| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250411184113.GBZ_liSYllx10eT-l1@renoirsky.local> Date: Fri, 11 Apr 2025 20:41:13 +0200 From: Borislav Petkov <bp@...en8.de> To: Ard Biesheuvel <ardb+git@...gle.com> Cc: linux-efi@...r.kernel.org, x86@...nel.org, mingo@...nel.org, linux-kernel@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>, Tom Lendacky <thomas.lendacky@....com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dionna Amalie Glaze <dionnaglaze@...gle.com>, Kevin Loughlin <kevinloughlin@...gle.com> Subject: Re: [PATCH v3] x86/boot/sev: Avoid shared GHCB page for early memory acceptance On Thu, Apr 10, 2025 at 03:28:51PM +0200, Ard Biesheuvel wrote: > From: Ard Biesheuvel <ardb@...nel.org> > > Communicating with the hypervisor using the shared GHCB page requires > clearing the C bit in the mapping of that page. When executing in the > context of the EFI boot services, the page tables are owned by the > firmware, and this manipulation is not possible. > > So switch to a different API for accepting memory in SEV-SNP guests, one That being the GHCB MSR protocol, it seems. And since Tom co-developed, I guess we wanna do that. But then how much slower do we become? And nothing in here talks about why that GHCB method worked or didn't work before and that it is ok or not ok why we're axing that off. I'm somehow missing that aspect of why that change is warranted... Thx.
Powered by blists - more mailing lists