Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD) · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
Re: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Brijesh Singh <hidden> · 2016-10-17
Re: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-17
Re: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Brijesh Singh <hidden> · 2016-10-18
Re: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-18
[RFC PATCH v1 23/28] KVM: SVM: add SEV launch update command · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 24/28] KVM: SVM: add SEV_LAUNCH_FINISH command · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 24/28] KVM: SVM: add SEV_LAUNCH_FINISH command · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
[RFC PATCH v1 25/28] KVM: SVM: add KVM_SEV_GUEST_STATUS command · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 27/28] KVM: SVM: add KVM_SEV_DEBUG_ENCRYPT command · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 28/28] KVM: SVM: add command to query SEV API version · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 03/28] kvm: svm: Use the hardware provided GPA instead of page walk · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 03/28] kvm: svm: Use the hardware provided GPA instead of page walk · Borislav Petkov <hidden> · 2016-09-21
[RFC PATCH v1 01/28] kvm: svm: Add support for additional SVM NPF error codes · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 01/28] kvm: svm: Add support for additional SVM NPF error codes · Borislav Petkov <hidden> · 2016-09-13
[RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Kai Huang <hidden> · 2016-09-23
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-23
[RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is enabled · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver · Herbert Xu <herbert@gondor.apana.org.au> · 2016-08-23
Re: [RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver · Tom Lendacky <thomas.lendacky@amd.com> · 2016-08-24
[RFC PATCH v1 17/28] KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
[RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support · Borislav Petkov <hidden> · 2016-09-22
[RFC PATCH v1 12/28] x86: DMA support for SEV memory encryption · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 02/28] kvm: svm: Add kvm_fast_pio_in support · Brijesh Singh <hidden> · 2016-08-22
Re: [RFC PATCH v1 02/28] kvm: svm: Add kvm_fast_pio_in support · Borislav Petkov <hidden> · 2016-09-21
[RFC PATCH v1 13/28] iommu/amd: AMD IOMMU support for SEV · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 06/28] KVM: SVM: Add SEV feature definitions to KVM · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 14/28] x86: Don't set the SME MSR bit when SEV is active · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active · Brijesh Singh <hidden> · 2016-08-22
[RFC PATCH v1 16/28] x86: Add support to determine if running with SEV enabled · Brijesh Singh <hidden> · 2016-08-23
[RFC PATCH v1 10/28] x86: Change early_ioremap to early_memremap for BOOT data · Brijesh Singh <hidden> · 2016-08-23
[RFC PATCH v1 15/28] x86: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2016-08-23
[RFC PATCH v1 20/28] KVM: SVM: prepare for SEV guest management API support · Brijesh Singh <hidden> · 2016-08-23
Re: [RFC PATCH v1 20/28] KVM: SVM: prepare for SEV guest management API support · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
[RFC PATCH v1 19/28] KVM: SVM: prepare to reserve asid for SEV guest · Brijesh Singh <hidden> · 2016-08-23
Re: [RFC PATCH v1 19/28] KVM: SVM: prepare to reserve asid for SEV guest · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
[RFC PATCH v1 26/28] KVM: SVM: add KVM_SEV_DEBUG_DECRYPT command · Brijesh Singh <hidden> · 2016-08-23
[RFC PATCH v1 05/28] KVM: SVM: prepare for new bit definition in nested_ctl · Brijesh Singh <hidden> · 2016-08-23
Re: [RFC PATCH v1 05/28] KVM: SVM: prepare for new bit definition in nested_ctl · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD) · Paolo Bonzini <pbonzini@redhat.com> · 2016-10-13
Re: [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD) · Brijesh Singh <hidden> · 2016-10-17

From: Paolo Bonzini <hidden>
Date: 2016-09-22 18:44:15
Also in: linux-efi, linux-mm


On 22/09/2016 20:37, Borislav Petkov wrote:

quoted

Unless this is part of some spec, it's easier if things are the same in
SME and SEV.

Yeah, I was pondering over how sprinkling sev_active checks might not be
so clean.

I'm wondering if we could make the EFI regions presented to the guest
unencrypted too, as part of some SEV-specific init routine so that the
guest kernel doesn't need to do anything different.

That too, but why not fix it in the firmware?...  (Again, if there's any
MSFT guy looking at this offlist, let's involve him in the discussion).

Paolo

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help