Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area

[PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Dov Murik <hidden> · 2022-02-01
[PATCH v7 1/5] efi: Save location of EFI confidential computing area · Dov Murik <hidden> · 2022-02-01
Re: [PATCH v7 1/5] efi: Save location of EFI confidential computing area · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
[PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area · Dov Murik <hidden> · 2022-02-01
Re: [PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 2/5] efi/libstub: Reserve confidential computing secret area · Dov Murik <hidden> · 2022-02-02
[PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Dov Murik <hidden> · 2022-02-01
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Dov Murik <hidden> · 2022-02-02
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Dov Murik <hidden> · 2022-02-02
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-03
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Dov Murik <hidden> · 2022-02-03
Re: [PATCH v7 4/5] efi: Load efi_secret module if EFI secret area is populated · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-03
[PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets · Dov Murik <hidden> · 2022-02-01
Re: [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets · Dov Murik <hidden> · 2022-02-02
[PATCH v7 5/5] docs: security: Add coco/efi_secret documentation · Dov Murik <hidden> · 2022-02-01
Re: [PATCH v7 5/5] docs: security: Add coco/efi_secret documentation · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 5/5] docs: security: Add coco/efi_secret documentation · Dov Murik <hidden> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Greg KH <gregkh@linuxfoundation.org> · 2022-02-01
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · James Bottomley <hidden> · 2022-02-01
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Greg KH <gregkh@linuxfoundation.org> · 2022-02-01
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · James Bottomley <hidden> · 2022-02-01
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Dr. David Alan Gilbert <hidden> · 2022-02-01
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Matthew Garrett <mjg59@srcf.ucam.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Greg KH <gregkh@linuxfoundation.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Matthew Garrett <mjg59@srcf.ucam.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Greg KH <gregkh@linuxfoundation.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Matthew Garrett <mjg59@srcf.ucam.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Ard Biesheuvel <ardb@kernel.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Matthew Garrett <mjg59@srcf.ucam.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Greg KH <gregkh@linuxfoundation.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Nayna <hidden> · 2022-02-09
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Gerd Hoffmann <kraxel@redhat.com> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Matthew Garrett <mjg59@srcf.ucam.org> · 2022-02-02
Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area · Dov Murik <hidden> · 2022-02-07

From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: 2022-02-02 08:04:07
Also in: linux-coco, linux-efi, linuxppc-dev, lkml

On Wed, Feb 02, 2022 at 08:22:03AM +0100, Ard Biesheuvel wrote:

On Wed, 2 Feb 2022 at 08:10, Matthew Garrett [off-list ref] wrote:

quoted

Which other examples are you thinking of? I think this conversation may
have accidentally become conflated with a different prior one and now
we're talking at cross purposes.

This came up a while ago during review of one of the earlier revisions
of this patch set.

https://lore.kernel.org/linux-efi/YRZuIIVIzMfgjtEl@google.com/ (local)

which describes another two variations on the theme, for pKVM guests
as well as Android bare metal.

Oh, I see! That makes much more sense - sorry, I wasn't Cc:ed on that, 
so thought this was related to the efivars/Power secure boot. My 
apologies, sorry for the noise. In that case, given the apparent 
agreement between the patch owners that a consistent interface would 
work for them, I think I agree with Greg that we should strive for that. 
Given the described behaviour of the Google implementation, it feels 
like the semantics in this implementation would be sufficient for them 
as well, but having confirmation of that would be helpful.

On the other hand, I also agree that a new filesystem for this is 
overkill. I did that for efivarfs and I think the primary lesson from 
that is that people who aren't familiar with the vfs shouldn't be 
writing filesystems. Securityfs seems entirely reasonable, and it's 
consistent with other cases where we expose firmware-provided data 
that's security relevant.

The only thing I personally struggle with here is whether "coco" is the 
best name for it, and whether there are reasonable use cases that 
wouldn't be directly related to confidential computing (eg, if the 
firmware on a bare-metal platform had a mechanism for exposing secrets 
to the OS based on some specific platform security state, it would seem 
reasonable to expose it via this mechanism but it may not be what we'd 
normally think of as Confidential Computing).

But I'd also say that while we only have one implementation currently 
sending patches, it's fine for the code to live in that implementation 
and then be abstracted out once we have another.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help