From: Greg KH <gregkh@linuxfoundation.org>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Ard Biesheuvel <ardb@kernel.org>,
James Bottomley <jejb@linux.ibm.com>,
Dov Murik <dovmurik@linux.ibm.com>,
linux-efi <linux-efi@vger.kernel.org>,
Borislav Petkov <bp@suse.de>, Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>, Andrew Scull <ascull@google.com>,
Dave Hansen <dave.hansen@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Peter Gonda <pgonda@google.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Jim Cadden <jcadden@ibm.com>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
linux-coco@lists.linux.dev,
linux-security-module@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nayna Jain <nayna@linux.ibm.com>,
dougmill@linux.vnet.ibm.com, gcwilson@linux.ibm.com,
gjoyce@ibm.com,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@lists.ozlabs.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Daniel Axtens <dja@axtens.net>
Subject: Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area
Date: Wed, 2 Feb 2022 09:25:10 +0100 [thread overview]
Message-ID: <Yfo/5gYgb9Sv24YB@kroah.com> (raw)
In-Reply-To: <20220202080401.GA9861@srcf.ucam.org>
On Wed, Feb 02, 2022 at 08:04:01AM +0000, Matthew Garrett wrote:
> On Wed, Feb 02, 2022 at 08:22:03AM +0100, Ard Biesheuvel wrote:
> > On Wed, 2 Feb 2022 at 08:10, Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> > > Which other examples are you thinking of? I think this conversation may
> > > have accidentally become conflated with a different prior one and now
> > > we're talking at cross purposes.
> >
> > This came up a while ago during review of one of the earlier revisions
> > of this patch set.
> >
> > https://lore.kernel.org/linux-efi/YRZuIIVIzMfgjtEl@google.com/
> >
> > which describes another two variations on the theme, for pKVM guests
> > as well as Android bare metal.
>
> Oh, I see! That makes much more sense - sorry, I wasn't Cc:ed on that,
> so thought this was related to the efivars/Power secure boot. My
> apologies, sorry for the noise. In that case, given the apparent
> agreement between the patch owners that a consistent interface would
> work for them, I think I agree with Greg that we should strive for that.
> Given the described behaviour of the Google implementation, it feels
> like the semantics in this implementation would be sufficient for them
> as well, but having confirmation of that would be helpful.
>
> On the other hand, I also agree that a new filesystem for this is
> overkill. I did that for efivarfs and I think the primary lesson from
> that is that people who aren't familiar with the vfs shouldn't be
> writing filesystems. Securityfs seems entirely reasonable, and it's
> consistent with other cases where we expose firmware-provided data
> that's security relevant.
>
> The only thing I personally struggle with here is whether "coco" is the
> best name for it, and whether there are reasonable use cases that
> wouldn't be directly related to confidential computing (eg, if the
> firmware on a bare-metal platform had a mechanism for exposing secrets
> to the OS based on some specific platform security state, it would seem
> reasonable to expose it via this mechanism but it may not be what we'd
> normally think of as Confidential Computing).
>
> But I'd also say that while we only have one implementation currently
> sending patches, it's fine for the code to live in that implementation
> and then be abstracted out once we have another.
Well right now the Android code looks the cleanest and should be about
ready to be merged into my tree.
But I can almost guarantee that that interface is not what anyone else
wants to use, so if you think somehow that everyone else is going to
want to deal with a char device node and a simple mmap, with a DT
description of the thing, hey, I'm all for it :)
Seriously, people need to come up with something sane or this is going
to be a total mess.
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: linux-efi <linux-efi@vger.kernel.org>,
Brijesh Singh <brijesh.singh@amd.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
gcwilson@linux.ibm.com, Ard Biesheuvel <ardb@kernel.org>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
Andi Kleen <ak@linux.intel.com>, Nayna Jain <nayna@linux.ibm.com>,
James Morris <jmorris@namei.org>,
Dov Murik <dovmurik@linux.ibm.com>, Jim Cadden <jcadden@ibm.com>,
Peter Gonda <pgonda@google.com>, Borislav Petkov <bp@suse.de>,
"Serge E. Hallyn" <serge@hallyn.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
dougmill@linux.vnet.ibm.com, James Bottomley <jejb@linux.ibm.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
linux-coco@lists.linux.dev, gjoyce@ibm.com,
Daniel Axtens <dja@axtens.net>,
Dave Hansen <dave.hansen@intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
"open list:LINUX FOR POWERPC \(32-BIT AND 64-BIT\)"
<linuxppc-dev@lists.ozlabs.org>, Andrew Scull <ascull@google.com>
Subject: Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area
Date: Wed, 2 Feb 2022 09:25:10 +0100 [thread overview]
Message-ID: <Yfo/5gYgb9Sv24YB@kroah.com> (raw)
In-Reply-To: <20220202080401.GA9861@srcf.ucam.org>
On Wed, Feb 02, 2022 at 08:04:01AM +0000, Matthew Garrett wrote:
> On Wed, Feb 02, 2022 at 08:22:03AM +0100, Ard Biesheuvel wrote:
> > On Wed, 2 Feb 2022 at 08:10, Matthew Garrett <mjg59@srcf.ucam.org> wrote:
> > > Which other examples are you thinking of? I think this conversation may
> > > have accidentally become conflated with a different prior one and now
> > > we're talking at cross purposes.
> >
> > This came up a while ago during review of one of the earlier revisions
> > of this patch set.
> >
> > https://lore.kernel.org/linux-efi/YRZuIIVIzMfgjtEl@google.com/
> >
> > which describes another two variations on the theme, for pKVM guests
> > as well as Android bare metal.
>
> Oh, I see! That makes much more sense - sorry, I wasn't Cc:ed on that,
> so thought this was related to the efivars/Power secure boot. My
> apologies, sorry for the noise. In that case, given the apparent
> agreement between the patch owners that a consistent interface would
> work for them, I think I agree with Greg that we should strive for that.
> Given the described behaviour of the Google implementation, it feels
> like the semantics in this implementation would be sufficient for them
> as well, but having confirmation of that would be helpful.
>
> On the other hand, I also agree that a new filesystem for this is
> overkill. I did that for efivarfs and I think the primary lesson from
> that is that people who aren't familiar with the vfs shouldn't be
> writing filesystems. Securityfs seems entirely reasonable, and it's
> consistent with other cases where we expose firmware-provided data
> that's security relevant.
>
> The only thing I personally struggle with here is whether "coco" is the
> best name for it, and whether there are reasonable use cases that
> wouldn't be directly related to confidential computing (eg, if the
> firmware on a bare-metal platform had a mechanism for exposing secrets
> to the OS based on some specific platform security state, it would seem
> reasonable to expose it via this mechanism but it may not be what we'd
> normally think of as Confidential Computing).
>
> But I'd also say that while we only have one implementation currently
> sending patches, it's fine for the code to live in that implementation
> and then be abstracted out once we have another.
Well right now the Android code looks the cleanest and should be about
ready to be merged into my tree.
But I can almost guarantee that that interface is not what anyone else
wants to use, so if you think somehow that everyone else is going to
want to deal with a char device node and a simple mmap, with a DT
description of the thing, hey, I'm all for it :)
Seriously, people need to come up with something sane or this is going
to be a total mess.
thanks,
greg k-h
next prev parent reply other threads:[~2022-02-02 8:25 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-01 12:44 [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area Dov Murik
2022-02-01 12:44 ` [PATCH v7 1/5] efi: Save location of EFI confidential computing area Dov Murik
2022-02-02 8:38 ` Gerd Hoffmann
2022-02-01 12:44 ` [PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area Dov Murik
2022-02-02 8:41 ` Gerd Hoffmann
2022-02-02 11:13 ` Dov Murik
2022-02-01 12:44 ` [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2022-02-02 8:45 ` Gerd Hoffmann
2022-02-02 10:55 ` Dov Murik
2022-02-01 12:44 ` [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated Dov Murik
2022-02-02 8:47 ` Gerd Hoffmann
2022-02-02 11:08 ` Dov Murik
2022-02-02 14:31 ` Gerd Hoffmann
2022-02-02 15:09 ` Dov Murik
2022-02-03 6:16 ` Gerd Hoffmann
2022-02-03 11:03 ` Dov Murik
2022-02-03 12:11 ` Gerd Hoffmann
2022-02-01 12:44 ` [PATCH v7 5/5] docs: security: Add coco/efi_secret documentation Dov Murik
2022-02-02 8:49 ` Gerd Hoffmann
2022-02-02 11:19 ` Dov Murik
2022-02-01 13:50 ` [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area Greg KH
2022-02-01 14:24 ` James Bottomley
2022-02-01 14:24 ` James Bottomley
2022-02-01 14:41 ` Greg KH
2022-02-01 14:41 ` Greg KH
2022-02-01 15:05 ` James Bottomley
2022-02-01 15:05 ` James Bottomley
2022-02-01 18:07 ` Dr. David Alan Gilbert
2022-02-01 18:07 ` Dr. David Alan Gilbert
2022-02-02 4:01 ` Matthew Garrett
2022-02-02 4:01 ` Matthew Garrett
2022-02-02 6:10 ` Greg KH
2022-02-02 6:10 ` Greg KH
2022-02-02 6:54 ` Matthew Garrett
2022-02-02 6:54 ` Matthew Garrett
2022-02-02 7:05 ` Greg KH
2022-02-02 7:05 ` Greg KH
2022-02-02 7:10 ` Matthew Garrett
2022-02-02 7:10 ` Matthew Garrett
2022-02-02 7:22 ` Ard Biesheuvel
2022-02-02 7:22 ` Ard Biesheuvel
2022-02-02 8:04 ` Matthew Garrett
2022-02-02 8:04 ` Matthew Garrett
2022-02-02 8:25 ` Greg KH [this message]
2022-02-02 8:25 ` Greg KH
2022-02-09 0:19 ` Nayna
2022-02-09 0:25 ` Nayna
2022-02-09 0:25 ` Nayna
2022-02-02 8:36 ` Gerd Hoffmann
2022-02-02 8:36 ` Gerd Hoffmann
2022-02-02 8:45 ` Matthew Garrett
2022-02-02 8:45 ` Matthew Garrett
2022-02-07 18:50 ` Dov Murik
2022-02-07 18:50 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yfo/5gYgb9Sv24YB@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ascull@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=dgilbert@redhat.com \
--cc=dja@axtens.net \
--cc=dougmill@linux.vnet.ibm.com \
--cc=dovmurik@linux.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gjoyce@ibm.com \
--cc=jcadden@ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kraxel@redhat.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lszubowi@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=pgonda@google.com \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.