|
|
Subscribe / Log in / New account

The Linux SVSM project

The Linux SVSM project

Posted Feb 2, 2023 15:26 UTC (Thu) by farnz (subscriber, #17727)
In reply to: The Linux SVSM project by jgg
Parent article: The Linux SVSM project

The general concept is that the CPU vendors are saying 'trust us more than your cloud provider' and they promise if you get a measured boot into a VM with an Intel/AMD/ARM signature on the low level hypervisor then their CPU HW will protect the VM from the cloud operator, whoever it is. It puts a lot of burden on the VM side to have a policy for what trust means. eg Do you want to trust an AWS CC instance if the low level hypervisor is also signed by AWS?

Bear in mind as you think about this that you already have to trust the CPU vendor; their silicon could be backdoored to detect your workload and compromise it. The offer they're making is "you can reduce your trusted base from us and the cloud provider to just us"; this reduction in threat surface is of value, as long as they can ensure that their low-level hypervisor can be trusted at all.

to post comments

The Linux SVSM project

Posted Feb 7, 2023 10:16 UTC (Tue) by JanC_ (guest, #34940) [Link] (4 responses)

It’s a lot easier (and a huge lot cheaper) for the CPU manufacturer to backdoor the software that runs on the "security processor" than to add a special backdoor targetting you to the actual hardware design though…

The Linux SVSM project

Posted Feb 7, 2023 11:49 UTC (Tue) by farnz (subscriber, #17727) [Link] (3 responses)

But the security processor is part of the hardware design - if I can backdoor the software on the security processor, then I can write software that puts you into a VM it controls, and backdoors you that way. After all, nothing stops the CPU "booting" by running a hypervisor that leaves the security processor in total control, exposing what appears to be a "bare metal" interface, but in fact indirecting everything through the security processor's control.

The Linux SVSM project

Posted Feb 7, 2023 14:28 UTC (Tue) by JanC_ (guest, #34940) [Link] (2 responses)

And that's why jgg wants to be able to verify what code runs on it…

The Linux SVSM project

Posted Feb 7, 2023 14:33 UTC (Tue) by farnz (subscriber, #17727) [Link] (1 responses)

Right, but the processor he verifies could itself have a security processor that's hidden, and that runs the verified code in a hypervisor allowing the CPU manufacturer to backdoor it. There is simply no affordable route, short of trusting the CPU manufacturer, to verify that the hardware they have described to you is the hardware that's running in your system. The best you can do is to destroy a random sample of CPUs, reverse-engineering them with an electron microscope, to confirm that there's nothing hidden - and this is both expensive, and also depends on the CPU manufacturer including backdoored CPUs in the set you destroy.

And even then, you have to trust that the electron microscope is not backdoored, and that the reverse engineers are honest…

The Linux SVSM project

Posted Mar 11, 2023 1:57 UTC (Sat) by ghane (guest, #1805) [Link]

> And even then, you have to trust that the electron microscope is not backdoored, and that the reverse engineers are honest…

... also that farnz hasn't backdoored the problem statement.

... and that corbet hasn't backdoored the comment which told us exactly what to do to check.

My head hurts. :-)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds