[PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area
Dov Murik
dovmurik at linux.ibm.com
Wed Feb 2 11:13:49 UTC 2022
On 02/02/2022 10:41, Gerd Hoffmann wrote:
> On Tue, Feb 01, 2022 at 12:44:10PM +0000, Dov Murik wrote:
>> Some older firmware declare the confidential computing secret area as
>> EFI_BOOT_SERVICES_DATA region. Fix this up by treating this memory
>> region as EFI_RESERVED_TYPE, as it should be.
>>
>> If that memory region is already EFI_RESERVED_TYPE then this has no
>> effect on the E820 map.
>
> Hmm, sure we actually want merge this? I suspect by the time this
> landed in an upstream kernel "older firmware" isn't much of a problem
> any more.
>
When we originally wrote this patch the OVMF fix was not yet upstream
(and currently it is still not part of an official edk2 stable tag/release).
But I agree that as time goes by, the need for this fix is diminishing.
I'll consider dropping this patch entirely in the next round.
Thanks,
-Dov
More information about the Linux-security-module-archive
mailing list