mjg59

mjg59, 1 day ago

Kind of feel that coming second to a team with @deviantollam and @Tarah is not a bad outcome

mjg59, 2 days ago

@hyc No, once you're in SEV-land you're not really in a good place to do hardware passthrough

mjg59, 2 days ago

@hyc I'm fine with the hypervisor being able to see what's happening in arbitrary guests, but there needs to be isolation between the primary VM and the security VM (Hyper-V manages this fine in Windows land)

mjg59, 2 days ago

@agraf My recollection is that Jailhouse does static partitioning and no scheduling, ie you need to give it a CPU? It also starts from Linux which makes it harder to sequester secrets that Linux can't get at.

mjg59, 2 days ago

@bluca @l0kod Not quite the same - you still have Linux with the ability to see everything, I think?

mjg59, 2 days ago

@baloo @hyc Potentially the TPM, but otherwise nothing - just CPU, RAM, and some sort of simple intra-VM communication channel.

mjg59, 2 days ago

@agraf I'm pretty sure the lack of scheduling is a design choice that would need to be retrofitted. Launching from Linux is more about how it's managed, so that's probably an easier thing to fix.

mjg59, 2 days ago

@jornfranke No, firecracker VMs are visible to the Linux host

mjg59, 2 days ago

@baloo @hyc Right, you can do it the other way around with SEV, but that then leaves you with very restricted hardware support at the moment

mjg59, 2 days ago

@noodles @hyc Some form of secret manager, at least

mjg59, 2 days ago

@rzeta0 A hypervisor doesn't have to let a privileged VM see into other VMs - Xen allowing that for Dom0 is an artifact of their design rather than anything inherent. The primary Windows VM can't see into the Credential Guard VM, since the hypervisor has drawn a hardware-enforced barrier in between them.

mjg59, 2 days ago

@rzeta0 Cryptography doesn't remove side channels - if you keep the secrets in a TPM but it doesn't use constant time operations, or if I'm able to monitor the power rails, that's not an absolute barrier. Very little is absolute - the level of security appropriate for a given problem will vary depending on what your threat model is, and I'm broadly ok with having my WebAuthn secrets in a separate VM running on the same CPU

mjg59, 1 day ago

@noodles @hyc SEV is pretty much exclusive to server parts, and I have a laptop

mjg59, 3 days ago

@pippin apparmor MAC decisions are based on path, not inode

mjg59, 7 days ago

@cate Maybe our tooling should be better

mjg59, 7 days ago

@wjt Oh no

mjg59, 7 days ago

@kithrup @rfc6919 opened-but-unlinked don't cause problems here, the two main issues are that you can't apply security policy based on path (one file may exist in multiple paths) and you can't look for notifications based on parent directory (if files have no canonical parent, how do you know to notify on modification?)

mjg59, 7 days ago

@plambrechtsen Direct experience is that a lot of it doesn't work with normally scoped OIDC tokens, it's more aimed at different flows

mjg59, 7 days ago

@plambrechtsen I literally can't open an external browser because of how Apple handles hardware backed key ownership