lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Ya8MUOKPOKVfBfjJ@kernel.org>
Date:   Tue, 7 Dec 2021 09:25:04 +0200
From:   Mike Rapoport <rppt@...nel.org>
To:     Richard Hughes <hughsient@...il.com>
Cc:     Martin Fernandez <martin.fernandez@...ypsium.com>,
        linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
        platform-driver-x86@...r.kernel.org, linux-mm@...ck.org,
        tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
        ardb@...nel.org, dvhart@...radead.org, andy@...radead.org,
        gregkh@...uxfoundation.org, rafael@...nel.org,
        akpm@...ux-foundation.org, daniel.gutson@...ypsium.com,
        alex.bazhaniuk@...ypsium.com, alison.schofield@...el.com
Subject: Re: [PATCH v3 0/5] x86: Show in sysfs if a memory node is able to do
 encryption

Hi Richard,

On Mon, Dec 06, 2021 at 07:58:10PM +0000, Richard Hughes wrote:
> On Sun, 5 Dec 2021 at 06:04, Mike Rapoport <rppt@...nel.org> wrote:
> > On Fri, Dec 03, 2021 at 04:21:43PM -0300, Martin Fernandez wrote:
> > > fwupd project plans to use it as part of a check to see if the users
> > > have properly configured memory hardware encryption capabilities.
> > I'm missing a description about *how* the new APIs/ABIs are going to be
> > used.
> 
> We're planning to use this feature in the Host Security ID checks done
> at every boot. Please see
> https://fwupd.github.io/libfwupdplugin/hsi.html for details. I'm happy
> to answer questions or concerns. Thanks!

Can you please describe the actual check for the memory encryption and how
it would impact the HSI rating?

I wonder, for example, why did you choose per-node reporting rather than
per-region as described in UEFI spec.

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ