[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC 0/4] Adding Virtual Memory Fuses to Xen

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Fri, 16 Dec 2022 08:38:51 +0000
Cc: "Smith, Jackson" <rsmith@xxxxxxxxxxxxxxxxxxxxx>, "Brookes, Scott" <sbrookes@xxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "bertrand.marquis@xxxxxxx" <bertrand.marquis@xxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "demi@xxxxxxxxxxxxxxxxxxxxxx" <demi@xxxxxxxxxxxxxxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "christopher.w.clark@xxxxxxxxx" <christopher.w.clark@xxxxxxxxx>
Delivery-date: Fri, 16 Dec 2022 08:39:04 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Stefano,

On 16/12/2022 01:46, Stefano Stabellini wrote:

On Thu, 15 Dec 2022, Julien Grall wrote:

On 13/12/2022 19:48, Smith, Jackson wrote:

Yes, we are familiar with the "secret-free hypervisor" work. As you
point out, both our work and the secret-free hypervisor remove the
directmap region to mitigate the risk of leaking sensitive guest
secrets. However, our work is slightly different because it additionally
prevents attackers from tricking Xen into remapping a guest.


I understand your goal, but I don't think this is achieved (see above). You
would need an entity to prevent write to TTBR0_EL2 in order to fully protect
it.


Without a way to stop Xen from reading/writing TTBR0_EL2, we cannot
claim that the guest's secrets are 100% safe.

But the attacker would have to follow the sequence you outlines above to
change Xen's pagetables and remap guest memory before accessing it. It
is an additional obstacle for attackers that want to steal other guests'
secrets. The size of the code that the attacker would need to inject in
Xen would need to be bigger and more complex.

Right, that's why I wrote with a bit more work. However, the nuance youmention doesn't seem to be present in the cover letter:

"This creates what we call "Software Enclaves", ensuring that anadversary with arbitrary code execution in the hypervisor STILL cannotread/write guest memory."

So if the end goal if really to protect against *all* sort of arbitrarycode, then I think we should have a rough idea how this will look likein Xen.

From a brief look, it doesn't look like it would be possible to preventmodification to TTBR0_EL2 (even from EL3). We would need to investigateif there are other bits in the architecture to help us.


Every little helps :-)

I can see how making the life of the attacker more difficult isappealing. Yet, the goal needs to be clarified and the risk with theapproach acknowledged (see above).


Cheers,

--
Julien Grall

Follow-Ups:
- RE: [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Smith, Jackson

References:
- [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Smith, Jackson
- Re: [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Julien Grall
- RE: [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Smith, Jackson
- Re: [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Julien Grall
- Re: [RFC 0/4] Adding Virtual Memory Fuses to Xen
  - From: Stefano Stabellini

Prev by Date: Re: [XEN v1 1/9] xen/arm: Remove the extra assignment
Next by Date: Re: [PATCH] xen/arm: Allow to set grant table related limits for dom0less domUs
Previous by thread: Re: [RFC 0/4] Adding Virtual Memory Fuses to Xen
Next by thread: RE: [RFC 0/4] Adding Virtual Memory Fuses to Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.