Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

From: Borislav Petkov
Date: Thu Sep 22 2016 - 14:38:47 EST

Next message: SF Markus Elfring: "Re: GPU-DRM-TILCDC: Less function calls in tilcdc_convert_slave_node() after error detection"
Previous message: SF Markus Elfring: "[PATCH 12/14] GPU-DRM-TTM: Less function calls in ttm_dma_pool_init() after error detection"
In reply to: Paolo Bonzini: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Next in thread: Kai Huang: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 22, 2016 at 08:23:36PM +0200, Paolo Bonzini wrote:
> Unless this is part of some spec, it's easier if things are the same in
> SME and SEV.

Yeah, I was pondering over how sprinkling sev_active checks might not be
so clean.

I'm wondering if we could make the EFI regions presented to the guest
unencrypted too, as part of some SEV-specific init routine so that the
guest kernel doesn't need to do anything different.

--
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--

Next message: SF Markus Elfring: "Re: GPU-DRM-TILCDC: Less function calls in tilcdc_convert_slave_node() after error detection"
Previous message: SF Markus Elfring: "[PATCH 12/14] GPU-DRM-TTM: Less function calls in ttm_dma_pool_init() after error detection"
In reply to: Paolo Bonzini: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Next in thread: Kai Huang: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]