| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z8g01YhM_FtdB5n6@gmail.com> Date: Wed, 5 Mar 2025 12:26:13 +0100 From: Ingo Molnar <mingo@...nel.org> To: Borislav Petkov <bp@...en8.de> Cc: Joerg Roedel <joro@...tes.org>, x86@...nel.org, hpa@...or.com, Tom Lendacky <thomas.lendacky@....com>, Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org, Larry.Dewey@....com, Joerg Roedel <jroedel@...e.de> Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS * Borislav Petkov <bp@...en8.de> wrote: > On Wed, Mar 05, 2025 at 11:52:34AM +0100, Joerg Roedel wrote: > > From: Joerg Roedel <jroedel@...e.de> > > > > Current user-space tooling which needs access to the SEV_STATUS MSR is > > using the MSR module. The use of this module poses a security risk in > > any trusted execution environment and is generally discouraged. > > > > Instead, provide an file in SYSFS in the already existing > > /sys/devices/system/cpu/sev/ directory to provide the value of the > > SEV_STATUS MSR to user-space. > > Right, to continue this discussion on the ML, like we said yesterday, I think > that dumping a raw MSR value is not really user-friendly. > > We could stick a > > Coco: > > line in /proc/cpuinfo and simply dump SEV_STATUS there and TDX can put the > respective TDX-specific feature flags of what is enabled there and then we > have a good tested and well-known interface to communicate such things to > userspace through. > > I'd say... It's *far* better to expose this via a targeted sysfs entry than polluting /proc/cpuinfo with it that everyone and their dog is parsing all the time ... Thanks, Ingo
Powered by blists - more mailing lists