[PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated
Gerd Hoffmann
kraxel at redhat.com
Thu Feb 3 06:16:15 UTC 2022
Hi,
> > I think the module should fail noisily. See above for autoload. In
> > case the module is loaded (either manually by the admin, or because
> > efi.coco_secret != EFI_INVALID_TABLE_ADDR) and it can't actually load
> > the secrets we want know why ...
>
> Note that the AmdSev build of OVMF always publishes
> LINUX_EFI_COCO_SECRET_TABLE_GUID in the EFI table. Even when
> LAUNCH_SECRET was not executed. In such cases the secret area will be
> empty.
Hmm, ok. Why? I assume the secret area is filled by the host and ovmf
doesn't even look at it?
> If we keep only the 'efi.coco_secret != EFI_INVALID_TABLE_ADDR' check,
> we'll get errors from efi_secret for every VM launch that doesn't
> undergo LAUNCH_SECRET. I don't think that's good.
Well, if that is a common case the module could either print nothing or
log KERN_INFO level instead of KERN_ERROR.
> If we *do* want to check that the area starts with
> EFI_SECRET_TABLE_HEADER_GUID (like I think we should), we need all the
> checks before that, like checking that the area is big enough, and that
> all the memremap()s succeed -- before actually comparing the
> header_guid. The checks are basically prerequisites for calling
> efi_guidcmp() safely.
It is still not fully clear to me why you want do that check twice.
take care,
Gerd
More information about the Linux-security-module-archive
mailing list