Re: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF


Michael Brown
 

On 04/06/2021 11:43, Michael Brown wrote:
On 04/06/2021 11:11, Laszlo Ersek wrote:
And, to reiterate, just because Confidential Computing is the
new hot thing, the use cases for OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64
do not disappear. Regressing them, or making them unmaintainable due to
skyrocketing complexity, is not acceptable.
Totally agree with this.  Confidential Computing is a very niche use case, and there is no justification for exploding the complexity of the standard OVMF build.
If, several years from now, it ever reaches the point that the majority of real-world workloads are using TDX, then there would be an argument that the complexity cost has to be paid and that the standard OVMF build should include TDX features.  But that's several years away and may never happen.
Out of interest: does Intel TDX provide any security benefits beyond the (much simpler) Intel SGX?

As far as I can tell from the various papers, the fundamental difference between TDX and SGX seems to be that TDX deliberately increases the attack surface from "just the application code" to "entire guest VM, including OS kernel, runtime libraries, etc". Increasing the attack surface while adding complexity is a huge cost so I'm assuming that there must be some commensurate benefit, but nothing in the documentation I've seen seems to describe what this benefit actually is.

Thanks,

Michael

Join devel@edk2.groups.io to automatically receive all group messages.