mirror of
https://github.com/torvalds/linux.git
synced 2024-12-20 10:01:56 +00:00
ec310caf13
Currently, there is no privilege separation of the SEV command; you can run them all or none of them. This is less than ideal because it means that a compromise of the code which launches VMs could make permanent change to the SEV certifcate chain which will affect others. These commands are required to attest the VM environment: - SEV_PDH_CERT_EXPORT - SEV_PLATFORM_STATUS - SEV_GET_{ID,ID2} These commands manage the SEV certificate chain: - SEV_PEK_CERR_IMPORT - SEV_FACTORY_RESET - SEV_PEK_GEN - SEV_PEK_CSR - SEV_PDH_GEN Lets add the CAP_SYS_ADMIN check for the group of the commands which alters the SEV certificate chain to provide some level of privilege separation. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Gary Hook <gary.hook@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Tested-by: David Rientjes <rientjes@google.com> Co-developed-by: David Rientjes <rientjes@google.com> Signed-off-by: David Rientjes <rientjes@google.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
---|---|---|
.. | ||
ccp-crypto-aes-cmac.c | ||
ccp-crypto-aes-galois.c | ||
ccp-crypto-aes-xts.c | ||
ccp-crypto-aes.c | ||
ccp-crypto-des3.c | ||
ccp-crypto-main.c | ||
ccp-crypto-rsa.c | ||
ccp-crypto-sha.c | ||
ccp-crypto.h | ||
ccp-debugfs.c | ||
ccp-dev-v3.c | ||
ccp-dev-v5.c | ||
ccp-dev.c | ||
ccp-dev.h | ||
ccp-dmaengine.c | ||
ccp-ops.c | ||
Kconfig | ||
Makefile | ||
psp-dev.c | ||
psp-dev.h | ||
sp-dev.c | ||
sp-dev.h | ||
sp-pci.c | ||
sp-platform.c |