| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e3e2d438-6d97-57c8-90e0-8fec874ad43d@amd.com>
Date: Wed, 26 Apr 2023 09:43:43 -0500
From: Mario Limonciello <mario.limonciello@....com>
To: Pavel Machek <pavel@....cz>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
linux-crypto@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>,
"David S . Miller" <davem@...emloft.net>,
John Allen <john.allen@....com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 00/10] Add dynamic boost control support
On 4/26/23 08:47, Pavel Machek wrote:
> Hi!
>
>> Dynamic boost control is a feature of some SoCs that allows
>> an authenticated entity to send commands to the security processor
>> to control certain SOC characteristics with the intention to improve
>> performance.
>>
>> This is implemented via a mechanism that a userspace application would
>> authenticate using a nonce and key exchange over an IOCTL interface.
>>
>> After authentication is complete an application can exchange signed
>> messages with the security processor and both ends can validate the
>> data transmitted.
> Why is this acceptable? This precludes cross-platform interfaces,
> right? Why would application want to validate data from PSP? That
> precludes virtualization, right?
>
> Just put the key in kernel. Users have right to control their own
> hardware.
> Pavel
This matches exactly how the interface works in Windows as well.
The reason for validating the data from the PSP is because the data
crosses multiple trust boundaries and this ensures that the application
can trust it to make informed decisions.
Powered by blists - more mailing lists