| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250305115035.GEZ8g6i7NTiSfkxk7J@fat_crate.local>
Date: Wed, 5 Mar 2025 12:50:35 +0100
From: Borislav Petkov <bp@...en8.de>
To: Ingo Molnar <mingo@...nel.org>
Cc: Joerg Roedel <joro@...tes.org>, x86@...nel.org, hpa@...or.com,
Tom Lendacky <thomas.lendacky@....com>,
Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
Larry.Dewey@....com, Joerg Roedel <jroedel@...e.de>
Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS
On Wed, Mar 05, 2025 at 12:42:41PM +0100, Ingo Molnar wrote:
> So if the convenience of tooling is the argument, the raw feature mask
> exposed is the best option overall.
The convenience of tooling *and* user. I want both. I want to be able to boot
a guest and see what features are enabled without needing a tool.
And, at the same time, tools should be able to use the same interface.
Exactly like we *and glibc* use /proc/cpuinfo today. Now think the same thing
but for confidential guests.
> So the /sys/devices/system/cpu/sev/ directory already exists and your
> arguments already apply to that, don't they?
Lemme repeat:
>> - a .../sev sysfs file clearly doesn't cut it because TDX doesn't have "sev"
>> - it is the Intel version of a confidential guest
>> - we have a general need to expose what a confidential guest supports
> As to the hex numbers - do you prefer to put string versions of these
> into the sysfs file:
See above.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists