Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 08, 2022 at 09:56:52AM +0200, Dov Murik wrote:
> Just to be clear, I didn't mean necessarily "leak the key to the
> untrusted host" (even if a page is converted back from private to
> shared, it is encrypted, so host can't read its contents).  But even
> *inside* the guest, when dealing with sensitive data like keys, we
> should minimize the amount of copies that float around (I assume this is
> the reason for most of the uses of memzero_explicit() in the kernel).

I don't know about Brijesh but I understood you exactly as you mean it.
And yap, I agree we should always clear such sensitive buffers.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux