From: Gerd Hoffmann <kraxel@redhat.com>
To: Dov Murik <dovmurik@linux.ibm.com>
Cc: linux-efi@vger.kernel.org, Borislav Petkov <bp@suse.de>,
Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>,
Greg KH <gregkh@linuxfoundation.org>,
Andrew Scull <ascull@google.com>,
Dave Hansen <dave.hansen@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Peter Gonda <pgonda@google.com>,
Matthew Garrett <mjg59@srcf.ucam.org>,
James Bottomley <jejb@linux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Jim Cadden <jcadden@ibm.com>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
linux-coco@lists.linux.dev,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v9 3/4] efi: Register efi_secret platform device if EFI secret area is declared
Date: Thu, 7 Apr 2022 12:37:17 +0200 [thread overview]
Message-ID: <20220407103717.s2t72bzv2th6k6f2@sirius.home.kraxel.org> (raw)
In-Reply-To: <20220331215607.3182232-4-dovmurik@linux.ibm.com>
On Thu, Mar 31, 2022 at 09:56:06PM +0000, Dov Murik wrote:
> During efi initialization, check if coco_secret is defined in the EFI
> configuration table; in such case, register platform device
> "efi_secret". This allows udev to automatically load the efi_secret
> module (platform driver), which in turn will populate the
> <securityfs>/secrets/coco directory in guests into which secrets were
> injected.
>
> Note that a declared address of an EFI secret area doesn't mean that
> secrets where indeed injected to that area; if the secret area is not
> populated, the driver will not load (but the platform device will still
> be registered).
>
> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
next prev parent reply other threads:[~2022-04-07 10:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-31 21:56 [PATCH v9 0/4] Allow guest access to EFI confidential computing secret area Dov Murik
2022-03-31 21:56 ` [PATCH v9 1/4] efi: Save location of EFI confidential computing area Dov Murik
2022-03-31 21:56 ` [PATCH v9 2/4] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2022-04-07 10:36 ` Gerd Hoffmann
2022-03-31 21:56 ` [PATCH v9 3/4] efi: Register efi_secret platform device if EFI secret area is declared Dov Murik
2022-04-01 5:15 ` Dov Murik
2022-04-07 10:37 ` Gerd Hoffmann [this message]
2022-03-31 21:56 ` [PATCH v9 4/4] docs: security: Add secrets/coco documentation Dov Murik
2022-04-12 10:02 ` [PATCH v9 0/4] Allow guest access to EFI confidential computing secret area Dov Murik
2022-04-12 10:04 ` Ard Biesheuvel
2022-04-12 11:18 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220407103717.s2t72bzv2th6k6f2@sirius.home.kraxel.org \
--to=kraxel@redhat.com \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ascull@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=dgilbert@redhat.com \
--cc=dovmurik@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jcadden@ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lszubowi@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=pgonda@google.com \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.