[PATCH v2 4/4] virt: Add sev_secret module to expose confidential computing secrets

Dov Murik dovmurik at linux.ibm.com
Fri Oct 8 05:40:14 UTC 2021


Thanks Dave and Dave for reviewing this.

On 07/10/2021 19:17, Dr. David Alan Gilbert wrote:
> * Dave Hansen (dave.hansen at intel.com) wrote:
>> On 10/6/21 11:18 PM, Dov Murik wrote:
>>> +static int sev_secret_map_area(void)
>>> +{
>>> +	struct sev_secret *s = sev_secret_get();
>>> +	struct linux_efi_coco_secret_area *secret_area;
>>> +	u32 secret_area_size;
>>> +
>>> +	if (efi.coco_secret == EFI_INVALID_TABLE_ADDR) {
>>> +		pr_err("Secret area address is not available\n");
>>> +		return -EINVAL;
>>> +	}
>>> +
>>> +	secret_area = memremap(efi.coco_secret, sizeof(*secret_area), MEMREMAP_WB);
>>> +	if (secret_area == NULL) {
>>> +		pr_err("Could not map secret area header\n");
>>> +		return -ENOMEM;
>>> +	}
>>
>> There doesn't seem to be anything truly SEV-specific in here at all.
>> Isn't this more accurately called "efi_secret" or something?  What's to
>> prevent Intel or an ARM vendor from implementing this?
> 
> I don't think anything; although the last discussion I remember on list
> with Intel was that Intel preferred some interface with an ioctl to read
> the secrets and stuff.  I'm not quite sure if the attestation/secret
> delivery order makes sense with TDX, but if it does, then if you could
> persuade someone to standardise on this it would be great.
> 

I agree that this series doesn't have any SEV-specific stuff in it; in
fact, I wrote in the cover letter:

+++
This has been tested with AMD SEV and SEV-ES guests, but the kernel side
of handling the secret area has no SEV-specific dependencies, and
therefore might be usable (perhaps with minor changes) for any
confidential computing hardware that can publish the secret area via the
standard EFI config table entry.
+++

However, in previous rounds Boris said [1] that if it's only
hypothetical support for other platforms, I should add a
"depends on AMD_MEM_ENCRYPT" clause.  Boris, can you please share your view?

I'm indeed in favor of making this more generic (efi_secret sounds
good), allowing for future support for other early-boot secret injection
mechanisms.


[1] https://lore.kernel.org/linux-coco/YNojYBIwk0xCHQ0v@zn.tnic/


-Dov



More information about the Linux-security-module-archive mailing list