[Intel-gfx] [PATCH v2 5/8] drm/i915/huc: Copy huc rsa only once
Chris Wilson
chris at chris-wilson.co.uk
Wed Jul 24 14:18:37 UTC 2019
Quoting Michal Wajdeczko (2019-07-24 13:55:23)
> On Wed, 24 Jul 2019 04:21:50 +0200, Daniele Ceraolo Spurio
> <daniele.ceraolospurio at intel.com> wrote:
>
> > The binary is perma-pinned and the rsa is not going to change, so copy
> > it only once and not on every load.
>
> as this new location is accessible from the GuC, what if GuC (or whoever
> else) corrupts it ? with stale RSA we will fail to authenticate HuC on
> subsequent resets.
Refusing to run after misbehaviour is reasonable, and probably better
than running with a successful adversary. We can equally conjecture how
to respond to an attack against any other GGTT or even ppGTT object,
where we have no idea on the identity of the culprit. That's before we
even start on hidden hypervisors and microcontrollers.
-Chris
More information about the Intel-gfx
mailing list