From: Mario Limonciello <mario.limonciello@amd.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
"David S . Miller" <davem@davemloft.net>,
John Allen <john.allen@amd.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/10] Add dynamic boost control support
Date: Wed, 26 Apr 2023 09:43:43 -0500 [thread overview]
Message-ID: <e3e2d438-6d97-57c8-90e0-8fec874ad43d@amd.com> (raw)
In-Reply-To: <ZEkrZ83fFwiweCTz@localhost>
On 4/26/23 08:47, Pavel Machek wrote:
> Hi!
>
>> Dynamic boost control is a feature of some SoCs that allows
>> an authenticated entity to send commands to the security processor
>> to control certain SOC characteristics with the intention to improve
>> performance.
>>
>> This is implemented via a mechanism that a userspace application would
>> authenticate using a nonce and key exchange over an IOCTL interface.
>>
>> After authentication is complete an application can exchange signed
>> messages with the security processor and both ends can validate the
>> data transmitted.
> Why is this acceptable? This precludes cross-platform interfaces,
> right? Why would application want to validate data from PSP? That
> precludes virtualization, right?
>
> Just put the key in kernel. Users have right to control their own
> hardware.
> Pavel
This matches exactly how the interface works in Windows as well.
The reason for validating the data from the PSP is because the data
crosses multiple trust boundaries and this ensures that the application
can trust it to make informed decisions.
next prev parent reply other threads:[~2023-04-26 14:43 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 16:31 [PATCH 00/10] Add dynamic boost control support Mario Limonciello
2023-04-20 16:31 ` [PATCH 01/10] crypto: ccp: Rename macro for security attributes Mario Limonciello
2023-04-20 16:31 ` [PATCH 02/10] crypto: ccp: Add support for displaying PSP firmware versions Mario Limonciello
2023-04-20 19:17 ` Tom Lendacky
2023-04-20 16:31 ` [PATCH 03/10] crypto: ccp: Add bootloader and TEE version offsets Mario Limonciello
2023-04-20 16:31 ` [PATCH 04/10] crypto: ccp: move setting PSP master to earlier in the init Mario Limonciello
2023-04-20 16:31 ` [PATCH 05/10] crypto: ccp: Add support for fetching a nonce for dynamic boost control Mario Limonciello
2023-04-20 16:31 ` [PATCH 06/10] crypto: ccp: Add support for setting user ID " Mario Limonciello
2023-04-20 16:31 ` [PATCH 07/10] crypto: ccp: Add support for getting and setting DBC parameters Mario Limonciello
2023-04-20 16:31 ` [PATCH 08/10] crypto: ccp: Add a sample script for Dynamic Boost Control Mario Limonciello
2023-04-20 16:31 ` [PATCH 09/10] crypto: ccp: Add unit tests for dynamic boost control Mario Limonciello
2023-04-20 16:31 ` [PATCH 10/10] crypto: ccp: Add Mario to MAINTAINERS Mario Limonciello
2023-04-26 13:47 ` [PATCH 00/10] Add dynamic boost control support Pavel Machek
2023-04-26 14:43 ` Mario Limonciello [this message]
2023-07-15 6:23 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3e2d438-6d97-57c8-90e0-8fec874ad43d@amd.com \
--to=mario.limonciello@amd.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox