1 What: security/secrets/coco
2 Date: February 2022
3 Contact: Dov Murik <dovmurik@linux.ibm.c
4 Description:
5 Exposes confidential computing
6 userspace via securityfs.
7
8 EFI can declare memory area us
9 platforms (such as AMD SEV and
10 the Guest Owner during VM's la
11 by the Guest Owner and decrypt
12 and therefore are not readable
13
14 The efi_secret module exposes
15 secret appears as a file under
16 where the filename is the GUID
17 table. This module is loaded
18 if the EFI secret area is popu
19
20 Two operations are supported f
21 Reading the file returns the c
22 Unlinking the file overwrites
23 removes the entry from the fil
24 after it has been unlinked.
25
26 For example, listing the avail
27
28 # modprobe efi_secret
29 # ls -l /sys/kernel/security
30 -r--r----- 1 root root 0 Jun
31 -r--r----- 1 root root 0 Jun
32 -r--r----- 1 root root 0 Jun
33 -r--r----- 1 root root 0 Jun
34
35 Reading the secret data by rea
36
37 # cat /sys/kernel/security/s
38 the-content-of-the-secret-da
39
40 Wiping a secret by unlinking a
41
42 # rm /sys/kernel/security/se
43 # ls -l /sys/kernel/security
44 -r--r----- 1 root root 0 Jun
45 -r--r----- 1 root root 0 Jun
46 -r--r----- 1 root root 0 Jun
47
48 Note: The binary format of the
49 Guest Owner is described in
50 drivers/virt/coco/efi_secret/e
51 the EFI secret area".
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.