| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Feb 2022 08:04:01 +0000
From: Matthew Garrett <mjg59@...f.ucam.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Greg KH <gregkh@...uxfoundation.org>,
James Bottomley <jejb@...ux.ibm.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
linux-efi <linux-efi@...r.kernel.org>,
Borislav Petkov <bp@...e.de>,
Ashish Kalra <ashish.kalra@....com>,
Brijesh Singh <brijesh.singh@....com>,
Tom Lendacky <thomas.lendacky@....com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Andi Kleen <ak@...ux.intel.com>,
Andrew Scull <ascull@...gle.com>,
Dave Hansen <dave.hansen@...el.com>,
"Dr. David Alan Gilbert" <dgilbert@...hat.com>,
Gerd Hoffmann <kraxel@...hat.com>,
Lenny Szubowicz <lszubowi@...hat.com>,
Peter Gonda <pgonda@...gle.com>,
Tobin Feldman-Fitzthum <tobin@...ux.ibm.com>,
Jim Cadden <jcadden@....com>,
Daniele Buono <dbuono@...ux.vnet.ibm.com>,
linux-coco@...ts.linux.dev, linux-security-module@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Nayna Jain <nayna@...ux.ibm.com>, dougmill@...ux.vnet.ibm.com,
gcwilson@...ux.ibm.com, gjoyce@....com,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@...ts.ozlabs.org>,
Michael Ellerman <mpe@...erman.id.au>,
Daniel Axtens <dja@...ens.net>
Subject: Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing
secret area
On Wed, Feb 02, 2022 at 08:22:03AM +0100, Ard Biesheuvel wrote:
> On Wed, 2 Feb 2022 at 08:10, Matthew Garrett <mjg59@...f.ucam.org> wrote:
> > Which other examples are you thinking of? I think this conversation may
> > have accidentally become conflated with a different prior one and now
> > we're talking at cross purposes.
>
> This came up a while ago during review of one of the earlier revisions
> of this patch set.
>
> https://lore.kernel.org/linux-efi/YRZuIIVIzMfgjtEl@google.com/
>
> which describes another two variations on the theme, for pKVM guests
> as well as Android bare metal.
Oh, I see! That makes much more sense - sorry, I wasn't Cc:ed on that,
so thought this was related to the efivars/Power secure boot. My
apologies, sorry for the noise. In that case, given the apparent
agreement between the patch owners that a consistent interface would
work for them, I think I agree with Greg that we should strive for that.
Given the described behaviour of the Google implementation, it feels
like the semantics in this implementation would be sufficient for them
as well, but having confirmation of that would be helpful.
On the other hand, I also agree that a new filesystem for this is
overkill. I did that for efivarfs and I think the primary lesson from
that is that people who aren't familiar with the vfs shouldn't be
writing filesystems. Securityfs seems entirely reasonable, and it's
consistent with other cases where we expose firmware-provided data
that's security relevant.
The only thing I personally struggle with here is whether "coco" is the
best name for it, and whether there are reasonable use cases that
wouldn't be directly related to confidential computing (eg, if the
firmware on a bare-metal platform had a mechanism for exposing secrets
to the OS based on some specific platform security state, it would seem
reasonable to expose it via this mechanism but it may not be what we'd
normally think of as Confidential Computing).
But I'd also say that while we only have one implementation currently
sending patches, it's fine for the code to live in that implementation
and then be abstracted out once we have another.
Powered by blists - more mailing lists