docs: security: Confidential computing intro and threat model for x86 virtualization

Kernel developers working on confidential computing for virtualized environments in x86 operate under a set of assumptions regarding the Linux kernel threat model that differs from the traditional view. Historically, the Linux threat model acknowledges attackers residing in userspace, as well as a limited set of external attackers that are able to interact with the kernel through networking or limited HW-specific exposed interfaces (e.g. USB, thunderbolt). The goal of this document is to explain additional attack vectors that arise in the virtualized confidential computing space. Reviewed-by: Larry Dewey <larry.dewey@amd.com> Reviewed-by: David Kaplan <david.kaplan@amd.com> Co-developed-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Carlos Bilbao <carlos.bilbao@amd.com> Message-ID: <98804f27-c2e7-74d6-d671-1eda927e19fe@amd.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>

docs: security: Confidential computing intro and threat model for x86 virtualization
Kernel developers working on confidential computing for virtualized environments in x86 operate under a set of assumptions regarding the Linux kernel threat model that differs from the traditional view. Historically, the Linux threat model acknowledges attackers residing in userspace, as well as a limited set of external attackers that are able to interact with the kernel through networking or limited HW-specific exposed interfaces (e.g. USB, thunderbolt). The goal of this document is to explain additional attack vectors that arise in the virtualized confidential computing space. Reviewed-by: Larry Dewey <larry.dewey@amd.com> Reviewed-by: David Kaplan <david.kaplan@amd.com> Co-developed-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Carlos Bilbao <carlos.bilbao@amd.com> Message-ID: <98804f27-c2e7-74d6-d671-1eda927e19fe@amd.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
1f597b1a · Carlos Bilbao · Jonathan Corbet · 42b37783 · 1f597b1a · 1f597b1a
Commit 1f597b1a authored Sep 14, 2023 by Carlos Bilbao Committed by Jonathan Corbet Sep 23, 2023
Showing with 260 additions and 0 deletions

Documentation/security/index.rst Documentation/security/index.rst +1 -0

Documentation/security/snp-tdx-threat-model.rst Documentation/security/snp-tdx-threat-model.rst +253 -0

MAINTAINERS MAINTAINERS +6 -0

No files found.
--- a/Documentation/security/index.rst
+++ b/Documentation/security/index.rst
@@ -6,6 +6,7 @@ Security Documentation
   :maxdepth: 1

   credentials
+   snp-tdx-threat-model
   IMA-templates
   keys/index
   lsm

--- a/Documentation/security/snp-tdx-threat-model.rst
+++ b/Documentation/security/snp-tdx-threat-model.rst
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -5196,6 +5196,12 @@ S:	Orphan
 W:	http://accessrunner.sourceforge.net/
 F:	drivers/usb/atm/cxacru.c

+CONFIDENTIAL COMPUTING THREAT MODEL FOR X86 VIRTUALIZATION (SNP/TDX)
+M:    Elena Reshetova <elena.reshetova@intel.com>
+M:    Carlos Bilbao <carlos.bilbao@amd.com>
+S:    Maintained
+F:    Documentation/security/snp-tdx-threat-model.rst
+
 CONFIGFS
 M:	Joel Becker <jlbec@evilplan.org>
 M:	Christoph Hellwig <hch@lst.de>