General OpenPOWER Hardware > General CPU Discussion

Ultravisor state and/or FlexVer as a substitute for confidential/trustworthy rem

<< < (2/2)

rjzak:
According to IBM’s paper, the Ultravisor uses a TPM and IBM recommends Nuvoton. https://dl.acm.org/doi/10.1145/3447786.3456243

I also noticed there isn’t anything on the Forum or Wiki about supported TPMs. Sorry if this is a dumb question, as I’ve never used them before, but is there any reason as to why this one wouldn’t work?
ASRock TPM2-S TPM Module Motherboard (V2.0) https://a.co/acA1yDL

rjzak:
After checking the docs, the Talos & Blackbird boards use the 20-pin TPM. So maybe these would work:

* https://a.co/d/91veo25 (Generic brand? not too comfortable with that, unknown chip)
* https://a.co/d/4QA7amk (looks exactly like the one above, same marketing images, not a well-known brand, unknown chip)
* https://a.co/d/etHR62A (SuperMicro, Infineon chip)
* https://a.co/d/bD90lpO (Another no-name brand, unknown chip)

AdamJoseph:
I always found very weird that the rev 2.3 ~~hypervisor~~ (edit: ultravisor) can't virtualize the hardware random number generator.

In other words, unprivileged code always has direct access to the HWRNG, and the OS/hypervisor/ultravisor can't do anything to change that.

So very strange.

ClassicHasClass:
Why would you do otherwise? Since it's a source of entropy, virtualizing it would potentially compromise the cryptographic security of the guest. RDRAND on recent (Ivy Bridge at least) x86_64 is the same way. See https://lwn.net/Articles/887207/ for an example of when this goes wrong.

AdamJoseph:

--- Quote from: ClassicHasClass on September 08, 2022, 10:24:29 pm ---Why would you do otherwise?

--- End quote ---

Allow the ultravisor to trap if it chooses to (or not, if it chooses to).  The fact that the choice is taken away for this one particular device function is extremely weird.


--- Quote from: ClassicHasClass on September 08, 2022, 10:24:29 pm ---RDRAND on recent (Ivy Bridge at least) x86_64 is the same way.

--- End quote ---

No; on x86_64 the hypervisor can trap-and-emulate RDRAND if it chooses to do so: https://patchwork.kernel.org/project/kvm/patch/20170821192640.30817-1-jmattson@google.com/


--- Quote from: ClassicHasClass on September 08, 2022, 10:24:29 pm ---Since it's a source of entropy, virtualizing it would potentially compromise the cryptographic security of the guest.

--- End quote ---

Ultravisors can always compromise the security of their guests.

Navigation

[0] Message Index

[*] Previous page

Go to full version