From: "H. Peter Anvin" <hpa@zytor.com>
To: Thomas Renninger <trenn@suse.de>
Cc: "Yu, Fenghua" <fenghua.yu@intel.com>,
Tang Chen <tangchen@cn.fujitsu.com>,
Yinghai Lu <yinghai@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: Early microcode signing in secure boot environment - Was: x86, microcode: Use common get_ramdisk_image()
Date: Thu, 11 Apr 2013 15:51:56 -0700 [thread overview]
Message-ID: <51673E8C.9080806@zytor.com> (raw)
In-Reply-To: <195101369.cgl3lvkTHk@skinner.arch.suse.de>
On 04/11/2013 01:59 AM, Thomas Renninger wrote:
>
>>> Is this "cryptographically authenticated by the CPU itself" thing
>>> documented
>>> somewhere so that security people can double check that it is really
>>> secure?
>>
>> X86 SDM defines that the second part of microcode update is the encrypted
>> data.
>
> Again, I doubt it is allowed to bypass UEFI authentication with arbitrary,
> vendor specific authentication checks.
>
What does that even mean in this context?
-hpa
next prev parent reply other threads:[~2013-04-11 22:53 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-04 23:46 [PATCH v3 00/22] x86, ACPI, numa: Parse numa info early Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 01/22] x86: Change get_ramdisk_image() to global Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 02/22] x86, microcode: Use common get_ramdisk_image() Yinghai Lu
2013-04-10 5:34 ` Tang Chen
2013-04-10 7:40 ` Early microcode signing in secure boot environment - Was: " Thomas Renninger
2013-04-10 17:47 ` Yu, Fenghua
2013-04-11 7:31 ` Thomas Renninger
2013-04-11 8:28 ` Yu, Fenghua
2013-04-11 8:59 ` Thomas Renninger
2013-04-11 22:51 ` H. Peter Anvin [this message]
2013-04-10 16:13 ` [PATCH v3 02/22] " Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 03/22] x86, ACPI, mm: Kill max_low_pfn_mapped Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 04/22] x86, ACPI: Search buffer above 4G in second try for acpi override tables Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 05/22] x86, ACPI: Increase override tables number limit Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 06/22] x86, ACPI: Split acpi_initrd_override to find/copy two functions Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 07/22] x86, ACPI: Store override acpi tables phys addr in cpio files info array Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 08/22] x86, ACPI: Make acpi_initrd_override_find work with 32bit flat mode Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 09/22] x86, ACPI: Find acpi tables in initrd early from head_32.S/head64.c Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 10/22] x86, mm, numa: Move two functions calling on successful path later Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 11/22] x86, mm, numa: Call numa_meminfo_cover_memory() checking early Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 12/22] x86, mm, numa: Move node_map_pfn alignment() to x86 Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 13/22] x86, mm, numa: Use numa_meminfo to check node_map_pfn alignment Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 14/22] x86, mm, numa: Set memblock nid later Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 15/22] x86, mm, numa: Move node_possible_map setting later Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 16/22] x86, mm, numa: Move emulation handling down Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 17/22] x86, ACPI, numa, ia64: split SLIT handling out Yinghai Lu
2013-04-05 21:54 ` Tony Luck
2013-04-05 22:16 ` Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 18/22] x86, mm, numa: Add early_initmem_init() stub Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 19/22] x86, mm: Parse numa info early Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 20/22] x86, mm: Add comments for step_size shift Yinghai Lu
2013-04-04 23:46 ` [PATCH v3 21/22] x86, mm: Make init_mem_mapping be able to be called several times Yinghai Lu
2013-04-05 13:38 ` Konrad Rzeszutek Wilk
2013-04-04 23:46 ` [PATCH v3 22/22] x86, mm, numa: Put pagetable on local node ram for 64bit Yinghai Lu
2013-04-05 2:28 ` [PATCH v3 00/22] x86, ACPI, numa: Parse numa info early Thomas Renninger
2013-04-05 3:09 ` Yinghai Lu
2013-04-05 10:44 ` Thomas Renninger
2013-04-05 16:36 ` Thomas Renninger
2013-04-05 18:10 ` Yinghai Lu
2013-04-11 22:53 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51673E8C.9080806@zytor.com \
--to=hpa@zytor.com \
--cc=akpm@linux-foundation.org \
--cc=fenghua.yu@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=tangchen@cn.fujitsu.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=trenn@suse.de \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox