From: "Chang S. Bae" <chang.seok.bae@intel.com> To: linux-crypto@vger.kernel.org, dm-devel@redhat.com, herbert@gondor.apana.org.au, ebiggers@kernel.org, ardb@kernel.org, x86@kernel.org, luto@kernel.org, tglx@linutronix.de, bp@suse.de, dave.hansen@linux.intel.com, mingo@kernel.org Cc: linux-kernel@vger.kernel.org, dan.j.williams@intel.com, charishma1.gairuboyina@intel.com, kumar.n.dwarakanath@intel.com, ravi.v.shankar@intel.com, chang.seok.bae@intel.com Subject: [PATCH v5 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Date: Wed, 12 Jan 2022 13:12:57 -0800 [thread overview] Message-ID: <20220112211258.21115-12-chang.seok.bae@intel.com> (raw) In-Reply-To: <20220112211258.21115-1-chang.seok.bae@intel.com> Key Locker is a CPU feature to reduce key exfiltration opportunities while maintaining a programming interface similar to AES-NI. It converts the AES key into an encoded form, called the 'key handle'. The key handle is a wrapped version of the clear-text key where the wrapping key has limited exposure. Once converted via setkey(), all subsequent data encryption using new AES instructions ('AES-KL') uses this key handle, reducing the exposure of private key material in memory. AES-KL is analogous to that of AES-NI. Most assembly code is translated from the AES-NI code. They are operational in both 32-bit and 64-bit modes like AES-NI. However, users need to be aware of the following differences: == Key Handle == AES-KL may fail with an invalid key handle. It could be corrupted or fail with handle restriction. A key handle may be encoded with some restrictions. The implementation restricts every handle only available in kernel mode via setkey(). === AES Compliance === Key Locker is not AES compliant in that it lacks support for 192-bit keys. However, per the expectations of Linux crypto-cipher implementations the software cipher implementation must support all the AES compliant key-sizes. The AES-KL cipher implementation achieves this constraint by logging a warning and falling back to AES-NI. In other words the 192-bit key-size limitation for what can be converted into a Key Locker key-handle is only documented, not enforced. This along with the below performance and failure mode implications is an end-user consideration for selecting AES-KL vs AES-NI. == API Limitation == The setkey() function transforms an AES key to a handle. An extended key is a usual outcome of setkey() in other AES cipher implementations. For this reason, a setkey() failure does not fall back to the other. So, AES-KL will be exposed via synchronous interfaces only. == Wrapping-key Restore Failure == The setkey() failure is also possible with the wrapping-key restore failure. In an event of hardware failure, the wrapping key is lost from deep sleep states. Then, setkey() will fail with the ENODEV error. And the suspended data transforming task may resume but will fail due to the wrapping key change. == Performance == This feature comes with some performance penalties vs AES-NI. The cryptsetup benchmark indicates Key Locker raw throughput can be ~5x slower than AES-NI. For disk encryption, storage bandwidth may be the bottleneck before encryption bandwidth, but the potential performance difference is why AES-KL is advertised as a distinct cipher in /proc/crypto rather than the kernel transparently replacing AES-NI usage with AES-KL. Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com> Reviewed-by: Dan Williams <dan.j.williams@intel.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: x86@kernel.org Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- Changes from v3: * Exclude non-AES-KL objects. (Eric Biggers) * Simplify the assembler dependency check. (Peter Zijlstra) * Trim the Kconfig help text. (Dan Williams) * Fix a defined-but-not-used warning. Changes from RFC v2: * Move out each mode support in new patches. * Update the changelog to describe the limitation and the tradeoff clearly. (Andy Lutomirski) Changes from RFC v1: * Rebased on the refactored code. (Ard Biesheuvel) * Dropped exporting the single block interface. (Ard Biesheuvel) * Fixed the fallback and error handling paths. (Ard Biesheuvel) * Revised the module description. (Dave Hansen and Peter Zijlsta) * Made the build depend on the binutils version to support new instructions. (Borislav Petkov and Peter Zijlstra) * Updated the changelog accordingly. Link: https://lore.kernel.org/lkml/CAMj1kXGa4f21eH0mdxd1pQsZMUjUr1Btq+Dgw-gC=O-yYft7xw@mail.gmail.com/ --- arch/x86/crypto/Makefile | 3 + arch/x86/crypto/aeskl-intel_asm.S | 184 +++++++++++++++++++++++++++++ arch/x86/crypto/aeskl-intel_glue.c | 115 ++++++++++++++++++ crypto/Kconfig | 36 ++++++ 4 files changed, 338 insertions(+) create mode 100644 arch/x86/crypto/aeskl-intel_asm.S create mode 100644 arch/x86/crypto/aeskl-intel_glue.c diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile index ef6c0b9f69c6..3a64779af974 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -50,6 +50,9 @@ obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o aes-intel_glue.o aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o +obj-$(CONFIG_CRYPTO_AES_KL) += aeskl-intel.o +aeskl-intel-y := aeskl-intel_asm.o aeskl-intel_glue.o + obj-$(CONFIG_CRYPTO_SHA1_SSSE3) += sha1-ssse3.o sha1-ssse3-y := sha1_avx2_x86_64_asm.o sha1_ssse3_asm.o sha1_ssse3_glue.o sha1-ssse3-$(CONFIG_AS_SHA1_NI) += sha1_ni_asm.o diff --git a/arch/x86/crypto/aeskl-intel_asm.S b/arch/x86/crypto/aeskl-intel_asm.S new file mode 100644 index 000000000000..d56ec8dd6644 --- /dev/null +++ b/arch/x86/crypto/aeskl-intel_asm.S @@ -0,0 +1,184 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Implement AES algorithm using Intel AES Key Locker instructions. + * + * Most code is based from the AES-NI implementation, aesni-intel_asm.S + * + */ + +#include <linux/linkage.h> +#include <asm/inst.h> +#include <asm/frame.h> +#include "aes-intel_asm.S" + +.text + +#define STATE1 %xmm0 +#define STATE2 %xmm1 +#define STATE3 %xmm2 +#define STATE4 %xmm3 +#define STATE5 %xmm4 +#define STATE6 %xmm5 +#define STATE7 %xmm6 +#define STATE8 %xmm7 +#define STATE STATE1 + +#define IV %xmm9 +#define KEY %xmm10 +#define BSWAP_MASK %xmm11 +#define CTR %xmm12 +#define INC %xmm13 + +#ifdef __x86_64__ +#define IN1 %xmm8 +#define IN2 %xmm9 +#define IN3 %xmm10 +#define IN4 %xmm11 +#define IN5 %xmm12 +#define IN6 %xmm13 +#define IN7 %xmm14 +#define IN8 %xmm15 +#define IN IN1 +#define TCTR_LOW %r11 +#else +#define IN %xmm1 +#endif + +#ifdef __x86_64__ +#define AREG %rax +#define HANDLEP %rdi +#define OUTP %rsi +#define KLEN %r9d +#define INP %rdx +#define T1 %r10 +#define LEN %rcx +#define IVP %r8 +#else +#define AREG %eax +#define HANDLEP %edi +#define OUTP AREG +#define KLEN %ebx +#define INP %edx +#define T1 %ecx +#define LEN %esi +#define IVP %ebp +#endif + +#define UKEYP OUTP +#define GF128MUL_MASK %xmm11 + +/* + * int aeskl_setkey(struct crypto_aes_ctx *ctx, const u8 *in_key, unsigned int key_len) + */ +SYM_FUNC_START(aeskl_setkey) + FRAME_BEGIN +#ifndef __x86_64__ + push HANDLEP + movl (FRAME_OFFSET+8)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+12)(%esp), UKEYP # in_key + movl (FRAME_OFFSET+16)(%esp), %edx # key_len +#endif + movl %edx, 480(HANDLEP) + movdqu (UKEYP), STATE1 + mov $1, %eax + cmp $16, %dl + je .Lsetkey_128 + + movdqu 0x10(UKEYP), STATE2 + encodekey256 %eax, %eax + movdqu STATE4, 0x30(HANDLEP) + jmp .Lsetkey_end +.Lsetkey_128: + encodekey128 %eax, %eax + +.Lsetkey_end: + movdqu STATE1, (HANDLEP) + movdqu STATE2, 0x10(HANDLEP) + movdqu STATE3, 0x20(HANDLEP) + + xor AREG, AREG +#ifndef __x86_64__ + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(aeskl_setkey) + +/* + * int _aeskl_enc(const void *ctx, u8 *dst, const u8 *src) + */ +SYM_FUNC_START(_aeskl_enc) + FRAME_BEGIN +#ifndef __x86_64__ + pushl HANDLEP + pushl KLEN + movl (FRAME_OFFSET+12)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+16)(%esp), OUTP # dst + movl (FRAME_OFFSET+20)(%esp), INP # src +#endif + movdqu (INP), STATE + movl 480(HANDLEP), KLEN + + cmp $16, KLEN + je .Lenc_128 + aesenc256kl (HANDLEP), STATE + jz .Lenc_err + jmp .Lenc_noerr +.Lenc_128: + aesenc128kl (HANDLEP), STATE + jz .Lenc_err + +.Lenc_noerr: + xor AREG, AREG + jmp .Lenc_end +.Lenc_err: + mov $1, AREG +.Lenc_end: + movdqu STATE, (OUTP) +#ifndef __x86_64__ + popl KLEN + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(_aeskl_enc) + +/* + * int _aeskl_dec(const void *ctx, u8 *dst, const u8 *src) + */ +SYM_FUNC_START(_aeskl_dec) + FRAME_BEGIN +#ifndef __x86_64__ + pushl HANDLEP + pushl KLEN + movl (FRAME_OFFSET+12)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+16)(%esp), OUTP # dst + movl (FRAME_OFFSET+20)(%esp), INP # src +#endif + movdqu (INP), STATE + mov 480(HANDLEP), KLEN + + cmp $16, KLEN + je .Ldec_128 + aesdec256kl (HANDLEP), STATE + jz .Ldec_err + jmp .Ldec_noerr +.Ldec_128: + aesdec128kl (HANDLEP), STATE + jz .Ldec_err + +.Ldec_noerr: + xor AREG, AREG + jmp .Ldec_end +.Ldec_err: + mov $1, AREG +.Ldec_end: + movdqu STATE, (OUTP) +#ifndef __x86_64__ + popl KLEN + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(_aeskl_dec) + diff --git a/arch/x86/crypto/aeskl-intel_glue.c b/arch/x86/crypto/aeskl-intel_glue.c new file mode 100644 index 000000000000..0062baaaf7b2 --- /dev/null +++ b/arch/x86/crypto/aeskl-intel_glue.c @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Support for AES Key Locker instructions. This file contains glue + * code and the real AES implementation is in aeskl-intel_asm.S. + * + * Most code is based on AES-NI glue code, aesni-intel_glue.c + */ + +#include <linux/types.h> +#include <linux/module.h> +#include <linux/err.h> +#include <crypto/algapi.h> +#include <crypto/aes.h> +#include <crypto/xts.h> +#include <crypto/internal/skcipher.h> +#include <crypto/internal/simd.h> +#include <asm/simd.h> +#include <asm/cpu_device_id.h> +#include <asm/fpu/api.h> +#include <asm/keylocker.h> + +#include "aes-intel_glue.h" +#include "aesni-intel_glue.h" + +asmlinkage int aeskl_setkey(struct crypto_aes_ctx *ctx, const u8 *in_key, unsigned int key_len); + +asmlinkage int _aeskl_enc(const void *ctx, u8 *out, const u8 *in); +asmlinkage int _aeskl_dec(const void *ctx, u8 *out, const u8 *in); + +static int __maybe_unused aeskl_setkey_common(struct crypto_tfm *tfm, void *raw_ctx, + const u8 *in_key, unsigned int key_len) +{ + struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx); + int err; + + if (!crypto_simd_usable()) + return -EBUSY; + + if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 && + key_len != AES_KEYSIZE_256) + return -EINVAL; + + kernel_fpu_begin(); + if (unlikely(key_len == AES_KEYSIZE_192)) { + pr_warn_once("AES-KL does not support 192-bit key. Use AES-NI.\n"); + err = aesni_set_key(ctx, in_key, key_len); + } else { + if (!valid_keylocker()) + err = -ENODEV; + else + err = aeskl_setkey(ctx, in_key, key_len); + } + kernel_fpu_end(); + + return err; +} + +static inline u32 keylength(const void *raw_ctx) +{ + struct crypto_aes_ctx *ctx = aes_ctx((void *)raw_ctx); + + return ctx->key_length; +} + +static inline int aeskl_enc(const void *ctx, u8 *out, const u8 *in) +{ + if (unlikely(keylength(ctx) == AES_KEYSIZE_192)) + return -EINVAL; + else if (!valid_keylocker()) + return -ENODEV; + else if (_aeskl_enc(ctx, out, in)) + return -EINVAL; + else + return 0; +} + +static inline int aeskl_dec(const void *ctx, u8 *out, const u8 *in) +{ + if (unlikely(keylength(ctx) == AES_KEYSIZE_192)) + return -EINVAL; + else if (!valid_keylocker()) + return -ENODEV; + else if (_aeskl_dec(ctx, out, in)) + return -EINVAL; + else + return 0; +} + +static int __init aeskl_init(void) +{ + if (!valid_keylocker()) + return -ENODEV; + + /* + * AES-KL itself does not depend on AES-NI. But AES-KL does not + * support 192-bit keys. To make itself AES-compliant, it falls + * back to AES-NI. + */ + if (!boot_cpu_has(X86_FEATURE_AES)) + return -ENODEV; + + return 0; +} + +static void __exit aeskl_exit(void) +{ + return; +} + +late_initcall(aeskl_init); +module_exit(aeskl_exit); + +MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, AES Key Locker implementation"); +MODULE_LICENSE("GPL"); +MODULE_ALIAS_CRYPTO("aes"); diff --git a/crypto/Kconfig b/crypto/Kconfig index 285f82647d2b..b8b5d0353f58 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1113,6 +1113,42 @@ config CRYPTO_AES_NI_INTEL ECB, CBC, LRW, XTS. The 64 bit version has additional acceleration for CTR. +config AS_HAS_KEYLOCKER + def_bool $(as-instr,encodekey256 %eax$(comma)%eax) + help + Supported by binutils >= 2.36 and LLVM integrated assembler >= V12 + +config CRYPTO_AES_KL + tristate "AES cipher algorithms (AES-KL)" + depends on AS_HAS_KEYLOCKER + depends on CRYPTO_AES_NI_INTEL + select X86_KEYLOCKER + + help + Key Locker provides AES SIMD instructions (AES-KL) for secure + data encryption and decryption. While this new instruction + set is analogous to AES-NI, AES-KL supports to encode an AES + key to an encoded form ('key handle') and uses it to transform + data instead of accessing the AES key. + + The setkey() transforms an AES key to a key handle, then the AES + key is no longer needed for data transformation. A user may + displace their keys from possible exposition. + + This key encryption is done by the CPU-internal wrapping key. + This wrapping key support is provided with X86_KEYLOCKER. + + AES-KL supports 128-/256-bit keys only. While giving a 192-bit + key does not return an error, as the AES-NI driver is chosen to + process it, the claimed security property is not available with + that. + + Bare metal disk encryption is the preferred use case. Key Locker + usage requires explicit opt-in at setup time. So select it if + unsure. + + See Documentation/x86/keylocker.rst for more details. + config CRYPTO_AES_SPARC64 tristate "AES cipher algorithms (SPARC64)" depends on SPARC64 -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: "Chang S. Bae" <chang.seok.bae@intel.com> To: linux-crypto@vger.kernel.org, dm-devel@redhat.com, herbert@gondor.apana.org.au, ebiggers@kernel.org, ardb@kernel.org, x86@kernel.org, luto@kernel.org, tglx@linutronix.de, bp@suse.de, dave.hansen@linux.intel.com, mingo@kernel.org Cc: ravi.v.shankar@intel.com, chang.seok.bae@intel.com, linux-kernel@vger.kernel.org, kumar.n.dwarakanath@intel.com, dan.j.williams@intel.com, charishma1.gairuboyina@intel.com Subject: [dm-devel] [PATCH v5 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Date: Wed, 12 Jan 2022 13:12:57 -0800 [thread overview] Message-ID: <20220112211258.21115-12-chang.seok.bae@intel.com> (raw) In-Reply-To: <20220112211258.21115-1-chang.seok.bae@intel.com> Key Locker is a CPU feature to reduce key exfiltration opportunities while maintaining a programming interface similar to AES-NI. It converts the AES key into an encoded form, called the 'key handle'. The key handle is a wrapped version of the clear-text key where the wrapping key has limited exposure. Once converted via setkey(), all subsequent data encryption using new AES instructions ('AES-KL') uses this key handle, reducing the exposure of private key material in memory. AES-KL is analogous to that of AES-NI. Most assembly code is translated from the AES-NI code. They are operational in both 32-bit and 64-bit modes like AES-NI. However, users need to be aware of the following differences: == Key Handle == AES-KL may fail with an invalid key handle. It could be corrupted or fail with handle restriction. A key handle may be encoded with some restrictions. The implementation restricts every handle only available in kernel mode via setkey(). === AES Compliance === Key Locker is not AES compliant in that it lacks support for 192-bit keys. However, per the expectations of Linux crypto-cipher implementations the software cipher implementation must support all the AES compliant key-sizes. The AES-KL cipher implementation achieves this constraint by logging a warning and falling back to AES-NI. In other words the 192-bit key-size limitation for what can be converted into a Key Locker key-handle is only documented, not enforced. This along with the below performance and failure mode implications is an end-user consideration for selecting AES-KL vs AES-NI. == API Limitation == The setkey() function transforms an AES key to a handle. An extended key is a usual outcome of setkey() in other AES cipher implementations. For this reason, a setkey() failure does not fall back to the other. So, AES-KL will be exposed via synchronous interfaces only. == Wrapping-key Restore Failure == The setkey() failure is also possible with the wrapping-key restore failure. In an event of hardware failure, the wrapping key is lost from deep sleep states. Then, setkey() will fail with the ENODEV error. And the suspended data transforming task may resume but will fail due to the wrapping key change. == Performance == This feature comes with some performance penalties vs AES-NI. The cryptsetup benchmark indicates Key Locker raw throughput can be ~5x slower than AES-NI. For disk encryption, storage bandwidth may be the bottleneck before encryption bandwidth, but the potential performance difference is why AES-KL is advertised as a distinct cipher in /proc/crypto rather than the kernel transparently replacing AES-NI usage with AES-KL. Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com> Reviewed-by: Dan Williams <dan.j.williams@intel.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: x86@kernel.org Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- Changes from v3: * Exclude non-AES-KL objects. (Eric Biggers) * Simplify the assembler dependency check. (Peter Zijlstra) * Trim the Kconfig help text. (Dan Williams) * Fix a defined-but-not-used warning. Changes from RFC v2: * Move out each mode support in new patches. * Update the changelog to describe the limitation and the tradeoff clearly. (Andy Lutomirski) Changes from RFC v1: * Rebased on the refactored code. (Ard Biesheuvel) * Dropped exporting the single block interface. (Ard Biesheuvel) * Fixed the fallback and error handling paths. (Ard Biesheuvel) * Revised the module description. (Dave Hansen and Peter Zijlsta) * Made the build depend on the binutils version to support new instructions. (Borislav Petkov and Peter Zijlstra) * Updated the changelog accordingly. Link: https://lore.kernel.org/lkml/CAMj1kXGa4f21eH0mdxd1pQsZMUjUr1Btq+Dgw-gC=O-yYft7xw@mail.gmail.com/ --- arch/x86/crypto/Makefile | 3 + arch/x86/crypto/aeskl-intel_asm.S | 184 +++++++++++++++++++++++++++++ arch/x86/crypto/aeskl-intel_glue.c | 115 ++++++++++++++++++ crypto/Kconfig | 36 ++++++ 4 files changed, 338 insertions(+) create mode 100644 arch/x86/crypto/aeskl-intel_asm.S create mode 100644 arch/x86/crypto/aeskl-intel_glue.c diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile index ef6c0b9f69c6..3a64779af974 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -50,6 +50,9 @@ obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o aes-intel_glue.o aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o +obj-$(CONFIG_CRYPTO_AES_KL) += aeskl-intel.o +aeskl-intel-y := aeskl-intel_asm.o aeskl-intel_glue.o + obj-$(CONFIG_CRYPTO_SHA1_SSSE3) += sha1-ssse3.o sha1-ssse3-y := sha1_avx2_x86_64_asm.o sha1_ssse3_asm.o sha1_ssse3_glue.o sha1-ssse3-$(CONFIG_AS_SHA1_NI) += sha1_ni_asm.o diff --git a/arch/x86/crypto/aeskl-intel_asm.S b/arch/x86/crypto/aeskl-intel_asm.S new file mode 100644 index 000000000000..d56ec8dd6644 --- /dev/null +++ b/arch/x86/crypto/aeskl-intel_asm.S @@ -0,0 +1,184 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Implement AES algorithm using Intel AES Key Locker instructions. + * + * Most code is based from the AES-NI implementation, aesni-intel_asm.S + * + */ + +#include <linux/linkage.h> +#include <asm/inst.h> +#include <asm/frame.h> +#include "aes-intel_asm.S" + +.text + +#define STATE1 %xmm0 +#define STATE2 %xmm1 +#define STATE3 %xmm2 +#define STATE4 %xmm3 +#define STATE5 %xmm4 +#define STATE6 %xmm5 +#define STATE7 %xmm6 +#define STATE8 %xmm7 +#define STATE STATE1 + +#define IV %xmm9 +#define KEY %xmm10 +#define BSWAP_MASK %xmm11 +#define CTR %xmm12 +#define INC %xmm13 + +#ifdef __x86_64__ +#define IN1 %xmm8 +#define IN2 %xmm9 +#define IN3 %xmm10 +#define IN4 %xmm11 +#define IN5 %xmm12 +#define IN6 %xmm13 +#define IN7 %xmm14 +#define IN8 %xmm15 +#define IN IN1 +#define TCTR_LOW %r11 +#else +#define IN %xmm1 +#endif + +#ifdef __x86_64__ +#define AREG %rax +#define HANDLEP %rdi +#define OUTP %rsi +#define KLEN %r9d +#define INP %rdx +#define T1 %r10 +#define LEN %rcx +#define IVP %r8 +#else +#define AREG %eax +#define HANDLEP %edi +#define OUTP AREG +#define KLEN %ebx +#define INP %edx +#define T1 %ecx +#define LEN %esi +#define IVP %ebp +#endif + +#define UKEYP OUTP +#define GF128MUL_MASK %xmm11 + +/* + * int aeskl_setkey(struct crypto_aes_ctx *ctx, const u8 *in_key, unsigned int key_len) + */ +SYM_FUNC_START(aeskl_setkey) + FRAME_BEGIN +#ifndef __x86_64__ + push HANDLEP + movl (FRAME_OFFSET+8)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+12)(%esp), UKEYP # in_key + movl (FRAME_OFFSET+16)(%esp), %edx # key_len +#endif + movl %edx, 480(HANDLEP) + movdqu (UKEYP), STATE1 + mov $1, %eax + cmp $16, %dl + je .Lsetkey_128 + + movdqu 0x10(UKEYP), STATE2 + encodekey256 %eax, %eax + movdqu STATE4, 0x30(HANDLEP) + jmp .Lsetkey_end +.Lsetkey_128: + encodekey128 %eax, %eax + +.Lsetkey_end: + movdqu STATE1, (HANDLEP) + movdqu STATE2, 0x10(HANDLEP) + movdqu STATE3, 0x20(HANDLEP) + + xor AREG, AREG +#ifndef __x86_64__ + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(aeskl_setkey) + +/* + * int _aeskl_enc(const void *ctx, u8 *dst, const u8 *src) + */ +SYM_FUNC_START(_aeskl_enc) + FRAME_BEGIN +#ifndef __x86_64__ + pushl HANDLEP + pushl KLEN + movl (FRAME_OFFSET+12)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+16)(%esp), OUTP # dst + movl (FRAME_OFFSET+20)(%esp), INP # src +#endif + movdqu (INP), STATE + movl 480(HANDLEP), KLEN + + cmp $16, KLEN + je .Lenc_128 + aesenc256kl (HANDLEP), STATE + jz .Lenc_err + jmp .Lenc_noerr +.Lenc_128: + aesenc128kl (HANDLEP), STATE + jz .Lenc_err + +.Lenc_noerr: + xor AREG, AREG + jmp .Lenc_end +.Lenc_err: + mov $1, AREG +.Lenc_end: + movdqu STATE, (OUTP) +#ifndef __x86_64__ + popl KLEN + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(_aeskl_enc) + +/* + * int _aeskl_dec(const void *ctx, u8 *dst, const u8 *src) + */ +SYM_FUNC_START(_aeskl_dec) + FRAME_BEGIN +#ifndef __x86_64__ + pushl HANDLEP + pushl KLEN + movl (FRAME_OFFSET+12)(%esp), HANDLEP # ctx + movl (FRAME_OFFSET+16)(%esp), OUTP # dst + movl (FRAME_OFFSET+20)(%esp), INP # src +#endif + movdqu (INP), STATE + mov 480(HANDLEP), KLEN + + cmp $16, KLEN + je .Ldec_128 + aesdec256kl (HANDLEP), STATE + jz .Ldec_err + jmp .Ldec_noerr +.Ldec_128: + aesdec128kl (HANDLEP), STATE + jz .Ldec_err + +.Ldec_noerr: + xor AREG, AREG + jmp .Ldec_end +.Ldec_err: + mov $1, AREG +.Ldec_end: + movdqu STATE, (OUTP) +#ifndef __x86_64__ + popl KLEN + popl HANDLEP +#endif + FRAME_END + ret +SYM_FUNC_END(_aeskl_dec) + diff --git a/arch/x86/crypto/aeskl-intel_glue.c b/arch/x86/crypto/aeskl-intel_glue.c new file mode 100644 index 000000000000..0062baaaf7b2 --- /dev/null +++ b/arch/x86/crypto/aeskl-intel_glue.c @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Support for AES Key Locker instructions. This file contains glue + * code and the real AES implementation is in aeskl-intel_asm.S. + * + * Most code is based on AES-NI glue code, aesni-intel_glue.c + */ + +#include <linux/types.h> +#include <linux/module.h> +#include <linux/err.h> +#include <crypto/algapi.h> +#include <crypto/aes.h> +#include <crypto/xts.h> +#include <crypto/internal/skcipher.h> +#include <crypto/internal/simd.h> +#include <asm/simd.h> +#include <asm/cpu_device_id.h> +#include <asm/fpu/api.h> +#include <asm/keylocker.h> + +#include "aes-intel_glue.h" +#include "aesni-intel_glue.h" + +asmlinkage int aeskl_setkey(struct crypto_aes_ctx *ctx, const u8 *in_key, unsigned int key_len); + +asmlinkage int _aeskl_enc(const void *ctx, u8 *out, const u8 *in); +asmlinkage int _aeskl_dec(const void *ctx, u8 *out, const u8 *in); + +static int __maybe_unused aeskl_setkey_common(struct crypto_tfm *tfm, void *raw_ctx, + const u8 *in_key, unsigned int key_len) +{ + struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx); + int err; + + if (!crypto_simd_usable()) + return -EBUSY; + + if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 && + key_len != AES_KEYSIZE_256) + return -EINVAL; + + kernel_fpu_begin(); + if (unlikely(key_len == AES_KEYSIZE_192)) { + pr_warn_once("AES-KL does not support 192-bit key. Use AES-NI.\n"); + err = aesni_set_key(ctx, in_key, key_len); + } else { + if (!valid_keylocker()) + err = -ENODEV; + else + err = aeskl_setkey(ctx, in_key, key_len); + } + kernel_fpu_end(); + + return err; +} + +static inline u32 keylength(const void *raw_ctx) +{ + struct crypto_aes_ctx *ctx = aes_ctx((void *)raw_ctx); + + return ctx->key_length; +} + +static inline int aeskl_enc(const void *ctx, u8 *out, const u8 *in) +{ + if (unlikely(keylength(ctx) == AES_KEYSIZE_192)) + return -EINVAL; + else if (!valid_keylocker()) + return -ENODEV; + else if (_aeskl_enc(ctx, out, in)) + return -EINVAL; + else + return 0; +} + +static inline int aeskl_dec(const void *ctx, u8 *out, const u8 *in) +{ + if (unlikely(keylength(ctx) == AES_KEYSIZE_192)) + return -EINVAL; + else if (!valid_keylocker()) + return -ENODEV; + else if (_aeskl_dec(ctx, out, in)) + return -EINVAL; + else + return 0; +} + +static int __init aeskl_init(void) +{ + if (!valid_keylocker()) + return -ENODEV; + + /* + * AES-KL itself does not depend on AES-NI. But AES-KL does not + * support 192-bit keys. To make itself AES-compliant, it falls + * back to AES-NI. + */ + if (!boot_cpu_has(X86_FEATURE_AES)) + return -ENODEV; + + return 0; +} + +static void __exit aeskl_exit(void) +{ + return; +} + +late_initcall(aeskl_init); +module_exit(aeskl_exit); + +MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, AES Key Locker implementation"); +MODULE_LICENSE("GPL"); +MODULE_ALIAS_CRYPTO("aes"); diff --git a/crypto/Kconfig b/crypto/Kconfig index 285f82647d2b..b8b5d0353f58 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1113,6 +1113,42 @@ config CRYPTO_AES_NI_INTEL ECB, CBC, LRW, XTS. The 64 bit version has additional acceleration for CTR. +config AS_HAS_KEYLOCKER + def_bool $(as-instr,encodekey256 %eax$(comma)%eax) + help + Supported by binutils >= 2.36 and LLVM integrated assembler >= V12 + +config CRYPTO_AES_KL + tristate "AES cipher algorithms (AES-KL)" + depends on AS_HAS_KEYLOCKER + depends on CRYPTO_AES_NI_INTEL + select X86_KEYLOCKER + + help + Key Locker provides AES SIMD instructions (AES-KL) for secure + data encryption and decryption. While this new instruction + set is analogous to AES-NI, AES-KL supports to encode an AES + key to an encoded form ('key handle') and uses it to transform + data instead of accessing the AES key. + + The setkey() transforms an AES key to a key handle, then the AES + key is no longer needed for data transformation. A user may + displace their keys from possible exposition. + + This key encryption is done by the CPU-internal wrapping key. + This wrapping key support is provided with X86_KEYLOCKER. + + AES-KL supports 128-/256-bit keys only. While giving a 192-bit + key does not return an error, as the AES-NI driver is chosen to + process it, the claimed security property is not available with + that. + + Bare metal disk encryption is the preferred use case. Key Locker + usage requires explicit opt-in at setup time. So select it if + unsure. + + See Documentation/x86/keylocker.rst for more details. + config CRYPTO_AES_SPARC64 tristate "AES cipher algorithms (SPARC64)" depends on SPARC64 -- 2.17.1 -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2022-01-12 21:21 UTC|newest] Thread overview: 247+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-01-12 21:12 [PATCH v5 00/12] x86: Support Key Locker Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 01/12] Documentation/x86: Document " Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2023-06-05 10:52 ` Bagas Sanjaya 2023-06-05 10:52 ` [dm-devel] " Bagas Sanjaya 2022-01-12 21:12 ` [PATCH v5 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-08-23 15:49 ` Evan Green 2022-08-23 15:49 ` [dm-devel] " Evan Green 2022-08-24 22:20 ` Chang S. Bae 2022-08-24 22:20 ` [dm-devel] " Chang S. Bae 2022-08-24 22:52 ` Evan Green 2022-08-24 22:52 ` [dm-devel] " Evan Green 2022-08-25 1:06 ` Chang S. Bae 2022-08-25 1:06 ` [dm-devel] " Chang S. Bae 2022-08-25 15:31 ` Evan Green 2022-08-25 15:31 ` [dm-devel] " Evan Green 2022-08-31 23:08 ` Chang S. Bae 2022-08-31 23:08 ` [dm-devel] " Chang S. Bae 2022-09-06 16:22 ` Evan Green 2022-09-06 16:22 ` [dm-devel] " Evan Green 2022-09-06 16:46 ` Chang S. Bae 2022-09-06 16:46 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-29 17:31 ` [PATCH v5-fix " Chang S. Bae 2022-01-29 17:31 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-12 21:12 ` Chang S. Bae [this message] 2022-01-12 21:12 ` [dm-devel] [PATCH v5 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae 2022-01-12 21:12 ` [PATCH v5 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae 2022-01-12 21:12 ` [dm-devel] " Chang S. Bae 2022-01-13 22:16 ` [PATCH v5 00/12] x86: Support Key Locker Dave Hansen 2022-01-13 22:16 ` [dm-devel] " Dave Hansen 2022-01-13 22:34 ` Bae, Chang Seok 2022-01-13 22:34 ` [dm-devel] " Bae, Chang Seok 2023-04-10 22:59 ` [PATCH v6 " Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 01/12] Documentation/x86: Document " Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-05-05 23:05 ` Eric Biggers 2023-05-05 23:05 ` [dm-devel] " Eric Biggers 2023-05-08 18:18 ` Chang S. Bae 2023-05-08 18:18 ` [dm-devel] " Chang S. Bae 2023-05-08 21:56 ` Dave Hansen 2023-05-08 21:56 ` [dm-devel] " Dave Hansen 2023-05-09 0:31 ` Chang S. Bae 2023-05-09 0:31 ` [dm-devel] " Chang S. Bae 2023-05-09 0:51 ` Dave Hansen 2023-05-09 0:51 ` [dm-devel] " Dave Hansen 2023-05-08 19:18 ` Elliott, Robert (Servers) 2023-05-08 19:18 ` [dm-devel] " Elliott, Robert (Servers) 2023-05-08 20:15 ` Chang S. Bae 2023-05-08 20:15 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-05-05 23:09 ` Eric Biggers 2023-05-05 23:09 ` [dm-devel] " Eric Biggers 2023-05-08 18:18 ` Chang S. Bae 2023-05-08 18:18 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-05-05 23:27 ` Eric Biggers 2023-05-05 23:27 ` [dm-devel] " Eric Biggers 2023-05-09 0:55 ` Chang S. Bae 2023-05-09 0:55 ` [dm-devel] " Chang S. Bae 2023-05-11 19:05 ` Chang S. Bae 2023-05-11 19:05 ` [dm-devel] " Chang S. Bae 2023-05-11 21:39 ` Eric Biggers 2023-05-11 21:39 ` [dm-devel] " Eric Biggers 2023-05-11 23:19 ` Chang S. Bae 2023-05-11 23:19 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-05-06 0:01 ` Eric Biggers 2023-05-06 0:01 ` [dm-devel] " Eric Biggers 2023-05-08 18:18 ` Chang S. Bae 2023-05-08 18:18 ` [dm-devel] " Chang S. Bae 2023-05-24 17:18 ` Chang S. Bae 2023-05-24 17:18 ` [dm-devel] " Chang S. Bae 2023-05-12 17:52 ` Milan Broz 2023-05-12 17:52 ` [dm-devel] " Milan Broz 2023-05-08 19:21 ` Elliott, Robert (Servers) 2023-05-08 19:21 ` [dm-devel] " Elliott, Robert (Servers) 2023-05-08 19:24 ` Elliott, Robert (Servers) 2023-05-08 19:24 ` [dm-devel] " Elliott, Robert (Servers) 2023-05-08 20:00 ` Chang S. Bae 2023-05-08 20:00 ` [dm-devel] " Chang S. Bae 2023-04-10 22:59 ` [PATCH v6 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae 2023-04-10 22:59 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 00/12] x86: Support Key Locker Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 01/12] Documentation/x86: Document " Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-26 6:54 ` Eric Biggers 2023-05-26 6:54 ` [dm-devel] " Eric Biggers 2023-05-30 20:50 ` Chang S. Bae 2023-05-30 20:50 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [PATCH v7 11/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae 2023-05-24 16:57 ` [dm-devel] " Chang S. Bae 2023-05-24 16:57 ` [dm-devel] [PATCH v7 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae 2023-05-24 16:57 ` Chang S. Bae 2023-05-26 7:23 ` Eric Biggers 2023-05-26 7:23 ` [dm-devel] " Eric Biggers 2023-05-30 20:49 ` Chang S. Bae 2023-05-30 20:49 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 00/12] x86: Support Key Locker Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 01/12] Documentation/x86: Document " Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-05 10:54 ` Bagas Sanjaya 2023-06-05 10:54 ` [dm-devel] " Bagas Sanjaya 2023-06-06 2:17 ` Randy Dunlap 2023-06-06 2:17 ` [dm-devel] " Randy Dunlap 2023-06-06 4:18 ` Chang S. Bae 2023-06-06 4:18 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 16:37 ` Borislav Petkov 2023-06-03 16:37 ` [dm-devel] " Borislav Petkov 2023-06-04 22:13 ` Chang S. Bae 2023-06-04 22:13 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-04 15:34 ` Eric Biggers 2023-06-04 15:34 ` [dm-devel] " Eric Biggers 2023-06-04 22:02 ` Chang S. Bae 2023-06-04 22:02 ` [dm-devel] " Chang S. Bae 2023-06-05 2:46 ` Eric Biggers 2023-06-05 2:46 ` [dm-devel] " Eric Biggers 2023-06-05 4:41 ` Chang S. Bae 2023-06-05 4:41 ` Chang S. Bae 2023-06-21 12:06 ` [PATCH] crypto: x86/aesni: Align the address before aes_set_key_common() Chang S. Bae 2023-07-14 8:51 ` Herbert Xu 2023-06-03 15:22 ` [PATCH v8 11/12] crypto: x86/aes - Prepare for a new AES-XTS implementation Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-03 15:22 ` [PATCH v8 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae 2023-06-03 15:22 ` [dm-devel] " Chang S. Bae 2023-06-07 5:35 ` Eric Biggers 2023-06-07 5:35 ` [dm-devel] " Eric Biggers 2023-06-07 22:06 ` Chang S. Bae 2023-06-07 22:06 ` [dm-devel] " Chang S. Bae 2024-03-11 21:32 ` [PATCH] crypto: x86/aesni - Update aesni_set_key() to return void Chang S. Bae 2024-03-12 2:15 ` Eric Biggers 2024-03-12 7:46 ` Ard Biesheuvel 2024-03-12 15:03 ` Chang S. Bae 2024-03-12 15:18 ` Ard Biesheuvel 2024-03-12 15:37 ` Chang S. Bae 2024-03-22 23:04 ` [PATCH v2 0/2] crypto: x86/aesni - Simplify AES key expansion code Chang S. Bae 2024-03-22 23:04 ` [PATCH v2 1/2] crypto: x86/aesni - Rearrange AES key size check Chang S. Bae 2024-03-22 23:04 ` [PATCH v2 2/2] crypto: x86/aesni - Update aesni_set_key() to return void Chang S. Bae 2024-03-28 10:57 ` [PATCH v2 0/2] crypto: x86/aesni - Simplify AES key expansion code Herbert Xu 2024-03-29 1:53 ` [PATCH v9 00/14] x86: Support Key Locker Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 01/14] Documentation/x86: Document " Chang S. Bae 2024-03-31 15:48 ` Randy Dunlap 2024-03-29 1:53 ` [PATCH v9 02/14] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 03/14] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 04/14] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 05/14] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 06/14] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 07/14] x86/cpu/keylocker: Load a wrapping key at boot time Chang S. Bae 2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 08/14] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 09/14] x86/hotplug/keylocker: Ensure wrapping key backup capability Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation Chang S. Bae 2024-03-29 6:57 ` Pawan Gupta 2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae 2024-04-19 0:01 ` Pawan Gupta 2024-04-22 7:49 ` Chang S. Bae 2024-04-19 17:47 ` [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present Pawan Gupta 2024-04-19 18:03 ` Daniel Sneddon 2024-04-19 20:19 ` Pawan Gupta 2024-04-19 20:33 ` Daniel Sneddon 2024-04-22 7:35 ` Chang S. Bae 2024-04-22 21:32 ` Pawan Gupta 2024-04-22 22:13 ` Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 11/14] x86/cpu/keylocker: Check Register File Data Sampling mitigation Chang S. Bae 2024-03-29 6:20 ` Pawan Gupta 2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 12/14] x86/Kconfig: Add a configuration for Key Locker Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 13/14] crypto: x86/aes - Prepare for new AES-XTS implementation Chang S. Bae 2024-03-29 1:53 ` [PATCH v9 14/14] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae 2024-04-07 23:24 ` [PATCH v9 00/14] x86: Support Key Locker Chang S. Bae 2024-04-08 1:48 ` Eric Biggers 2024-04-15 22:16 ` Chang S. Bae 2024-04-15 22:54 ` Eric Biggers 2024-04-15 22:58 ` Chang S. Bae
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220112211258.21115-12-chang.seok.bae@intel.com \ --to=chang.seok.bae@intel.com \ --cc=ardb@kernel.org \ --cc=bp@suse.de \ --cc=charishma1.gairuboyina@intel.com \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=dm-devel@redhat.com \ --cc=ebiggers@kernel.org \ --cc=herbert@gondor.apana.org.au \ --cc=kumar.n.dwarakanath@intel.com \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mingo@kernel.org \ --cc=ravi.v.shankar@intel.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.