On Tue, Nov 12, 2019 at 01:58:34PM -0600, Brijesh Singh wrote: > Currently, there is no privilege separation of the SEV command; you can > run them all or none of them. This is less than ideal because it means > that a compromise of the code which launches VMs could make permanent > change to the SEV certifcate chain which will affect others. > > These commands are required to attest the VM environment: > - SEV_PDH_CERT_EXPORT > - SEV_PLATFORM_STATUS > - SEV_GET_{ID,ID2} > > These commands manage the SEV certificate chain: > - SEV_PEK_CERR_IMPORT > - SEV_FACTORY_RESET > - SEV_PEK_GEN > - SEV_PEK_CSR > - SEV_PDH_GEN > > Lets add the CAP_SYS_ADMIN check for the group of the commands which alters > the SEV certificate chain to provide some level of privilege separation. > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: Gary Hook <gary.hook@xxxxxxx> > Cc: Erdem Aktas <erdemaktas@xxxxxxxxxx> > Cc: Tom Lendacky <Thomas.Lendacky@xxxxxxx> > Tested-by: David Rientjes <rientjes@xxxxxxxxxx> > Co-developed-by: David Rientjes <rientjes@xxxxxxxxxx> > Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx> > Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> > --- > drivers/crypto/ccp/psp-dev.c | 29 ++++++++++++++++++++++------- > drivers/crypto/ccp/psp-dev.h | 1 + > 2 files changed, 23 insertions(+), 7 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt