Re: [PATCH 00/10] Add dynamic boost control support

[Pavel Machek]

On Wed 2023-04-26 09:43:43, Mario Limonciello wrote:
> 
> On 4/26/23 08:47, Pavel Machek wrote:
> > Hi!
> > 
> > > Dynamic boost control is a feature of some SoCs that allows
> > > an authenticated entity to send commands to the security processor
> > > to control certain SOC characteristics with the intention to improve
> > > performance.
> > > 
> > > This is implemented via a mechanism that a userspace application would
> > > authenticate using a nonce and key exchange over an IOCTL interface.
> > > 
> > > After authentication is complete an application can exchange signed
> > > messages with the security processor and both ends can validate the
> > > data transmitted.
> > Why is this acceptable? This precludes cross-platform interfaces,
> > right? Why would application want to validate data from PSP? That
> > precludes virtualization, right?
> > 
> > Just put the key in kernel. Users have right to control their own
> > hardware.
> > 							Pavel
> 
> This matches exactly how the interface works in Windows as well.

Windows has different design constrants.

> The reason for validating the data from the PSP is because the data
> crosses multiple trust boundaries and this ensures that the application
> can trust it to make informed decisions.

If the application can not trust kernel, you are already doomed on
Linux.

									Pavel

-- 
People of Russia, stop Putin before his war on Ukraine escalates.

Attachment: signature.asc
Description: PGP signature