Re: [RFC PATCH 0/3] Allow access to confidential computing secret area

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 5/24/2021 5:08 AM, Dr. David Alan Gilbert wrote:
* Andi K
Is there any way we could merge these two so that the TDX/SVKL would
look similar to SEV/ES to userspace?  If we needed some initrd glue here
for luks it would be great if we could have one piece of glue.
[I'm not sure if the numbering/naming of the secrets, and their format
are defined in the same way]
Maybe. There might well be differences in the contents as you say. So far SVKL doesn't really exist yet,  initially there will be the initrd based agents. The agents definitely will need to know about TDX.

Do you think the ioctl is preferable to read+ftruncate/unlink ?
And if it was an ioctl, again could we get some standardisation here -
i.e.
maybe a /dev/confguest with a CONF_COMP_GET_KEY etc ?

The advantage of the two ioctls is that they are very simple. Anything with a file system would be a lot more complicated. For security related code simplicity is a virtue.

Also since it's a really simple read and clear model I don't expect the value to be used widely, since it will be gone after boot anyways.

-andi






[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux