| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <23babf62-00cb-cb47-bb19-da9508325934@intel.com>
Date: Thu, 18 Jun 2020 16:52:18 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Daniel Gutson <daniel@...ypsium.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Peter Zijlstra <peterz@...radead.org>,
"David S. Miller" <davem@...emloft.net>,
Rob Herring <robh@...nel.org>, Tony Luck <tony.luck@...el.com>,
Rahul Tanwar <rahul.tanwar@...ux.intel.com>,
Xiaoyao Li <xiaoyao.li@...el.com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
linux-kernel@...r.kernel.org, Richard Hughes <hughsient@...il.com>
Subject: Re: [PATCH] Ability to read the MKTME status from userspace
On 6/18/20 2:26 PM, Daniel Gutson wrote:
> Red Hat and Eclypsium are working on a specification to assess
> firmware platform security. One of the inputs that the specification
> takes into consideration is whether MKTME is enabled or disabled.
> Exposing this value is necessary for tools checking the conformance
> of the specification.
What does TME's status on the platform tell you, though?
It doesn't tell you if your data is encrypted. It doesn't even tell you
if your mlock()'d "in RAM" data is encrypted.
So, what good is it?
Are we going to need another one of these when the TME encryption
algorithm changes? Do we need another driver when running in a SEV
guest to tell us about SEV's status?
Powered by blists - more mailing lists