[PATCH v7 0/5] Allow guest access to EFI confidential computing secret area
Matthew Garrett
mjg59 at srcf.ucam.org
Wed Feb 2 04:01:57 UTC 2022
On Tue, Feb 01, 2022 at 09:24:50AM -0500, James Bottomley wrote:
> On Tue, 2022-02-01 at 14:50 +0100, Greg KH wrote:
> > You all need to work together to come up with a unified place for
> > this and stop making it platform-specific.
We're talking about things that have massively different semantics. How
do we expose that without an unwieldy API that has to try to be a
superset of everything implemented, which then has to be extended when
yet another implementation shows up with another behavioural quirk? EFI
variables already need extremely careful handling to avoid rm -rf /sys
bricking the system - should we impose that on everything, or should we
allow the underlying implementation to leak through in some ways?
More information about the Linux-security-module-archive
mailing list