mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-24 12:00:58 +07:00
ec310caf13
Currently, there is no privilege separation of the SEV command; you can
run them all or none of them. This is less than ideal because it means
that a compromise of the code which launches VMs could make permanent
change to the SEV certifcate chain which will affect others.
These commands are required to attest the VM environment:
- SEV_PDH_CERT_EXPORT
- SEV_PLATFORM_STATUS
- SEV_GET_{ID,ID2}
These commands manage the SEV certificate chain:
- SEV_PEK_CERR_IMPORT
- SEV_FACTORY_RESET
- SEV_PEK_GEN
- SEV_PEK_CSR
- SEV_PDH_GEN
Lets add the CAP_SYS_ADMIN check for the group of the commands which alters
the SEV certificate chain to provide some level of privilege separation.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Tested-by: David Rientjes <rientjes@google.com>
Co-developed-by: David Rientjes <rientjes@google.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||
|---|---|---|
| .. | ||
| ccp-crypto-aes-cmac.c | ||
| ccp-crypto-aes-galois.c | ||
| ccp-crypto-aes-xts.c | ||
| ccp-crypto-aes.c | ||
| ccp-crypto-des3.c | ||
| ccp-crypto-main.c | ||
| ccp-crypto-rsa.c | ||
| ccp-crypto-sha.c | ||
| ccp-crypto.h | ||
| ccp-debugfs.c | ||
| ccp-dev-v3.c | ||
| ccp-dev-v5.c | ||
| ccp-dev.c | ||
| ccp-dev.h | ||
| ccp-dmaengine.c | ||
| ccp-ops.c | ||
| Kconfig | ||
| Makefile | ||
| psp-dev.c | ||
| psp-dev.h | ||
| sp-dev.c | ||
| sp-dev.h | ||
| sp-pci.c | ||
| sp-platform.c | ||