Announcement

Collapse
No announcement yet.

Linux 5.19 Allows EFI Accessing VM Secrets For Confidential Computing / AMD SEV

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.19 Allows EFI Accessing VM Secrets For Confidential Computing / AMD SEV

    Phoronix: Linux 5.19 Allows EFI Accessing VM Secrets For Confidential Computing / AMD SEV

    The EFI changes for the Linux 5.19 kernel bring a few interesting changes, including the ability to access secrets injected into the boot image via Confidential Computing "CoCo" hypervisors...

    https://www.phoronix.com/scan.php?pa...I-Secrets-CoCo

  • #2
    For me CoCo will always be Color Computer 😎

    Comment


    • #3
      Is this a trojan in kernel space??

      Comment


      • #4
        Originally posted by tuxd3v View Post
        Is this a trojan in kernel space??
        The intended use is more like a secure channel for passing, e.g., encryption keys and passwords, between a VM and its hypervisor.

        E.g., the decryption key required to access an encrypted storage is never present in the VM image. It's provided by the hypervisor over this channel.
        Thus if the VM image were accidentally leaked, no critical information would be leaked, as the critical information in only handed over through such channels, never stored on the VM's (virtual) disk.

        Basically boils down to "don't store your password in the config files", but done at the scale of whole .VDI files instead of .INI/.conf

        Comment

        Working...
        X