Re: [PATCH v2 4/4] virt: Add sev_secret module to expose confidential computing secrets

From: Dov Murik
Date: Fri Oct 08 2021 - 01:40:45 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 0/9] Dynamic DT device nodes"
Previous message: Sergio Paracuellos: "Re: linux-next: build failure after merge of the staging tree"
Next in thread: Dov Murik: "Re: [PATCH v2 4/4] virt: Add sev_secret module to expose confidential computing secrets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Dave and Dave for reviewing this.

On 07/10/2021 19:17, Dr. David Alan Gilbert wrote:
> * Dave Hansen (dave.hansen@xxxxxxxxx) wrote:
>> On 10/6/21 11:18 PM, Dov Murik wrote:
>>> +static int sev_secret_map_area(void)
>>> +{
>>> + struct sev_secret *s = sev_secret_get();
>>> + struct linux_efi_coco_secret_area *secret_area;
>>> + u32 secret_area_size;
>>> +
>>> + if (efi.coco_secret == EFI_INVALID_TABLE_ADDR) {
>>> + pr_err("Secret area address is not available\n");
>>> + return -EINVAL;
>>> + }
>>> +
>>> + secret_area = memremap(efi.coco_secret, sizeof(*secret_area), MEMREMAP_WB);
>>> + if (secret_area == NULL) {
>>> + pr_err("Could not map secret area header\n");
>>> + return -ENOMEM;
>>> + }
>>
>> There doesn't seem to be anything truly SEV-specific in here at all.
>> Isn't this more accurately called "efi_secret" or something? What's to
>> prevent Intel or an ARM vendor from implementing this?
>
> I don't think anything; although the last discussion I remember on list
> with Intel was that Intel preferred some interface with an ioctl to read
> the secrets and stuff. I'm not quite sure if the attestation/secret
> delivery order makes sense with TDX, but if it does, then if you could
> persuade someone to standardise on this it would be great.
>

I agree that this series doesn't have any SEV-specific stuff in it; in
fact, I wrote in the cover letter:

+++
This has been tested with AMD SEV and SEV-ES guests, but the kernel side
of handling the secret area has no SEV-specific dependencies, and
therefore might be usable (perhaps with minor changes) for any
confidential computing hardware that can publish the secret area via the
standard EFI config table entry.
+++

However, in previous rounds Boris said [1] that if it's only
hypothetical support for other platforms, I should add a
"depends on AMD_MEM_ENCRYPT" clause. Boris, can you please share your view?

I'm indeed in favor of making this more generic (efi_secret sounds
good), allowing for future support for other early-boot secret injection
mechanisms.

[1] https://lore.kernel.org/linux-coco/YNojYBIwk0xCHQ0v@xxxxxxx/

-Dov

Next message: Greg Kroah-Hartman: "Re: [PATCH 0/9] Dynamic DT device nodes"
Previous message: Sergio Paracuellos: "Re: linux-next: build failure after merge of the staging tree"
Next in thread: Dov Murik: "Re: [PATCH v2 4/4] virt: Add sev_secret module to expose confidential computing secrets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]