Re: [PATCH] crypto: ccp: add SEV command privilege separation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 12, 2019 at 01:58:34PM -0600, Brijesh Singh wrote:
> Currently, there is no privilege separation of the SEV command; you can
> run them all or none of them. This is less than ideal because it means
> that a compromise of the code which launches VMs could make permanent
> change to the SEV certifcate chain which will affect others.
> 
> These commands are required to attest the VM environment:
>  - SEV_PDH_CERT_EXPORT
>  - SEV_PLATFORM_STATUS
>  - SEV_GET_{ID,ID2}
> 
> These commands manage the SEV certificate chain:
>  - SEV_PEK_CERR_IMPORT
>  - SEV_FACTORY_RESET
>  - SEV_PEK_GEN
>  - SEV_PEK_CSR
>  - SEV_PDH_GEN
> 
> Lets add the CAP_SYS_ADMIN check for the group of the commands which alters
> the SEV certificate chain to provide some level of privilege separation.
> 
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: Gary Hook <gary.hook@xxxxxxx>
> Cc: Erdem Aktas <erdemaktas@xxxxxxxxxx>
> Cc: Tom Lendacky <Thomas.Lendacky@xxxxxxx>
> Tested-by: David Rientjes <rientjes@xxxxxxxxxx>
> Co-developed-by: David Rientjes <rientjes@xxxxxxxxxx>
> Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
>  drivers/crypto/ccp/psp-dev.c | 29 ++++++++++++++++++++++-------
>  drivers/crypto/ccp/psp-dev.h |  1 +
>  2 files changed, 23 insertions(+), 7 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux