lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Yk/zAo91ztEq/qTv@gondor.apana.org.au>
Date:   Fri, 8 Apr 2022 16:32:02 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     Mario Limonciello <mario.limonciello@....com>
Cc:     Tom Lendacky <thomas.lendacky@....com>,
        John Allen <john.allen@....com>,
        "David S . Miller" <davem@...emloft.net>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER" 
        <linux-crypto@...r.kernel.org>,
        Kerneis Gabriel <Gabriel.Kerneis@....gouv.fr>,
        Richard Hughes <hughsient@...il.com>
Subject: Re: [PATCH v3 0/4] Export PSP security attributes

On Thu, Mar 31, 2022 at 04:12:09PM -0500, Mario Limonciello wrote:
> Select AMD SOCs include the ability to export capabilities that
> have been activated or detected by the platform security processor.
> 
> This information is useful for both system designers as well as system
> administrators to ensure that the system has been properly locked down
> to their expectations.
> 
> Software such as fwupd will also be modified to use this information
> as part of the calculations for a security level score that may be
> presented to a user.
> 
> This series also adds the ability to detect that TSME and SME are both
> activated simultaneously to notify a user.  Previously a user could turn
> on TSME and SME at the same time, but the kernel was unable to detect
> that TSME was enabled in the OS.
> 
> This information is evaluated "too late" right now in the kernel to stop
> the kernel from enabling SME, but if that is desirable at a later time
> some of the early code can be modified to read the same information and
> make that decision.
> 
> Mario Limonciello (4):
>   crypto: ccp: cache capability into psp device
>   crypto: ccp: Export PSP security bits to userspace
>   crypto: ccp: Allow PSP driver to load without SEV/TEE support
>   crypto: ccp: When TSME and SME both detected notify user
> 
>  Documentation/ABI/testing/sysfs-driver-ccp | 87 ++++++++++++++++++++++
>  drivers/crypto/ccp/psp-dev.c               | 49 +++++-------
>  drivers/crypto/ccp/psp-dev.h               | 22 ++++++
>  drivers/crypto/ccp/sp-pci.c                | 62 +++++++++++++++
>  4 files changed, 189 insertions(+), 31 deletions(-)
>  create mode 100644 Documentation/ABI/testing/sysfs-driver-ccp

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ