Re: [PATCH] x86/tdx: Mark TSC reliable
From: Kirill A. Shutemov
Date: Wed Aug 09 2023 - 02:13:58 EST
On Wed, Aug 09, 2023 at 05:44:37AM +0000, Reshetova, Elena wrote:
> >
> > I don't know what the rules here. As far as I can see, all other clock
> > sources relevant for TDX guest have lower rating. I guess we are fine?
>
> What about acpi_pm?
> See this:
> https://github.com/intel/tdx/commit/045692772ab4ef75062a83cc6e4ffa22cab40226
clocksource_acpi_pm.rating is 200 while TSC is 300.
> > There's notable exception to the rating order is kvmclock which is higher
> > than tsc. It has to be disabled, but it is not clear to me how. This topic
> > is related to how we are going to filter allowed devices/drivers, so I
> > would postpone the decision until we settle on wider filtering schema.
>
> One option is to include "no-kvmclock" into kernel command line, which
> is attested. Another option is to try to disable it explicitly, like we had
> in past:
> https://github.com/intel/tdx/commit/6b0357f2115c1bdd158c0c8836f4f541517bf375
>
> The obvious issues with command line is that it is going to 1) grow
> considerably if we try to disable everything we can via command line
> and 2) there is a high chance that in practice people will not use secure default
> and/or forget to verify the correct status of cmd line. But this is to be
> expected I guess for any security method that involves attestation unfortunately.
I guess command line is fine, until we have coherent solution on
filtering.
--
Kiryl Shutsemau / Kirill A. Shutemov