Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key

From: Borislav Petkov
Date: Tue Feb 08 2022 - 06:31:44 EST

Next message: Chao Yu: "[PATCH RFC] f2fs: sync node page without cp_rwsem during block_operations()"
Previous message: Mel Gorman: "Re: [PATCH] sched/fair: Consider cpu affinity when allowing NUMA imbalance in find_idlest_group"
In reply to: Dov Murik: "Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key"
Next in thread: Brijesh Singh: "Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 08, 2022 at 09:56:52AM +0200, Dov Murik wrote:
> Just to be clear, I didn't mean necessarily "leak the key to the
> untrusted host" (even if a page is converted back from private to
> shared, it is encrypted, so host can't read its contents). But even
> *inside* the guest, when dealing with sensitive data like keys, we
> should minimize the amount of copies that float around (I assume this is
> the reason for most of the uses of memzero_explicit() in the kernel).

I don't know about Brijesh but I understood you exactly as you mean it.
And yap, I agree we should always clear such sensitive buffers.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Chao Yu: "[PATCH RFC] f2fs: sync node page without cp_rwsem during block_operations()"
Previous message: Mel Gorman: "Re: [PATCH] sched/fair: Consider cpu affinity when allowing NUMA imbalance in find_idlest_group"
In reply to: Dov Murik: "Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key"
Next in thread: Brijesh Singh: "Re: [PATCH v9 42/43] virt: sevguest: Add support to derive key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]