Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS

From: Joerg Roedel
Date: Wed Mar 12 2025 - 07:44:36 EST

Next message: Markus Elfring: "Re: [v4] dma-engine: sun4i: Use devm functions in probe()"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 01/10] dt-bindings: display: msm-dsi-phy-7nm: document the SA8775P DSI PHY"
In reply to: Kirill A. Shutemov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
Next in thread: Alexey Gladkov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 12, 2025 at 12:59:50PM +0200, Kirill A. Shutemov wrote:
> I am not sure I understand your point.
>
> In TDX case it is as trusted as the kernel itself. If the system is
> attested, this info is going to accurate too as kernel gets information
> from trusted TDX module.
>
> But nobody suggested to use this information to judge the security of the
> system.

Version information about the TDX module is required for the security
evaluation at the verifier. The question is whether it makes sense to
expose this information in an untrusted way in the guest (even alongside
a trusted way), or if that makes tooling prefer the untrusted source
because it is easier.

The guest kernel is also only trusted after (runtime) verification.

Regards,

Joerg

Next message: Markus Elfring: "Re: [v4] dma-engine: sun4i: Use devm functions in probe()"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 01/10] dt-bindings: display: msm-dsi-phy-7nm: document the SA8775P DSI PHY"
In reply to: Kirill A. Shutemov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
Next in thread: Alexey Gladkov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]