[PATCH v2 4/4] virt: Add sev_secret module to expose confidential computing secrets
Dov Murik
dovmurik at linux.ibm.com
Fri Oct 8 05:40:14 UTC 2021
Thanks Dave and Dave for reviewing this.
On 07/10/2021 19:17, Dr. David Alan Gilbert wrote:
> * Dave Hansen (dave.hansen at intel.com) wrote:
>> On 10/6/21 11:18 PM, Dov Murik wrote:
>>> +static int sev_secret_map_area(void)
>>> +{
>>> + struct sev_secret *s = sev_secret_get();
>>> + struct linux_efi_coco_secret_area *secret_area;
>>> + u32 secret_area_size;
>>> +
>>> + if (efi.coco_secret == EFI_INVALID_TABLE_ADDR) {
>>> + pr_err("Secret area address is not available\n");
>>> + return -EINVAL;
>>> + }
>>> +
>>> + secret_area = memremap(efi.coco_secret, sizeof(*secret_area), MEMREMAP_WB);
>>> + if (secret_area == NULL) {
>>> + pr_err("Could not map secret area header\n");
>>> + return -ENOMEM;
>>> + }
>>
>> There doesn't seem to be anything truly SEV-specific in here at all.
>> Isn't this more accurately called "efi_secret" or something? What's to
>> prevent Intel or an ARM vendor from implementing this?
>
> I don't think anything; although the last discussion I remember on list
> with Intel was that Intel preferred some interface with an ioctl to read
> the secrets and stuff. I'm not quite sure if the attestation/secret
> delivery order makes sense with TDX, but if it does, then if you could
> persuade someone to standardise on this it would be great.
>
I agree that this series doesn't have any SEV-specific stuff in it; in
fact, I wrote in the cover letter:
+++
This has been tested with AMD SEV and SEV-ES guests, but the kernel side
of handling the secret area has no SEV-specific dependencies, and
therefore might be usable (perhaps with minor changes) for any
confidential computing hardware that can publish the secret area via the
standard EFI config table entry.
+++
However, in previous rounds Boris said [1] that if it's only
hypothetical support for other platforms, I should add a
"depends on AMD_MEM_ENCRYPT" clause. Boris, can you please share your view?
I'm indeed in favor of making this more generic (efi_secret sounds
good), allowing for future support for other early-boot secret injection
mechanisms.
[1] https://lore.kernel.org/linux-coco/YNojYBIwk0xCHQ0v@zn.tnic/
-Dov
More information about the Linux-security-module-archive
mailing list