On Wed, Oct 20, 2021 at 08:00:28AM -0400, James Bottomley wrote: > On Wed, 2021-10-20 at 08:39 +0200, Greg KH wrote: > > On Wed, Oct 20, 2021 at 06:14:06AM +0000, Dov Murik wrote: > [...] > > > + help > > > + Copy memory reserved by EFI for Confidential Computing (coco) > > > + injected secrets, if EFI exposes such a table entry. > > > > Why would you want to "copy" secret memory? > > > > This sounds really odd here, it sounds like you are opening up a > > security hole. Are you sure this is the correct text that everyone > > on the "COCO" group agrees with? > > The way this works is that EFI covers the secret area with a boot time > handoff block, which means it gets destroyed as soon as > ExitBootServices is called as a security measure ... if you do nothing > the secret is shredded. This means you need to make a copy of it > before that happens if there are secrets that need to live beyond the > EFI boot stub. Ok, but "copy secrets" does sound really odd, so you all need a much better description here, and hopefully somewhere else in Documentation/ to describe exactly what this new API is and is to be used for. Otherwise I read this as "hey a backdoor to read the secrets I wasn't supposed to be able to see!" thanks, greg k-h
