Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

(off-list ancestor, not in this archive)
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Paolo Bonzini <pbonzini@redhat.com> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-22
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Kai Huang <hidden> · 2016-09-23
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2016-09-23

From: Borislav Petkov <hidden>
Date: 2016-09-23 09:50:36
Also in: kvm, linux-efi, linux-mm, lkml

On Fri, Sep 23, 2016 at 09:33:00PM +1200, Kai Huang wrote:

How is this even possible? The spec clearly says under SEV only in long mode
or PAE mode guest can control whether memory is encrypted via c-bit, and in
other modes guest will be always in encrypted mode.

I was suggesting the hypervisor supplies the EFI ranges unencrypted. But
that is not a good idea because firmware data is exposed then, see same
thread from yesterday.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help