[edk2-devel] [PATCH v3 6/6] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table
James Bottomley
jejb at linux.ibm.com
Wed Dec 9 17:04:48 UTC 2020
On Wed, 2020-12-09 at 16:51 +0000, Yao, Jiewen wrote:
> > To be clear: grub is just using it to get the disk password. I do
> > anticipate we'll also use it for provisioning keys directly into
> > the linux kernel as well, so multiple consumers were anticipated.
>
> Would you please share more information about the GUIDed key usage,
> except disk password?
I think the point here is I don't define it. I only define the one
grub disk password use case. The GUIDed table format means that anyone
can define a GUID and a data format for their use case. Not actually
pre-specifying allows the use case to develop with the code.
> What is the usage of the provisioning key for kernel?
The usual problem is that you need an additional trusted public key in
the kernel primary keyring, so having the secret area inject a trusted
public key we can later use for things like third party module signing
and the like seems to be a good idea.
James
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68562): https://edk2.groups.io/g/devel/message/68562
Mute This Topic: https://groups.io/mt/78617882/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list