| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Oct 2017 23:49:49 +0200
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Gary Hook <gary.hook@....com>,
Tom Lendacky <thomas.lendacky@....com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted
Virtualization (SEV) command support
On Fri, Oct 27, 2017 at 04:28:31PM -0500, Brijesh Singh wrote:
> This will fail because PEK_GEN require the platform in INIT state and
> nobody has done the state transition from INIT -> UINIT.
Huh, FW is in INIT state and PEK_GEN wants it to be in INIT state. Typo?
Aaanyway, I don't like this whole notion of prematurely and predictively
executing commands on the PSP if it is not needed. So how about
executing only those commands which put the FW in the required state and
then executing the actual command?
I.e., if a command needs to be executed in UINIT state, you put the PSP
in that state before executing that command. If the command needs to be
in INIT state, you put the PSP in INIT state first and so on...
For convenience, you could carry the current PSP state in some struct
psp_dev member or whatever and query it before running the respective
commands.
Hmmm?
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists