective of the source of the attack. However, because the HV
>> controls CPU time allocation, there are presumably attacks that
>> are made much easier through the HV. Those should be listed.
> Not just that, also because it can and does emulate some devices.
> For example, are disk encryption systems protected against timing of
> disk accesses?
> This is why some people keep saying "forget about emulated devices, require
> passthrough, include devices in the trust zone".

One problem is that the device could be yet another emulated one that is 
running in the SmartNIC/DPU itself.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.