[edk2-devel] [PATCH v3 6/6] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table
Yao, Jiewen
jiewen.yao at intel.com
Wed Dec 9 16:51:29 UTC 2020
> To be clear: grub is just using it to get the disk password. I do
> anticipate we'll also use it for provisioning keys directly into the
> linux kernel as well, so multiple consumers were anticipated.
Would you please share more information about the GUIDed key usage, except disk password?
What is the usage of the provisioning key for kernel?
Thank you
Yao Jiewen
> -----Original Message-----
> From: James Bottomley <jejb at linux.ibm.com>
> Sent: Thursday, December 10, 2020 12:39 AM
> To: Yao, Jiewen <jiewen.yao at intel.com>; devel at edk2.groups.io
> Cc: dovmurik at linux.vnet.ibm.com; Dov.Murik1 at il.ibm.com;
> ashish.kalra at amd.com; brijesh.singh at amd.com; tobin at ibm.com;
> david.kaplan at amd.com; jon.grimm at amd.com; thomas.lendacky at amd.com;
> frankeh at us.ibm.com; Dr . David Alan Gilbert <dgilbert at redhat.com>; Laszlo
> Ersek <lersek at redhat.com>; Justen, Jordan L <jordan.l.justen at intel.com>;
> Ard Biesheuvel <ard.biesheuvel at arm.com>
> Subject: Re: [edk2-devel] [PATCH v3 6/6] OvmfPkg/AmdSev: Expose the Sev
> Secret area using a configuration table
>
> On Wed, 2020-12-09 at 16:33 +0000, Yao, Jiewen wrote:
> > Thanks. ConfidentialComputing seems a better name.
> >
> > I agree with you that OVMF might not need understand the data
> > structure. But I am not sure if the grub is the only boot loader we
> > want to support.
>
> To be clear: grub is just using it to get the disk password. I do
> anticipate we'll also use it for provisioning keys directly into the
> linux kernel as well, so multiple consumers were anticipated.
>
> > I think it might be a better idea to define the data structure
> > clearly in OVMF. As such, any boot loader can parse the data
> > structure to decrypt the disk. They don’t need refer to grub.
>
> I'll defer to what OVMF people want, but defining a table inside OVMF
> that it doesn't actually use at all seems to be doing it at the wrong
> layer.
>
> James
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68561): https://edk2.groups.io/g/devel/message/68561
Mute This Topic: https://groups.io/mt/78617882/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list