Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 23/09/16 06:37, Borislav Petkov wrote:
On Thu, Sep 22, 2016 at 08:23:36PM +0200, Paolo Bonzini wrote:
Unless this is part of some spec, it's easier if things are the same in
SME and SEV.
Yeah, I was pondering over how sprinkling sev_active checks might not be
so clean.

I'm wondering if we could make the EFI regions presented to the guest
unencrypted too, as part of some SEV-specific init routine so that the
guest kernel doesn't need to do anything different.
How is this even possible? The spec clearly says under SEV only in long mode or PAE mode guest can control whether memory is encrypted via c-bit, and in other modes guest will be always in encrypted mode. Guest EFI is also virtual, so are you suggesting EFI code (or code which loads EFI) should also be modified to load EFI as unencrypted? Looks it's not even possible to happen.

Thanks,
-Kai


_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux