Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug

From: Kai Huang
Date: Wed Aug 03 2022 - 05:20:47 EST

Next message: Zhen Ni: "[PATCH 2/2] drm/amd/pm: Fix a potential gpu_metrics_table memory leak"
Previous message: Zhen Ni: "[PATCH 1/2] drm/amd/pm: Fix a potential gpu_metrics_table memory leak"
In reply to: Binbin Wu: "Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug"
Next in thread: Binbin Wu: "Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2022-08-03 at 11:40 +0800, Binbin Wu wrote:
> host kernel is also not in TDX's TCB either, what would happen if kernel
> doesn't
> do anything in case of buggy BIOS? How does TDX handle the case to
> enforce the
> secure of TDs?

TDX doesn't support hot-add or hot-removal CPU from TDX' security perimeter at
runtime. Even BIOS/kernel can ever bring up new CPUs at runtime, the new CPUs
cannot run within TDX's security domain, in which case TDX's security isn't
compromised. If kernel schedules a TD to a new added CPU, then AFAICT the
behaviour is TDX module implementation specific but not architectural. A
reasonable behaviour would be the TDENTER should refuse to run when the CPU
isn't verified by TDX during boot.

If any CPU is hot-removed, then the security's TDX isn't compromised, but TDX is
not guaranteed to functionally work anymore.

--
Thanks,
-Kai

Next message: Zhen Ni: "[PATCH 2/2] drm/amd/pm: Fix a potential gpu_metrics_table memory leak"
Previous message: Zhen Ni: "[PATCH 1/2] drm/amd/pm: Fix a potential gpu_metrics_table memory leak"
In reply to: Binbin Wu: "Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug"
Next in thread: Binbin Wu: "Re: [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]