Host data validation#2518
Conversation
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
| initialPolicyStance := "allow" | ||
| initialPolicyStance := "deny" |
There was a problem hiding this comment.
The original plan was to do the following (0afe43a). Then Ken decided to always use "deny". I didn't have enough time to ask why. If anyone has major objections, I think we can stick to the original way for now, then come back to it later. At least I see less potential security problem happing by accident, while debugging might be harder.
initialPolicyStance := "allow"
if pspdriver.GetPspDriverError() != nil || snpMode /*Value from psp driver*/ {
// If the driver failed to start, policy should keep returning "deny" for anything.
// For SNP environment, the initial policy is "deny" but it will be updated
// per the user's security policy.
initialPolicyStance = "deny"
}
There was a problem hiding this comment.
If we are hardcoding the policy stance to "deny" here, wouldn't it always go to the "deny" switch case? When/how would it go to the "allow" case?
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
| } | ||
|
|
||
| var ( | ||
| amdsnppspapi = windows.NewLazySystemDLL("amdsnppspapi.dll") |
There was a problem hiding this comment.
If you want to call a win32 API, please add it under internal/winapi (in a separate file if necessary) and then run go generate on that package to automatically generate the go code for calling that API. Look at other files under internal/winapi to see the format in which you would need to add your methods.
| PspStatus uint64 | ||
| } | ||
|
|
||
| type report struct { |
There was a problem hiding this comment.
Is this a well-known, public type? If yes, can we include a link to the documentation here? If not, we should probably try to name these types better. For e.g Report can be ParsedReport and report can be reportData etc. with some explanation in comments.
There was a problem hiding this comment.
Yes, added comment in 09a5eaf. Still we could change the name, but for now I'll leave them as they are. They are copied from the LCOW equivalent so that I don't have to change it to support WCOW. By keeping the name, later we can fix the duplication easier.
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
| logrus.WithError(err).Errorf("failed to start PSP driver") | ||
| } | ||
|
|
||
| // gcs-sidecar can be used for non-confidentail hyperv wcow |
There was a problem hiding this comment.
gcs-sidecar will not be used for non confidential WCOW, that is not in the plans right now.
To answer Amit's question. initialpolicystance can be in "deny" mode - during the first message, we set the securitypolicy and use that enforcer instead of the closed door.
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
3 participants
Changes
TODOs for future PRs
Address duplication with LCOW, for now we avoid change in LCOW