git/linux-net
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/ synced 2026-04-18 06:33:43 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
cbabf03c3ef3cce74a97f140cf57611a9e8a21bc
linux-net/drivers/virt/Kconfig
Dov Murik cbabf03c3e virt: Add efi_secret module to expose confidential computing secrets 
The new efi_secret module exposes the confidential computing (coco)
EFI secret area via securityfs interface.

When the module is loaded (and securityfs is mounted, typically under
/sys/kernel/security), a "secrets/coco" directory is created in
securityfs.  In it, a file is created for each secret entry.  The name
of each such file is the GUID of the secret entry, and its content is
the secret data.

This allows applications running in a confidential computing setting to
read secrets provided by the guest owner via a secure secret injection
mechanism (such as AMD SEV's LAUNCH_SECRET command).

Removing (unlinking) files in the "secrets/coco" directory will zero out
the secret in memory, and remove the filesystem entry.  If the module is
removed and loaded again, that secret will not appear in the filesystem.

Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Link: https://lore.kernel.org/r/20220412212127.154182-3-dovmurik@linux.ibm.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-04-13 19:11:20 +02:00

54 lines
1.5 KiB
Plaintext
Raw Blame History

# SPDX-License-Identifier: GPL-2.0-only
#
# Virtualization support drivers
#
menuconfig VIRT_DRIVERS
bool "Virtualization drivers"
help
Say Y here to get to see options for device drivers that support
virtualization environments.
If you say N, all options in this submenu will be skipped and disabled.
if VIRT_DRIVERS
config VMGENID
tristate "Virtual Machine Generation ID driver"
default y
depends on ACPI
help
Say Y here to use the hypervisor-provided Virtual Machine Generation ID
to reseed the RNG when the VM is cloned. This is highly recommended if
you intend to do any rollback / cloning / snapshotting of VMs.
Prefer Y to M so that this protection is activated very early.
config FSL_HV_MANAGER
tristate "Freescale hypervisor management driver"
depends on FSL_SOC
select EPAPR_PARAVIRT
help
The Freescale hypervisor management driver provides several services
to drivers and applications related to the Freescale hypervisor:
1) An ioctl interface for querying and managing partitions.
2) A file interface to reading incoming doorbells.
3) An interrupt handler for shutting down the partition upon
receiving the shutdown doorbell from a manager partition.
4) A kernel interface for receiving callbacks when a managed
partition shuts down.
source "drivers/virt/vboxguest/Kconfig"
source "drivers/virt/nitro_enclaves/Kconfig"
source "drivers/virt/acrn/Kconfig"
source "drivers/virt/coco/efi_secret/Kconfig"
endif
Reference in New Issue View Git Blame Copy Permalink