Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp2716108pxb; Thu, 3 Feb 2022 12:36:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJyq6UOhq0V/dvfxDPLDBtYbarDVgZQ8JFPwhcICdo67VMAHmkVKb3e6IJ0sPoSGwPcc4P7D X-Received: by 2002:a17:90b:2251:: with SMTP id hk17mr15793932pjb.25.1643920590329; Thu, 03 Feb 2022 12:36:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643920590; cv=none; d=google.com; s=arc-20160816; b=B2mtKA3fAk1jhI6frCZ2syqAH2iB7ZO3hEPXKPwyYbI/sMLlAbjMmrwMfmKy7vw7zh CH2FthCqobGlJYTTy5X8rltla3+XY0fOfBzJ4hRB87NK3Syk116YAamDaBkmaQQKprU4 MeTiko5zuuk2HMBS5AubDCk+Mm8Mmqn/8KBJoxw/kZ13gRv4YAZQp1h0ThqX099sWXOK bBHIGTtx8SfLB2vrmya3YafeBEDJrMDb3Cg8WS6Rpo/3JUfuDaVvQ77N+KwYi7aKQHMT EaGkF9EnxlI26gPvL61z69RsC5NiPUMuOm26zs+IgGfyPPJix5sU/WrFcNX+DZJZiP/Y dXYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=jWdC5Ldjy7jJ3RrIzgGXCKoferOQ3eGMT5x37S5t6YQ=; b=CYaC3bAcIUjZv35gHqCYu7TrR2eb0noJWlkdRta2MVl9pC2a1Xh0Qt8tRMchAuHUUJ lcrXuhU5fEG+2+j+judlrq8TkF6xXz+2DXqnt+sVqsfUXvY+SRoLoCeT1GLIlXL5+Uhs 19Svsc7BEc/aLJG88zCFC+w90Eq2t7IvorfaemQE3SqoN5RQ0T9s96anUoAv+jED9TtG Bj4MBm2uEEhY9PMpzCrqLCq1+HOwB9ePFMvL2joa6w3CkjFrWDCeZk7Von2i9WyY998k cPinImJwxXVMfmSO/llIk7rb29Cu5aspDsxuz912dh1AyKsEhlEYkWy8vpeVC1xEKWJ2 R34Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u85si22449612pfc.11.2022.02.03.12.36.18; Thu, 03 Feb 2022 12:36:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244934AbiBBGzd (ORCPT + 99 others); Wed, 2 Feb 2022 01:55:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238640AbiBBGzO (ORCPT ); Wed, 2 Feb 2022 01:55:14 -0500 X-Greylist: delayed 10365 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 01 Feb 2022 22:54:44 PST Received: from cavan.codon.org.uk (irc.codon.org.uk [IPv6:2a00:1098:84:22e::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE4B9C061398; Tue, 1 Feb 2022 22:54:44 -0800 (PST) Received: by cavan.codon.org.uk (Postfix, from userid 1000) id 87B0840A4A; Wed, 2 Feb 2022 06:54:43 +0000 (GMT) Date: Wed, 2 Feb 2022 06:54:43 +0000 From: Matthew Garrett To: Greg KH Cc: James Bottomley , Dov Murik , linux-efi@vger.kernel.org, Borislav Petkov , Ashish Kalra , Brijesh Singh , Tom Lendacky , Ard Biesheuvel , James Morris , "Serge E. Hallyn" , Andi Kleen , Andrew Scull , Dave Hansen , "Dr. David Alan Gilbert" , Gerd Hoffmann , Lenny Szubowicz , Peter Gonda , Tobin Feldman-Fitzthum , Jim Cadden , Daniele Buono , linux-coco@lists.linux.dev, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Nayna Jain , dougmill@linux.vnet.ibm.com, gcwilson@linux.ibm.com, gjoyce@ibm.com, linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au, dja@axtens.net Subject: Re: [PATCH v7 0/5] Allow guest access to EFI confidential computing secret area Message-ID: <20220202065443.GA9249@srcf.ucam.org> References: <20220201124413.1093099-1-dovmurik@linux.ibm.com> <37779659ca96ac9c1f11bcc0ac0665895c795b54.camel@linux.ibm.com> <20220202040157.GA8019@srcf.ucam.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 02, 2022 at 07:10:02AM +0100, Greg KH wrote: > On Wed, Feb 02, 2022 at 04:01:57AM +0000, Matthew Garrett wrote: > > We're talking about things that have massively different semantics. > > I see lots of different platforms trying to provide access to their > "secure" firmware data to userspace in different ways. That feels to me > like they are the same thing that userspace would care about in a > unified way. EFI variables are largely for the OS to provide information to the firmware, while this patchset is to provide information from the firmware to the OS. I don't see why we'd expect to use the same userland tooling for both. In the broader case - I don't think we *can* use the same userland tooling for everything. For example, the patches to add support for manipulating the Power secure boot keys originally attempted to make it look like efivars, but the underlying firmware semantics are sufficiently different that even exposing the same kernel interface wouldn't be a sufficient abstraction and userland would still need to behave differently. Exposing an interface that looks consistent but isn't is arguably worse for userland than exposing explicitly distinct interfaces.