On Fri, 2020-11-13 at 00:02 -0600, Glenn Washburn wrote:
[...]
> diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
> > index e9d23299a..5514c16a3 100644
> > --- a/grub-core/disk/geli.c
> > +++ b/grub-core/disk/geli.c
> > @@ -398,7 +398,8 @@ configure_ciphers (grub_disk_t disk, const char
>
On Fri, 2020-11-13 at 13:23 +, Dr. David Alan Gilbert wrote:
> * James Bottomley (j...@linux.ibm.com) wrote:
[...]
> > @@ -1117,11 +1151,28 @@ grub_cmd_cryptomount (grub_extcmd_context_t
> > ctxt, int argc, char **args)
> >else if (state[1].set || (argc == 0 && state[2].set))
> > {
> >
On Wed, 11 Nov 2020, 04:39 Michael Chang, wrote:
> On Tue, Nov 10, 2020 at 08:49:52PM +0100, Vladimir 'phcoder' Serbinenko
> wrote:
> > From: Vladimir Serbinenko
> > Date: Tue, 10 Nov 2020 20:42:12 +0100
> > Subject: [PATCH 1/2] Warn on small MBR gaps on complicated setups
> >
> > Signed-off-by:
On Fri, 2020-11-13 at 17:50 +, Dr. David Alan Gilbert wrote:
> * James Bottomley (j...@linux.ibm.com) wrote:
> > To achieve encrypted disk images in the AMD SEV encrypted virtual
> > machine, we need to add the ability for grub to retrieve the disk
> > passphrase from the SEV launch secret. To
* James Bottomley (j...@linux.ibm.com) wrote:
> Make use of the new OS provided secrets API so that if the new '-s'
> option is passed in we try to extract the secret from the API rather
> than prompting for it.
>
> The primary consumer of this is AMD SEV, which has been programmed to
> provide an
* James Bottomley (j...@linux.ibm.com) wrote:
> To achieve encrypted disk images in the AMD SEV encrypted virtual
> machine, we need to add the ability for grub to retrieve the disk
> passphrase from the SEV launch secret. To do this, we've modified
> OVMF to set aside an area for the injected sec
* James Bottomley (j...@linux.ibm.com) wrote:
> On Fri, 2020-11-13 at 17:50 +, Dr. David Alan Gilbert wrote:
> > * James Bottomley (j...@linux.ibm.com) wrote:
> > > To achieve encrypted disk images in the AMD SEV encrypted virtual
> > > machine, we need to add the ability for grub to retrieve t
On Fri, 2020-11-13 at 18:21 +, Dr. David Alan Gilbert wrote:
> * James Bottomley (j...@linux.ibm.com) wrote:
> > On Fri, 2020-11-13 at 17:50 +, Dr. David Alan Gilbert wrote:
> > > * James Bottomley (j...@linux.ibm.com) wrote:
> > > > To achieve encrypted disk images in the AMD SEV encrypted
From 1dc9b5b9ac60047f9cb890f1f2a312bfb83b681c Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko
Date: Mon, 27 Apr 2020 17:50:04 +0200
Subject: [PATCH v4 1/2] Warn if MBR gap is small and user uses advanced modules
We don't want to support small MBR gap in pair with anything but
the simplest conf
From 9adf27de26242ad662989e279729d3148e3ecab2 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko
Date: Tue, 10 Nov 2020 20:23:56 +0100
Subject: [PATCH 2/2] Document new limitations on MBR gap support
Signed-off-by: Vladimir Serbinenko
---
docs/grub.texi | 43
From 515ee70c0a289624f71f43cbd09be2a1b929f574 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko
Date: Mon, 27 Apr 2020 17:50:04 +0200
Subject: [PATCH 1/2] Warn if MBR gap is small and user uses advanced modules
We don't want to support small MBR gap in pair with anything but
the simplest config
From 4bd2f59773bec11ad7be1ced5b49edbf44d711f2 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko
Date: Tue, 10 Nov 2020 20:23:56 +0100
Subject: [PATCH 2/2] Document new limitations on MBR gap support
Signed-off-by: Vladimir Serbinenko
---
docs/grub.texi | 43
Signed-off-by: Vladimir Serbinenko
On Fri, Nov 13, 2020 at 9:27 PM Vladimir 'phcoder' Serbinenko
wrote:
>
> From 515ee70c0a289624f71f43cbd09be2a1b929f574 Mon Sep 17 00:00:00 2001
> From: Vladimir Serbinenko
> Date: Mon, 27 Apr 2020 17:50:04 +0200
> Subject: [PATCH 1/2] Warn if MBR gap is small
v2: update geli.c to use conditional prompt and add callback for
variable message printing and secret destruction
To achieve encrypted disk images in the AMD SEV encrypted virtual
machine, we need to add the ability for grub to retrieve the disk
passphrase from the SEV launch secret. To do th
For AMD SEV environments, the grub boot password has to be retrieved
from a given memory location rather than prompted for. This means
that the standard password getter needs to be replaced with one that
gets the passphrase from the SEV area and uses that instead. Adding
the password getter as a
Make use of the new OS provided secrets API so that if the new '-s'
option is passed in we try to extract the secret from the API rather
than prompting for it.
The primary consumer of this is AMD SEV, which has been programmed to
provide an injectable secret to the encrypted virtual machine. OVMF
This module is designed to provide a sevsecret command which
interrogates the EFI configuration table to find the location of the
sev secret injection and tries to register the secret with the
cryptodisk.
The secret is stored in an injection area, usually a page in size. The layout
of the secret
Hey,
This is next attempt to create firmware and bootloader log specification.
Due to high interest among industry it is an extension to the initial
bootloader log only specification. It takes into the account most of the
comments which I got up until now.
The goal is to pass all logs produced by
On Fri, 13 Nov 2020 14:25:08 -0800
James Bottomley wrote:
> For AMD SEV environments, the grub boot password has to be retrieved
> from a given memory location rather than prompted for. This means
> that the standard password getter needs to be replaced with one that
> gets the passphrase from t
On Fri, 13 Nov 2020 14:25:09 -0800
James Bottomley wrote:
> Make use of the new OS provided secrets API so that if the new '-s'
> option is passed in we try to extract the secret from the API rather
> than prompting for it.
>
> The primary consumer of this is AMD SEV, which has been programmed t
On Fri, 13 Nov 2020 14:25:07 -0800
James Bottomley wrote:
> v2: update geli.c to use conditional prompt and add callback for
> variable message printing and secret destruction
>
> To achieve encrypted disk images in the AMD SEV encrypted virtual
> machine, we need to add the ability for grub
On Fri, 2020-11-13 at 19:50 -0600, Glenn Washburn wrote:
> On Fri, 13 Nov 2020 14:25:07 -0800
> James Bottomley wrote:
>
> > v2: update geli.c to use conditional prompt and add callback for
> > variable message printing and secret destruction
> >
> > To achieve encrypted disk images in the A
On Fri, 13 Nov 2020 18:48:30 -0800
James Bottomley wrote:
> On Fri, 2020-11-13 at 19:50 -0600, Glenn Washburn wrote:
> > On Fri, 13 Nov 2020 14:25:07 -0800
> > James Bottomley wrote:
> >
> > > v2: update geli.c to use conditional prompt and add callback for
> > > variable message printing a
23 matches
Mail list logo