Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Thu, 22 Sep 2016 20:23:36 +0200
Cc: simon.guinot@xxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, rkrcmar@xxxxxxxxxx, matt@xxxxxxxxxxxxxxxxxxx, linus.walleij@xxxxxxxxxx, linux-mm@xxxxxxxxx, paul.gortmaker@xxxxxxxxxxxxx, hpa@xxxxxxxxx, dan.j.williams@xxxxxxxxx, aarcange@xxxxxxxxxx, sfr@xxxxxxxxxxxxxxxx, andriy.shevchenko@xxxxxxxxxxxxxxx, herbert@xxxxxxxxxxxxxxxxxxx, bhe@xxxxxxxxxx, xemul@xxxxxxxxxxxxx, joro@xxxxxxxxxx, x86@xxxxxxxxxx, mingo@xxxxxxxxxx, msalter@xxxxxxxxxx, ross.zwisler@xxxxxxxxxxxxxxx, dyoung@xxxxxxxxxx, jroedel@xxxxxxx, keescook@xxxxxxxxxxxx, toshi.kani@xxxxxxx, mathieu.desnoyers@xxxxxxxxxxxx, devel@xxxxxxxxxxxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mchehab@xxxxxxxxxx, iamjoonsoo.kim@xxxxxxx, labbott@xxxxxxxxxxxxxxxxx, tony.luck@xxxxxxxxx, alexandre.bounine@xxxxxxx, kuleshovmail@xxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, mcgrof@xxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx
In-reply-to: <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> <147190832511.9523.10850626471583956499.stgit@brijesh-build-machine> <20160922143545.3kl7khff6vqk7b2t@pd.tnic> <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0


On 22/09/2016 19:46, Tom Lendacky wrote:
>> > Do you mean, it is encrypted here because we're in the guest kernel?
> Yes, the idea is that the SEV guest will be running encrypted from the
> start, including the BIOS/UEFI, and so all of the EFI related data will
> be encrypted.

Unless this is part of some spec, it's easier if things are the same in
SME and SEV.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov

References:
- [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)
  - From: Brijesh Singh
- [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Brijesh Singh
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Tom Lendacky

Prev by Date: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Next by Date: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Previous by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Next by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Index(es):
- Date
- Thread

[Index of Archives] [Kernel] [Gnu Classpath] [Gnu Crypto] [DM Crypt] [Netfilter] [Bugtraq]