lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250114173336.GL26854@ziepe.ca>
Date: Tue, 14 Jan 2025 13:33:36 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Stefano Garzarella <sgarzare@...hat.com>
Cc: Tom Lendacky <thomas.lendacky@....com>,
	Jarkko Sakkinen <jarkko.sakkinen@....fi>,
	James Bottomley <james.bottomley@...senpartnership.com>,
	linux-coco@...ts.linux.dev, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Peter Huewe <peterhuewe@....de>, "H. Peter Anvin" <hpa@...or.com>,
	linux-integrity@...r.kernel.org, x86@...nel.org,
	Joerg Roedel <jroedel@...e.de>, Jarkko Sakkinen <jarkko@...nel.org>,
	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Claudio Carvalho <cclaudio@...ux.ibm.com>,
	Dov Murik <dovmurik@...ux.ibm.com>
Subject: Re: [PATCH 3/3] x86/sev: add a SVSM vTPM platform device

On Tue, Jan 14, 2025 at 05:51:33PM +0100, Stefano Garzarella wrote:
>   Otherwise we need an intermediate module in drivers/char/tpm. Here we
>   have 2 options:
>   1. continue as James did by creating a platform_device.
>   2. or we could avoid this by just exposing a registration API invoked by
>   sev to specify the send_recv() callback to use. I mean something like
>   renaming tpm_platform_probe() in tpm_platform_register(), and call it in
>   snp_init_platform_device().

You should not layer things on top of things. If you have a clearly
defined driver write it in the natural logical way and export the
symbols you need.

Either export TPM stuff to arch code, or export arch code to
TPM. Don't make crazy boutique shims to avoid simple exports.

> > Meaning that you'd export some of your arch stuff for the tpm driver
> > to live in its natural home
> 
> @Tom do you think we can eventually expose sev API like
> svsm_perform_call_protocol(), svsm_get_caa(), etc.?

We have lots of ways to make restricted exports now, you can use them
and export those symbols. There shouldn't be resistance to this.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ