Re: [RFC] Randomness on confidential computing platforms

From: Nikolay Borisov
Date: Fri Jan 26 2024 - 09:47:04 EST

Next message: Amir Goldstein: "Re: [RFC v2 4/4] fs: Optimize credentials reference count for backing file ops"
Previous message: Amir Goldstein: "Re: [RFC v2 1/4] cleanup: Fix discarded const warning when defining guards"
In reply to: Kirill A. Shutemov: "[RFC] Randomness on confidential computing platforms"
Next in thread: Reshetova, Elena: "RE: [RFC] Randomness on confidential computing platforms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26.01.24 г. 15:42 ч., Kirill A. Shutemov wrote:

4. Exit to the host/VMM with an error indication after a Confidential
Computing Guest failed to obtain random input from RDRAND/RDSEED
instructions after reasonable number of retries. This option allows
host/VMM to take some correction action for cases when the load on
RDRAND/RDSEED instructions has been put by another actor, i.e. the
other guest VM. The exit to host/VMM in such cases can be made
transparent for the Confidential Computing Guest in the TDX case with
the assistance of the TDX module component.

But is this really a viable solution in the face of malicious VMM? It assumes that if the VMM is signaled that randomness has been exhausted it will try to rectify it, what if such a signal can instead be repurposed for malicious purposes? Could it perhaps be used as some sort of a side channel attack ?

Next message: Amir Goldstein: "Re: [RFC v2 4/4] fs: Optimize credentials reference count for backing file ops"
Previous message: Amir Goldstein: "Re: [RFC v2 1/4] cleanup: Fix discarded const warning when defining guards"
In reply to: Kirill A. Shutemov: "[RFC] Randomness on confidential computing platforms"
Next in thread: Reshetova, Elena: "RE: [RFC] Randomness on confidential computing platforms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]