On Wed, Oct 20, 2021 at 09:33:49AM +0800, Jason Wang wrote: > > In my own opinion, the threat model is: > > > > Attacker: 'malicious' hypervisor > > > > Victim: VM with SEV/TDX/SGX > > > > The attacker should not be able to steal secure/private data from VM, when > > the > > hypervisor's action is unexpected. DoS is out of the scope. > > > > My concern is: it is very hard to clearly explain in the patchset how the > > hypervisor is able to steal VM's data, by setting queue=0 or injecting > > unwanted > > interrupts to VM. > > Yes, it's a hard question but instead of trying to answer that, we can > just fix the case of e.g unexpected interrupts. > > Thanks
I think this it's still early days for TDX. So it's a bit early to talk about threat models, start opening CVEs and distinguishing between security and non-security bugs. -- MST _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
