The core PCI subsystem in a CoCo guest performs a lot of activity (mainly consuming data from host-controlled pci config space) where it can receive malicious input from untrusted host. In order to minimize the risk, we initially developed patches in that disable a lot of PCI functionality that is not needed in CoCo guest (early pci, pci quirks, etc). However, this is not a proper approach and instead we need to find a way to hardened the needed areas.
This potentially means creating solution to establish a trust in pci config space configuration that host provides.
Problem
The core PCI subsystem in a CoCo guest performs a lot of activity (mainly consuming data from host-controlled pci config space) where it can receive malicious input from untrusted host. In order to minimize the risk, we initially developed patches in that disable a lot of PCI functionality that is not needed in CoCo guest (early pci, pci quirks, etc). However, this is not a proper approach and instead we need to find a way to hardened the needed areas. This potentially means creating solution to establish a trust in pci config space configuration that host provides.