lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 7 Dec 2021 16:45:56 -0300
From:   Martin Fernandez <martin.fernandez@...ypsium.com>
To:     Mike Rapoport <rppt@...nel.org>
Cc:     Richard Hughes <hughsient@...il.com>, linux-kernel@...r.kernel.org,
        linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
        linux-mm@...ck.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
        hpa@...or.com, ardb@...nel.org, dvhart@...radead.org,
        andy@...radead.org, gregkh@...uxfoundation.org, rafael@...nel.org,
        akpm@...ux-foundation.org, daniel.gutson@...ypsium.com,
        alex.bazhaniuk@...ypsium.com, alison.schofield@...el.com
Subject: Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do encryption

On 12/7/21, Mike Rapoport <rppt@...nel.org> wrote:
> Hi Richard,
>
> On Mon, Dec 06, 2021 at 07:58:10PM +0000, Richard Hughes wrote:
>> On Sun, 5 Dec 2021 at 06:04, Mike Rapoport <rppt@...nel.org> wrote:
>> > On Fri, Dec 03, 2021 at 04:21:43PM -0300, Martin Fernandez wrote:
>> > > fwupd project plans to use it as part of a check to see if the users
>> > > have properly configured memory hardware encryption capabilities.
>> > I'm missing a description about *how* the new APIs/ABIs are going to be
>> > used.
>>
>> We're planning to use this feature in the Host Security ID checks done
>> at every boot. Please see
>> https://fwupd.github.io/libfwupdplugin/hsi.html for details. I'm happy
>> to answer questions or concerns. Thanks!
>
> Can you please describe the actual check for the memory encryption and how
> it would impact the HSI rating?
>
> I wonder, for example, why did you choose per-node reporting rather than
> per-region as described in UEFI spec.

Some time ago we discussed about this and concluded with Dave Hansen
that it was better to do it in this per-node way.

This is the archive of the relevant discussion:
http://lkml.iu.edu/hypermail/linux/kernel/2006.2/06753.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ