Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Tom Lendacky <thomas.lendacky@xxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Brijesh Singh <brijesh.singh@xxxxxxx>
Subject: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Thu, 22 Sep 2016 20:23:36 +0200
Cc: simon.guinot@xxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, rkrcmar@xxxxxxxxxx, matt@xxxxxxxxxxxxxxxxxxx, linus.walleij@xxxxxxxxxx, linux-mm@xxxxxxxxx, paul.gortmaker@xxxxxxxxxxxxx, hpa@xxxxxxxxx, dan.j.williams@xxxxxxxxx, aarcange@xxxxxxxxxx, sfr@xxxxxxxxxxxxxxxx, andriy.shevchenko@xxxxxxxxxxxxxxx, herbert@xxxxxxxxxxxxxxxxxxx, bhe@xxxxxxxxxx, xemul@xxxxxxxxxxxxx, joro@xxxxxxxxxx, x86@xxxxxxxxxx, mingo@xxxxxxxxxx, msalter@xxxxxxxxxx, ross.zwisler@xxxxxxxxxxxxxxx, dyoung@xxxxxxxxxx, jroedel@xxxxxxx, keescook@xxxxxxxxxxxx, toshi.kani@xxxxxxx, mathieu.desnoyers@xxxxxxxxxxxx, devel@xxxxxxxxxxxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mchehab@xxxxxxxxxx, iamjoonsoo.kim@xxxxxxx, labbott@xxxxxxxxxxxxxxxxx, tony.luck@xxxxxxxxx, alexandre.bounine@xxxxxxx, kuleshovmail@xxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, mcgrof@xxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx
In-reply-to: <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> <147190832511.9523.10850626471583956499.stgit@brijesh-build-machine> <20160922143545.3kl7khff6vqk7b2t@pd.tnic> <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0


On 22/09/2016 19:46, Tom Lendacky wrote:
>> > Do you mean, it is encrypted here because we're in the guest kernel?
> Yes, the idea is that the SEV guest will be running encrypted from the
> start, including the BIOS/UEFI, and so all of the EFI related data will
> be encrypted.

Unless this is part of some spec, it's easier if things are the same in
SME and SEV.

Paolo

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>

Follow-Ups:
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov

References:
- [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)
  - From: Brijesh Singh
- [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Brijesh Singh
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Tom Lendacky

Prev by Date: Re: [PATCH v3] mm/hugetlb: fix memory offline with hugepage size > memory block size
Next by Date: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Previous by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Next by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]