Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

From: Paolo Bonzini
Date: Thu Sep 22 2016 - 14:51:11 EST

Next message: Sam Van Den Berge: "[PATCH v3] dmaengine: s3c24xx: Add dma_slave_map for s3c2440 devices"
Previous message: SF Markus Elfring: "[PATCH 10/14] GPU-DRM-TTM: Return directly after a failed kobject_init_and_add() in ttm_dma_page_alloc_init()"
In reply to: Tom Lendacky: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Next in thread: Tom Lendacky: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22/09/2016 20:47, Tom Lendacky wrote:
> > Because the firmware volume is written to high memory in encrypted form,
> > and because the PEI phase runs in 32-bit mode, the firmware code will be
> > encrypted; on the other hand, data that is placed in low memory for the
> > kernel can be unencrypted, thus limiting differences between SME and SEV.
>
> I like the idea of limiting the differences but it would leave the EFI
> data and ACPI tables exposed and able to be manipulated.

Hmm, that makes sense. So I guess this has to stay, and Borislav's
proposal doesn't fly either.

Paolo

Next message: Sam Van Den Berge: "[PATCH v3] dmaengine: s3c24xx: Add dma_slave_map for s3c2440 devices"
Previous message: SF Markus Elfring: "[PATCH 10/14] GPU-DRM-TTM: Return directly after a failed kobject_init_and_add() in ttm_dma_page_alloc_init()"
In reply to: Tom Lendacky: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Next in thread: Tom Lendacky: "Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]