Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area

From: Matthew Garrett
Date: Wed Feb 02 2022 - 03:45:42 EST

Next message: Javier Martinez Canillas: "Re: [PATCH 1/4] drm: Add I2C connector type"
Previous message: Gerd Hoffmann: "Re: [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets"
In reply to: Gerd Hoffmann: "Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area"
Next in thread: Dov Murik: "Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 02, 2022 at 09:36:53AM +0100, Gerd Hoffmann wrote:

> Having a "secrets/" directory looks good to me. Then the individual
> implementations can either add files to the directory, i.e. efi_secrets
> would create "secrets/<guid>" files. Or each implementation creates a
> subdirectory with the secrets, i.e. "secrets/coco/" and
> "secrets/coco/<guid>".

I prefer a subdirectory, on the basis that we could conceivably end up
with more than one implementation on a single device at some point, and
also because it makes it trivial for userland to determine what the
source is which may make a semantic difference under certain
circumstances.

> Longer-term (i.e once we have more than one implementation) we probably
> need a separate module which owns and manages the "secrets/" directory,
> and possibly provides some common helper functions too.

Agree.

Next message: Javier Martinez Canillas: "Re: [PATCH 1/4] drm: Add I2C connector type"
Previous message: Gerd Hoffmann: "Re: [PATCH v7 3/5] virt: Add efi_secret module to expose confidential computing secrets"
In reply to: Gerd Hoffmann: "Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area"
Next in thread: Dov Murik: "Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]