Re: [PATCH 0/2] Introduce AMD Secure Processor device

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: thomas.lendacky@amd.com, herbert@gondor.apana.org.au,
	arnd@arndb.de, lambert.quentin@gmail.com, gary.hook@amd.com,
	linux-kernel@vger.kernel.org, Julia.Lawall@lip6.fr,
	weiyongjun1@huawei.com, linux-crypto@vger.kernel.org,
	umgwanakikbuti@gmail.com
Subject: Re: [PATCH 0/2] Introduce AMD Secure Processor device
Date: Fri, 20 Jan 2017 18:39:38 +0100	[thread overview]
Message-ID: <20170120173938.GA10177@kroah.com> (raw)
In-Reply-To: <129bc948-6836-bf0f-832e-525f0805c549@amd.com>

On Fri, Jan 20, 2017 at 09:40:49AM -0600, Brijesh Singh wrote:
> 
> On 01/20/2017 02:45 AM, Greg KH wrote:
> > On Thu, Jan 19, 2017 at 02:03:12PM -0600, Brijesh Singh wrote:
> > > Hi Greg,
> > > 
> > > On 01/19/2017 12:21 PM, Greg KH wrote:
> > > > On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote:
> > > > > The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor,
> > > > > which is not dedicated solely to crypto. The AMD Secure Processor includes
> > > > > CCP and PSP (Platform Secure Processor) devices.
> > > > > 
> > > > > This patch series moves the CCP device driver to the misc directory and
> > > > > creates a framework that allows functional component of the AMD Secure
> > > > > Processor to be initialized and handled appropriately.
> > > > 
> > > > Why the misc directory?  I don't see the justification here...
> > > > 
> > > 
> > > Since this driver is not solely for crypto purposes and do not fit in any of
> > > the standard categories hence I thought of moving it into misc directory. I
> > > am open to other suggestions unless Herbert is ok with leaving it into
> > > crypto and allowing the addition of the Secure Processor support.
> > > 
> > > The patch series allows the CCP driver to support other Secure Processor
> > > functions, e.g Secure Encrypted Virtualization (SEV) key management. In
> > > past, I tried to add SEV support into existing CCP driver [1] but we quickly
> > > learned that CCP driver should be moved outside the crypto directory
> > > otherwise will end up adding non crypto code into drivers/crypto directory.
> > > Once this cleanup is accepted then I can work to add SEV support inside the
> > > CCP driver.
> > > 
> > > [1] http://marc.info/?l=linux-kernel&m=147204118426151&w=2
> > 
> > Ok, what type of interface will this driver have with userspace and/or
> > other parts of the kernel?  Is there a misc char device burried in there
> > somewhere (I couldn't find it in the big diff sent out), or is this
> > driver just creating specific apis that other parts of the kernel will
> > call if available?
> > 
> 
> Eventually, the driver will export functions which will be used by KVM
> to encrypt the guest memory and more. Additionally, If SEV device is
> detected then driver will create a misc char device which can be used by
> userspace to import/export certificates etc.

Why create a new api for certificates, why not just use the existing
kernel key handling for it?

Having a random char device for something like this is going to be rough
to approve, I'll wait for the patches before I start objecting really
hard :)

thanks,

greg k-h

     prev parent reply	other threads:[~2017-01-20 17:40 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-19 18:07 [PATCH 0/2] Introduce AMD Secure Processor device Brijesh Singh
2017-01-19 18:08 ` [PATCH 1/2] crypto: move CCP device driver to misc Brijesh Singh
2017-01-19 18:18   ` Greg KH
2017-01-19 19:10     ` Brijesh Singh
2017-01-20 16:33   ` kbuild test robot
2017-01-19 18:08 ` [PATCH 2/2] misc: amd-sp: introduce the AMD Secure Processor device Brijesh Singh
2017-01-19 18:22   ` Greg KH
2017-01-20 16:20   ` kbuild test robot
2017-01-20 19:51   ` kbuild test robot
2017-01-19 18:21 ` [PATCH 0/2] Introduce " Greg KH
2017-01-19 20:03   ` Brijesh Singh
2017-01-20  8:45     ` Greg KH
2017-01-20 15:40       ` Brijesh Singh
2017-01-20 17:39         ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170120173938.GA10177@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Julia.Lawall@lip6.fr \
    --cc=arnd@arndb.de \
    --cc=brijesh.singh@amd.com \
    --cc=gary.hook@amd.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=lambert.quentin@gmail.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=thomas.lendacky@amd.com \
    --cc=umgwanakikbuti@gmail.com \
    --cc=weiyongjun1@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.