[svsm-devel] Kernel security features
Jörg Rödel
jroedel at suse.de
Thu Aug 29 10:26:37 CEST 2024
On Thu, Aug 29, 2024 at 10:00:24AM +0200, Thomas Leroy wrote:
> KPTI was also suggested my Carlos, so I appended it to the list but I'm
> also unsure about it (I'll also add PCID).
> If we allow an unprivileged user to run code on the same CPU, my
> understanding is that KPTI would still be relevant to prevent leaking
> sensitive data through side channel. However, with memory encrypted,
> what exactly could an attacker leak?
> Moreover, KPTI is also relevant to prevent an attacker with a powerful
> primitive (like ROP, or arbitrary read/write) to access any gadgets or
> memory from kernel space (however this can be bypassed on Linux by
> chaining the correct gadgets).
> Maybe we could try to reproduce the side-channel attacks before as a
> starting analysis.
The question for KPTI is whether modern, TDX-capable Intel CPUs are
still vulnerable to the Meltdown side-channel attack. The memory
encryption will not protect against any of these side-channels, as
encryption starts at the memory controller boundary and all data in the
caches is unencrypted.
For the various Spectre attacks the situation is a bit different, as
some of those still need software mitigation which we then also need in
the SVSM.
Regards,
--
Jörg Rödel
jroedel at suse.de
SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
https://www.suse.com/
Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
More information about the Svsm-devel
mailing list