From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1034251AbcIVSX7 (ORCPT <rfc822;w@1wt.eu>);
        Thu, 22 Sep 2016 14:23:59 -0400
Received: from mx1.redhat.com ([209.132.183.28]:60252 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1034210AbcIVSXy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Sep 2016 14:23:54 -0400
Subject: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when
 SEV is active
To: Tom Lendacky <thomas.lendacky@amd.com>, Borislav Petkov <bp@suse.de>,
        Brijesh Singh <brijesh.singh@amd.com>
References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine>
 <147190832511.9523.10850626471583956499.stgit@brijesh-build-machine>
 <20160922143545.3kl7khff6vqk7b2t@pd.tnic>
 <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
Cc: simon.guinot@sequanux.org, linux-efi@vger.kernel.org,
        kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk,
        linus.walleij@linaro.org, linux-mm@kvack.org,
        paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com,
        aarcange@redhat.com, sfr@canb.auug.org.au,
        andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au,
        bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org,
        mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com,
        dyoung@redhat.com, jroedel@suse.de, keescook@chromium.org,
        toshi.kani@hpe.com, mathieu.desnoyers@efficios.com,
        devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org,
        iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com,
        alexandre.bounine@idt.com, kuleshovmail@gmail.com,
        linux-kernel@vger.kernel.org, mcgrof@kernel.org,
        linux-crypto@vger.kernel.org, akpm@linux-foundation.org,
        davem@davemloft.net
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <45a56110-95e9-e1f3-83ab-e777b48bf79a@redhat.com>
Date: Thu, 22 Sep 2016 20:23:36 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <443d06f5-2db5-5107-296f-94fabd209407@amd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 22 Sep 2016 18:23:53 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 22/09/2016 19:46, Tom Lendacky wrote:
>> > Do you mean, it is encrypted here because we're in the guest kernel?
> Yes, the idea is that the SEV guest will be running encrypted from the
> start, including the BIOS/UEFI, and so all of the EFI related data will
> be encrypted.

Unless this is part of some spec, it's easier if things are the same in
SME and SEV.

Paolo