diff options
| author |   Brijesh Singh <brijesh.singh@amd.com> | 2019-11-12 13:58:34 -0600 |
|---|---|---|
| committer |   Herbert Xu <herbert@gondor.apana.org.au> | 2019-11-22 18:48:35 +0800 |
| commit | ec310caf13b5505c268cfa526b7b28152a879d1e (patch) | |
| tree | 30a6956a23af717e9ed06c333e5d97d3414bf201 /Kconfig | |
| parent | crypto: blake2b - rename tfm context and _setkey callback (diff) | |
| download | linux-dev-ec310caf13b5505c268cfa526b7b28152a879d1e.tar.xz linux-dev-ec310caf13b5505c268cfa526b7b28152a879d1e.zip | |
crypto: ccp - add SEV command privilege separation
Currently, there is no privilege separation of the SEV command; you can
run them all or none of them. This is less than ideal because it means
that a compromise of the code which launches VMs could make permanent
change to the SEV certifcate chain which will affect others.
These commands are required to attest the VM environment:
- SEV_PDH_CERT_EXPORT
- SEV_PLATFORM_STATUS
- SEV_GET_{ID,ID2}
These commands manage the SEV certificate chain:
- SEV_PEK_CERR_IMPORT
- SEV_FACTORY_RESET
- SEV_PEK_GEN
- SEV_PEK_CSR
- SEV_PDH_GEN
Lets add the CAP_SYS_ADMIN check for the group of the commands which alters
the SEV certificate chain to provide some level of privilege separation.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Tested-by: David Rientjes <rientjes@google.com>
Co-developed-by: David Rientjes <rientjes@google.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'Kconfig')
0 files changed, 0 insertions, 0 deletions