Remaining work for security Hardening of MS drivers in OpenHCL Kernel #761
Assignees
Labels
ohcl-linux-kernel
Changes that apply to the Linux kernel at OHCL-Linux-Kernel repo
Milestone
Comments
cperezvargas
added this to the OpenHCL support for the GA of TDX CVMs in Azure milestone
smalis-msft
added
the
ohcl-linux-kernel
|
|
@cperezvargas Are you asking Intel Linux team to audit the kernel crash report? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OpenHCL is using a set of linux hv drivers. While some linux hv drivers were hardened during CVM efforts it may not be true for the full set of drivers used in OpenHCL. MS owned components used in the kernel should be hardened to secure the host->guest attack surface. Security research team requested we apply secure code practices for these components and fix any bugs that may arise from the hardening review. Devices that need to be hardened: HvSocket & re-review new components (GED, serial, etc.) & VPCI.
Tasks done can be seen (by MSFT only) in https://microsoft.visualstudio.com/OS/_workitems/edit/37586563
Remaining tasks:
hv/arm64: Use a UUID for the call UID
Extend HvGicExtTests::VerifyAssertSpiVtl0FromVtl2
Audit kernel's crash reporting for CVM safety
Security Hardening of MS drivers in OHCL Kernel (SWAG)
The text was updated successfully, but these errors were encountered: