Skip to content

Commit

Permalink
x86/tdx: Limit the list of ACPI tables allowed
Browse files Browse the repository at this point in the history 
In order to reduce the attack surface, allow only necessary
ACPI tables in TDX guest platforms.

Current list of allowed tables are, XSDT,FACP,DSDT,FACS,APIC.

Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
  • Loading branch information
Kuppuswamy Sathyanarayanan committed Nov 10, 2022
1 parent 5df08b7 commit d84774e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions arch/x86/coco/tdx/filter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,5 +265,7 @@ void __init tdx_filter_init(void)
pr_debug("Device filter is overridden\n");
}

acpi_tbl_allow_setup("XSDT,FACP,DSDT,FACS,APIC");

pr_info("Enabled TDX guest device filter\n");
}

0 comments on commit d84774e

Please sign in to comment.