From: Ingo Molnar <mingo@kernel.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Joerg Roedel <joro@8bytes.org>,
x86@kernel.org, hpa@zytor.com,
Tom Lendacky <thomas.lendacky@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
linux-kernel@vger.kernel.org, Larry.Dewey@amd.com,
Joerg Roedel <jroedel@suse.de>
Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS
Date: Wed, 5 Mar 2025 12:26:13 +0100 [thread overview]
Message-ID: <Z8g01YhM_FtdB5n6@gmail.com> (raw)
In-Reply-To: <20250305111251.GBZ8gxs_6O7g3gLVEh@fat_crate.local>
* Borislav Petkov <bp@alien8.de> wrote:
> On Wed, Mar 05, 2025 at 11:52:34AM +0100, Joerg Roedel wrote:
> > From: Joerg Roedel <jroedel@suse.de>
> >
> > Current user-space tooling which needs access to the SEV_STATUS MSR is
> > using the MSR module. The use of this module poses a security risk in
> > any trusted execution environment and is generally discouraged.
> >
> > Instead, provide an file in SYSFS in the already existing
> > /sys/devices/system/cpu/sev/ directory to provide the value of the
> > SEV_STATUS MSR to user-space.
>
> Right, to continue this discussion on the ML, like we said yesterday, I think
> that dumping a raw MSR value is not really user-friendly.
>
> We could stick a
>
> Coco:
>
> line in /proc/cpuinfo and simply dump SEV_STATUS there and TDX can put the
> respective TDX-specific feature flags of what is enabled there and then we
> have a good tested and well-known interface to communicate such things to
> userspace through.
>
> I'd say...
It's *far* better to expose this via a targeted sysfs entry than
polluting /proc/cpuinfo with it that everyone and their dog is parsing
all the time ...
Thanks,
Ingo
next prev parent reply other threads:[~2025-03-05 11:26 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-05 10:52 [PATCH] x86/sev: Make SEV_STATUS available via SYSFS Joerg Roedel
2025-03-05 11:11 ` [tip: x86/sev] " tip-bot2 for Joerg Roedel
2025-03-05 11:12 ` [PATCH] " Borislav Petkov
2025-03-05 11:26 ` Ingo Molnar [this message]
2025-03-05 11:31 ` Borislav Petkov
2025-03-05 11:35 ` Juergen Gross
2025-03-05 11:41 ` Borislav Petkov
2025-03-05 11:48 ` Jürgen Groß
2025-03-05 11:53 ` Borislav Petkov
2025-03-05 11:42 ` Ingo Molnar
2025-03-05 11:50 ` Borislav Petkov
2025-03-05 13:56 ` Joerg Roedel
2025-03-05 15:37 ` Borislav Petkov
2025-03-05 16:37 ` Dave Hansen
2025-03-05 16:40 ` Dave Hansen
2025-03-05 16:55 ` Borislav Petkov
2025-03-05 17:09 ` Dave Hansen
2025-03-05 17:51 ` Joerg Roedel
2025-03-05 20:07 ` Borislav Petkov
2025-03-06 8:01 ` Kirill A. Shutemov
2025-03-06 8:38 ` Joerg Roedel
2025-03-06 10:31 ` Borislav Petkov
2025-03-06 13:36 ` Kirill A. Shutemov
2025-03-06 13:56 ` Borislav Petkov
2025-03-06 10:37 ` Alexey Gladkov (Intel)
2025-03-10 10:28 ` Joerg Roedel
2025-03-10 11:02 ` Borislav Petkov
2025-03-10 12:46 ` Joerg Roedel
2025-03-10 13:36 ` Borislav Petkov
2025-03-10 11:24 ` Alexey Gladkov
2025-03-10 12:28 ` Juergen Gross
2025-03-10 12:35 ` Joerg Roedel
2025-03-10 12:49 ` Juergen Gross
2025-03-10 13:38 ` Borislav Petkov
2025-03-10 14:39 ` Tom Lendacky
2025-03-10 14:50 ` Alexey Gladkov
2025-03-10 15:11 ` Borislav Petkov
2025-03-10 15:33 ` Jürgen Groß
2025-03-10 15:41 ` Borislav Petkov
2025-03-10 15:50 ` Alexey Gladkov
2025-03-10 15:43 ` Alexey Gladkov
2025-03-10 15:52 ` Juergen Gross
2025-03-10 15:55 ` Borislav Petkov
2025-03-10 16:00 ` Juergen Gross
2025-03-10 16:06 ` Borislav Petkov
2025-03-10 16:23 ` Jürgen Groß
2025-03-10 16:05 ` Alexey Gladkov
2025-03-11 9:43 ` Joerg Roedel
2025-03-11 10:22 ` Jürgen Groß
2025-03-11 11:07 ` Borislav Petkov
2025-03-11 11:14 ` Juergen Gross
2025-03-11 18:24 ` Alexey Gladkov
2025-03-11 18:40 ` Joerg Roedel
2025-03-11 20:37 ` Alexey Gladkov
2025-03-12 7:19 ` Kirill A. Shutemov
2025-03-12 8:23 ` Joerg Roedel
2025-03-12 8:48 ` Kirill A. Shutemov
2025-03-12 9:07 ` Joerg Roedel
2025-03-12 10:59 ` Kirill A. Shutemov
2025-03-12 11:44 ` Joerg Roedel
2025-03-11 18:13 ` Alexey Gladkov
2025-03-05 13:50 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8g01YhM_FtdB5n6@gmail.com \
--to=mingo@kernel.org \
--cc=Larry.Dewey@amd.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.