From: "Chang S. Bae" <chang.seok.bae@intel.com>
To: tglx@linutronix.de, bp@suse.de, dave.hansen@linux.intel.com,
mingo@kernel.org, luto@kernel.org, x86@kernel.org,
herbert@gondor.apana.org.au
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
ebiggers@kernel.org, dan.j.williams@intel.com,
charishma1.gairuboyina@intel.com, kumar.n.dwarakanath@intel.com,
lalithambika.krishnakumar@intel.com, ravi.v.shankar@intel.com,
chang.seok.bae@intel.com
Subject: [PATCH v4 02/13] x86/cpufeature: Enumerate Key Locker feature
Date: Mon, 13 Dec 2021 16:52:01 -0800 [thread overview]
Message-ID: <20211214005212.20588-3-chang.seok.bae@intel.com> (raw)
In-Reply-To: <20211214005212.20588-1-chang.seok.bae@intel.com>
Key Locker is a CPU feature to minimize exposure of clear-text key
material. An encoded form, called 'key handle', is referenced for data
encryption or decryption instead of accessing the clear text key.
A wrapping key loaded in the CPU's software-inaccessible state is used to
transform a user key into a key handle.
It supports Advanced Encryption Standard (AES) cipher algorithm with new
SIMD instruction set like its predecessor (AES-NI). So a new AES
implementation will follow in the kernel's crypto library.
Here add it to enumerate the hardware capability, but it will not be
shown in /proc/cpuinfo as userspace usage is not supported.
Make the feature depend on XMM2 as it comes with AES SIMD instructions.
Add X86_FEATURE_KEYLOCKER to the disabled features mask. It will be
enabled under a new config option.
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
---
Changes from RFC v2:
* Do not publish the feature flag to userspace.
* Update the changelog.
Changes from RFC v1:
* Updated the changelog.
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/disabled-features.h | 8 +++++++-
arch/x86/include/uapi/asm/processor-flags.h | 2 ++
arch/x86/kernel/cpu/cpuid-deps.c | 1 +
4 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index d5b5f2ab87a0..e1964446bbe5 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -361,6 +361,7 @@
#define X86_FEATURE_AVX512_VPOPCNTDQ (16*32+14) /* POPCNT for vectors of DW/QW */
#define X86_FEATURE_LA57 (16*32+16) /* 5-level page tables */
#define X86_FEATURE_RDPID (16*32+22) /* RDPID instruction */
+#define X86_FEATURE_KEYLOCKER (16*32+23) /* "" Key Locker */
#define X86_FEATURE_BUS_LOCK_DETECT (16*32+24) /* Bus Lock detect */
#define X86_FEATURE_CLDEMOTE (16*32+25) /* CLDEMOTE instruction */
#define X86_FEATURE_MOVDIRI (16*32+27) /* MOVDIRI instruction */
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index 8f28fafa98b3..75e1e87640d4 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -44,6 +44,12 @@
# define DISABLE_OSPKE (1<<(X86_FEATURE_OSPKE & 31))
#endif /* CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS */
+#ifdef CONFIG_X86_KEYLOCKER
+# define DISABLE_KEYLOCKER 0
+#else
+# define DISABLE_KEYLOCKER (1<<(X86_FEATURE_KEYLOCKER & 31))
+#endif /* CONFIG_X86_KEYLOCKER */
+
#ifdef CONFIG_X86_5LEVEL
# define DISABLE_LA57 0
#else
@@ -85,7 +91,7 @@
#define DISABLED_MASK14 0
#define DISABLED_MASK15 0
#define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UMIP| \
- DISABLE_ENQCMD)
+ DISABLE_ENQCMD|DISABLE_KEYLOCKER)
#define DISABLED_MASK17 0
#define DISABLED_MASK18 0
#define DISABLED_MASK19 0
diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h
index bcba3c643e63..b958a95a0908 100644
--- a/arch/x86/include/uapi/asm/processor-flags.h
+++ b/arch/x86/include/uapi/asm/processor-flags.h
@@ -124,6 +124,8 @@
#define X86_CR4_PCIDE _BITUL(X86_CR4_PCIDE_BIT)
#define X86_CR4_OSXSAVE_BIT 18 /* enable xsave and xrestore */
#define X86_CR4_OSXSAVE _BITUL(X86_CR4_OSXSAVE_BIT)
+#define X86_CR4_KEYLOCKER_BIT 19 /* enable Key Locker */
+#define X86_CR4_KEYLOCKER _BITUL(X86_CR4_KEYLOCKER_BIT)
#define X86_CR4_SMEP_BIT 20 /* enable SMEP support */
#define X86_CR4_SMEP _BITUL(X86_CR4_SMEP_BIT)
#define X86_CR4_SMAP_BIT 21 /* enable SMAP support */
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index c881bcafba7d..abe7e04b27d9 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -78,6 +78,7 @@ static const struct cpuid_dep cpuid_deps[] = {
{ X86_FEATURE_XFD, X86_FEATURE_XSAVES },
{ X86_FEATURE_XFD, X86_FEATURE_XGETBV1 },
{ X86_FEATURE_AMX_TILE, X86_FEATURE_XFD },
+ { X86_FEATURE_KEYLOCKER, X86_FEATURE_XMM2 },
{}
};
--
2.17.1
next prev parent reply other threads:[~2021-12-14 0:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-14 0:51 [PATCH v4 00/13] x86: Support Key Locker Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 01/13] Documentation/x86: Document " Chang S. Bae
2021-12-14 0:52 ` Chang S. Bae [this message]
2021-12-14 0:52 ` [PATCH v4 03/13] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 04/13] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 05/13] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 06/13] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 07/13] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 08/13] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states Chang S. Bae
2021-12-17 15:42 ` Rafael J. Wysocki
2021-12-22 4:58 ` Bae, Chang Seok
2021-12-14 0:52 ` [PATCH v4 09/13] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 10/13] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 11/13] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2021-12-24 17:42 ` Andy Lutomirski
2022-01-07 18:06 ` Bae, Chang Seok
2021-12-14 0:52 ` [PATCH v4 12/13] crypto: x86/aes-kl - Support CBC mode Chang S. Bae
2021-12-14 0:52 ` [PATCH v4 13/13] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2021-12-16 1:09 ` [PATCH v4 00/13] x86: Support Key Locker Eric Biggers
2022-01-05 21:55 ` Bae, Chang Seok
2022-01-05 21:55 ` [dm-devel] " Bae, Chang Seok
2022-01-06 5:07 ` Eric Biggers
2022-01-06 5:07 ` [dm-devel] " Eric Biggers
2022-01-06 6:13 ` Bae, Chang Seok
2022-01-06 6:13 ` [dm-devel] " Bae, Chang Seok
2022-01-06 16:25 ` Milan Broz
2022-01-06 16:25 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211214005212.20588-3-chang.seok.bae@intel.com \
--to=chang.seok.bae@intel.com \
--cc=bp@suse.de \
--cc=charishma1.gairuboyina@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=kumar.n.dwarakanath@intel.com \
--cc=lalithambika.krishnakumar@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.