Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-12-09 Thread Tom Lendacky
On 12/7/2016 7:19 AM, Matt Fleming wrote: > On Wed, 09 Nov, at 06:36:31PM, Tom Lendacky wrote: >> Boot data (such as EFI related data) is not encrypted when the system is >> booted and needs to be accessed unencrypted. Add support to apply the >> proper attributes to the EFI page tables and to the

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-12-07 Thread Matt Fleming
On Wed, 09 Nov, at 06:36:31PM, Tom Lendacky wrote: > Boot data (such as EFI related data) is not encrypted when the system is > booted and needs to be accessed unencrypted. Add support to apply the > proper attributes to the EFI page tables and to the early_memremap and > memremap APIs to identify

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-20 Thread Borislav Petkov
On Sat, Nov 19, 2016 at 12:33:49PM -0600, Tom Lendacky wrote: > >> +{ > >> + /* SME is not active, just return true */ > >> + if (!sme_me_mask) > >> + return true; > > > > I don't understand the logic here: SME is not active -> apply encryption?! > > It does seem counter-intuitive, but

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-19 Thread Tom Lendacky
On 11/17/2016 9:55 AM, Borislav Petkov wrote: > On Wed, Nov 09, 2016 at 06:36:31PM -0600, Tom Lendacky wrote: >> Boot data (such as EFI related data) is not encrypted when the system is >> booted and needs to be accessed unencrypted. Add support to apply the >> proper attributes to the EFI page ta

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-17 Thread Borislav Petkov
On Wed, Nov 09, 2016 at 06:36:31PM -0600, Tom Lendacky wrote: > Boot data (such as EFI related data) is not encrypted when the system is > booted and needs to be accessed unencrypted. Add support to apply the > proper attributes to the EFI page tables and to the early_memremap and > memremap APIs

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-14 Thread Tom Lendacky
On 11/11/2016 10:17 AM, Kani, Toshimitsu wrote: > On Wed, 2016-11-09 at 18:36 -0600, Tom Lendacky wrote: >> Boot data (such as EFI related data) is not encrypted when the system >> is booted and needs to be accessed unencrypted. Add support to apply >> the proper attributes to the EFI page tables

Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-11 Thread Kani, Toshimitsu
On Wed, 2016-11-09 at 18:36 -0600, Tom Lendacky wrote: > Boot data (such as EFI related data) is not encrypted when the system > is booted and needs to be accessed unencrypted.  Add support to apply > the proper attributes to the EFI page tables and to the > early_memremap and memremap APIs to iden

[RFC PATCH v3 10/20] Add support to access boot related data in the clear

2016-11-09 Thread Tom Lendacky
Boot data (such as EFI related data) is not encrypted when the system is booted and needs to be accessed unencrypted. Add support to apply the proper attributes to the EFI page tables and to the early_memremap and memremap APIs to identify the type of data being accessed so that the proper encrypt