| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Oct 2021 06:32:41 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Dov Murik <dovmurik@...ux.ibm.com>, linux-efi@...r.kernel.org
Cc: Borislav Petkov <bp@...e.de>, Ashish Kalra <ashish.kalra@....com>,
Brijesh Singh <brijesh.singh@....com>,
Tom Lendacky <thomas.lendacky@....com>,
Ard Biesheuvel <ardb@...nel.org>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Andi Kleen <ak@...ux.intel.com>,
Greg KH <gregkh@...uxfoundation.org>,
Andrew Scull <ascull@...gle.com>,
"Dr. David Alan Gilbert" <dgilbert@...hat.com>,
James Bottomley <jejb@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@...ux.ibm.com>,
Jim Cadden <jcadden@....com>,
Daniele Buono <dbuono@...ux.vnet.ibm.com>,
linux-coco@...ts.linux.dev, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 4/4] virt: Add sev_secret module to expose confidential
computing secrets
On 10/6/21 11:18 PM, Dov Murik wrote:
> +static int sev_secret_map_area(void)
> +{
> + struct sev_secret *s = sev_secret_get();
> + struct linux_efi_coco_secret_area *secret_area;
> + u32 secret_area_size;
> +
> + if (efi.coco_secret == EFI_INVALID_TABLE_ADDR) {
> + pr_err("Secret area address is not available\n");
> + return -EINVAL;
> + }
> +
> + secret_area = memremap(efi.coco_secret, sizeof(*secret_area), MEMREMAP_WB);
> + if (secret_area == NULL) {
> + pr_err("Could not map secret area header\n");
> + return -ENOMEM;
> + }
There doesn't seem to be anything truly SEV-specific in here at all.
Isn't this more accurately called "efi_secret" or something? What's to
prevent Intel or an ARM vendor from implementing this?
Powered by blists - more mailing lists