Re: [PATCH v3 0/4] Export PSP security attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 31, 2022 at 04:12:09PM -0500, Mario Limonciello wrote:
> Select AMD SOCs include the ability to export capabilities that
> have been activated or detected by the platform security processor.
> 
> This information is useful for both system designers as well as system
> administrators to ensure that the system has been properly locked down
> to their expectations.
> 
> Software such as fwupd will also be modified to use this information
> as part of the calculations for a security level score that may be
> presented to a user.
> 
> This series also adds the ability to detect that TSME and SME are both
> activated simultaneously to notify a user.  Previously a user could turn
> on TSME and SME at the same time, but the kernel was unable to detect
> that TSME was enabled in the OS.
> 
> This information is evaluated "too late" right now in the kernel to stop
> the kernel from enabling SME, but if that is desirable at a later time
> some of the early code can be modified to read the same information and
> make that decision.
> 
> Mario Limonciello (4):
>   crypto: ccp: cache capability into psp device
>   crypto: ccp: Export PSP security bits to userspace
>   crypto: ccp: Allow PSP driver to load without SEV/TEE support
>   crypto: ccp: When TSME and SME both detected notify user
> 
>  Documentation/ABI/testing/sysfs-driver-ccp | 87 ++++++++++++++++++++++
>  drivers/crypto/ccp/psp-dev.c               | 49 +++++-------
>  drivers/crypto/ccp/psp-dev.h               | 22 ++++++
>  drivers/crypto/ccp/sp-pci.c                | 62 +++++++++++++++
>  4 files changed, 189 insertions(+), 31 deletions(-)
>  create mode 100644 Documentation/ABI/testing/sysfs-driver-ccp

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux