Re: [PATCH] Ability to read the MKTME status from userspace (patch v2)
From: Borislav Petkov
Date: Thu Jun 25 2020 - 17:14:58 EST
On Thu, Jun 25, 2020 at 06:10:29PM -0300, Daniel Gutson wrote:
> The intent of this patch is to provide visibility of the
> MKTME status to userspace. This is an important factor for
> firmware security related applilcations.
>
> Changes since v1:
> * Documentation/ABI/stable/securityfs-mktme-status (new file)
> * include/uapi/misc/mktme_status.h (new file)
> * Fixed MAINTAINER title.
> * cpu.h: added values to the enumerands
> * Renamed the function from get_mktme_status to mktme_get_status
> * Improved Kconfig help
> * Removed unnecessary license-related lines since there is a SPDX line
> * Moved pr_fmt macro before the includes
> * Turned global variables (mktme_dir, mktme_file) as static
> * Removed BUFFER_SIZE macro
> * No longer returning -1 for error, but using the previously error.
> * No more pr_info for the normal behavior.
> * Renamed this from a kernel driver to a kernel module.
No, we don't want a module driver which, as Dave explained, tells you
exactly nothing whether encryption is actually enabled on the system.
Didn't that become clear from the thread last time?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette