Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp41425pja; Fri, 22 Nov 2019 03:11:57 -0800 (PST) X-Google-Smtp-Source: APXvYqwWNQ2jjWXhPoGz4FANIhb/OZ7axKPDgnqUPROgvvD9gdt9N/MDRExuJaFA2ga/8yOKJxTz X-Received: by 2002:a50:ed12:: with SMTP id j18mr357878eds.172.1574421117653; Fri, 22 Nov 2019 03:11:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574421117; cv=none; d=google.com; s=arc-20160816; b=ARvAO/89LEBOK0E0qgZwgsRXTSOgtAj0t5GIXw5EI4Ng/+jmzqhP4W54aLa7g3qn8S /AiKi+T12YUrJQID8hLYtx2b7KZKpAiq6eGkgtvVaMLguXlAgBJAMNN4q4CyrlysgHjU rJTaNzQo5NA7TM/8jQ6eyvnK6bE82mlBy2hnMg02ktf/ke6VQ4my/uzlyfwurvQ98715 05dG+LGFlLNI+kun6z/eyMo5bL0640Mcc+OdyseVGy9zpTNa5/ejsf5N8XBesTP7NzOu nlrtjTleBCeJoc72HRuCMhtKF8W9gds07fEqhvFmajaulKqqjUfkZi6l/SIs/nTW6N6y oMfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=mLq2/1rZQ85NUN0rbWx2pooCkJkGsc5cyGDSgbAwgVc=; b=Thd5PBgOCwTCkSsahxuBou3bhOkTNKkt+topwsZz4wQpa719VSiVMTD1eqYiOH/DV5 rIT4yO3+pPldzmlEpIq8DZlPkj7H/D88or3V6lwwU5pKHyG8qD2pe58e9VBsD5SqBB00 Hb9sfxzoY/P2uDKfACa/pZFUNMlIz7VCDGMtIu0d88KTza82u8VkK8guD76Z/uU0dk+n XBAFeZHwvm3qevvKMAX5tbpGeErHgJIi8darRvltHaGYr6KIl6hqxV+X5NNuFByhg42I wJwQyMQjcIjz/hbokn4xNnU18ExGo28zkAEVn5x7avJsTE7f93f1iAWCI1vtnNetePIi JwVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y3si4118040edv.423.2019.11.22.03.11.25; Fri, 22 Nov 2019 03:11:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728313AbfKVLKE (ORCPT + 99 others); Fri, 22 Nov 2019 06:10:04 -0500 Received: from helcar.hmeau.com ([216.24.177.18]:53228 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730998AbfKVLCb (ORCPT ); Fri, 22 Nov 2019 06:02:31 -0500 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1iY6hq-0004Pj-P9; Fri, 22 Nov 2019 19:02:30 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1iY6hp-0002cq-Gh; Fri, 22 Nov 2019 19:02:29 +0800 Date: Fri, 22 Nov 2019 19:02:29 +0800 From: Herbert Xu To: Brijesh Singh Cc: linux-crypto@vger.kernel.org, Gary Hook , Erdem Aktas , Tom Lendacky , David Rientjes Subject: Re: [PATCH] crypto: ccp: add SEV command privilege separation Message-ID: <20191122110229.dui2iqfys7z5rbwz@gondor.apana.org.au> References: <20191112195834.7795-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191112195834.7795-1-brijesh.singh@amd.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Nov 12, 2019 at 01:58:34PM -0600, Brijesh Singh wrote: > Currently, there is no privilege separation of the SEV command; you can > run them all or none of them. This is less than ideal because it means > that a compromise of the code which launches VMs could make permanent > change to the SEV certifcate chain which will affect others. > > These commands are required to attest the VM environment: > - SEV_PDH_CERT_EXPORT > - SEV_PLATFORM_STATUS > - SEV_GET_{ID,ID2} > > These commands manage the SEV certificate chain: > - SEV_PEK_CERR_IMPORT > - SEV_FACTORY_RESET > - SEV_PEK_GEN > - SEV_PEK_CSR > - SEV_PDH_GEN > > Lets add the CAP_SYS_ADMIN check for the group of the commands which alters > the SEV certificate chain to provide some level of privilege separation. > > Cc: Herbert Xu > Cc: Gary Hook > Cc: Erdem Aktas > Cc: Tom Lendacky > Tested-by: David Rientjes > Co-developed-by: David Rientjes > Signed-off-by: David Rientjes > Signed-off-by: Brijesh Singh > --- > drivers/crypto/ccp/psp-dev.c | 29 ++++++++++++++++++++++------- > drivers/crypto/ccp/psp-dev.h | 1 + > 2 files changed, 23 insertions(+), 7 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt