From: James Bottomley <jejb@linux.ibm.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Dov Murik <dovmurik@linux.ibm.com>,
linux-efi@vger.kernel.org, Borislav Petkov <bp@suse.de>,
Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>, Andrew Scull <ascull@google.com>,
Dave Hansen <dave.hansen@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Peter Gonda <pgonda@google.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Jim Cadden <jcadden@ibm.com>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
linux-coco@lists.linux.dev,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Nayna Jain <nayna@linux.ibm.com>,
dougmill@linux.vnet.ibm.com, gcwilson@linux.ibm.com,
gjoyce@ibm.com, linuxppc-dev@lists.ozlabs.org,
mjg59@srcf.ucam.org, mpe@ellerman.id.au, dja@axtens.net
Subject: Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area
Date: Tue, 01 Feb 2022 10:05:08 -0500 [thread overview]
Message-ID: <936285f4de4520c1fa9e594ca5e912ea766c127b.camel@linux.ibm.com> (raw)
In-Reply-To: <YflGkNwyI6LUSVVk@kroah.com>
On Tue, 2022-02-01 at 15:41 +0100, Greg KH wrote:
> On Tue, Feb 01, 2022 at 09:24:50AM -0500, James Bottomley wrote:
> > [cc's added]
> > On Tue, 2022-02-01 at 14:50 +0100, Greg KH wrote:
[...]
> > > You all need to work together to come up with a unified place for
> > > this and stop making it platform-specific.
> >
> > I'm not entirely sure of that. If you look at the differences
> > between EFI variables and the COCO proposal: the former has an
> > update API which, in the case of signed variables, is rather
> > complex and a UC16 content requirement. The latter is binary data
> > with read only/delete. Plus each variable in EFI is described by a
> > GUID, so having a directory of random guids, some of which behave
> > like COCO secrets and some of which are EFI variables is going to
> > be incredibly confusing (and also break all our current listing
> > tools which seems somewhat undesirable).
> >
> > So we could end up with
> >
> > <common path prefix>/efivar
> > <common path prefix>/coco
>
> The powerpc stuff is not efi. But yes, that is messy here. But why
> doesn't the powerpc follow the coco standard?
There is no coco standard for EFI variables. There's only a UEFI
variable standard which, I believe, power tries to follow in some
measure since the variables are mostly used for its version of secure
boot. Certainly you're either a power or UEFI platform but not both,
so they could live at the same location ... that's not true with the
coco ones. I added the cc's to see if there are other ideas, but I
really think the use cases are too disjoint.
As Daniel has previously proposed, it might be possible to unify the
power and UEFI implementations ... useful if we want them to respond to
the same tooling, but we'll do that by giving them the same EFI
semantics. The semantics and source of the coco secrets will still be
immutable and completely alien to whatever backend does the non
volatile power/efi authenticated variables, so we'll still need two
different backends and then it's just a question of arguing about path,
which doesn't make sense as a blocker.
> > To achieve the separation, but I really don't see what this buys
> > us. Both filesystems would likely end up with different backends
> > because of the semantic differences and we can easily start now in
> > different places (effectively we've already done this for efi
> > variables) and unify later if that is the chosen direction, so it
> > doesn't look like a blocker.
> >
> > > Until then, we can't take this.
> >
> > I don't believe anyone was asking you to take it.
>
> I was on the review list...
You raised a doc/API concenrn. I think you were on the review list to
ensure it got addressed.
James
next prev parent reply other threads:[~2022-02-01 15:06 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-01 12:44 [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area Dov Murik
2022-02-01 12:44 ` [PATCH v7 1/5] efi: Save location of EFI confidential computing area Dov Murik
2022-02-02 8:38 ` Gerd Hoffmann
2022-02-01 12:44 ` [PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area Dov Murik
2022-02-02 8:41 ` Gerd Hoffmann
2022-02-02 11:13 ` Dov Murik
2022-02-01 12:44 ` [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2022-02-02 8:45 ` Gerd Hoffmann
2022-02-02 10:55 ` Dov Murik
2022-02-01 12:44 ` [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated Dov Murik
2022-02-02 8:47 ` Gerd Hoffmann
2022-02-02 11:08 ` Dov Murik
2022-02-02 14:31 ` Gerd Hoffmann
2022-02-02 15:09 ` Dov Murik
2022-02-03 6:16 ` Gerd Hoffmann
2022-02-03 11:03 ` Dov Murik
2022-02-03 12:11 ` Gerd Hoffmann
2022-02-01 12:44 ` [PATCH v7 5/5] docs: security: Add coco/efi_secret documentation Dov Murik
2022-02-02 8:49 ` Gerd Hoffmann
2022-02-02 11:19 ` Dov Murik
2022-02-01 13:50 ` [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area Greg KH
2022-02-01 14:24 ` James Bottomley
2022-02-01 14:41 ` Greg KH
2022-02-01 15:05 ` James Bottomley [this message]
2022-02-01 18:07 ` Dr. David Alan Gilbert
2022-02-02 4:01 ` Matthew Garrett
2022-02-02 6:10 ` Greg KH
2022-02-02 6:54 ` Matthew Garrett
2022-02-02 7:05 ` Greg KH
2022-02-02 7:10 ` Matthew Garrett
2022-02-02 7:22 ` Ard Biesheuvel
2022-02-02 8:04 ` Matthew Garrett
2022-02-02 8:25 ` Greg KH
2022-02-09 0:25 ` Nayna
2022-02-02 8:36 ` Gerd Hoffmann
2022-02-02 8:45 ` Matthew Garrett
2022-02-07 18:50 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=936285f4de4520c1fa9e594ca5e912ea766c127b.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ascull@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=dgilbert@redhat.com \
--cc=dja@axtens.net \
--cc=dougmill@linux.vnet.ibm.com \
--cc=dovmurik@linux.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gjoyce@ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jcadden@ibm.com \
--cc=jmorris@namei.org \
--cc=kraxel@redhat.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lszubowi@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=pgonda@google.com \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).