From: Pascal Van Leeuwen <pvanleeuwen@insidesecure.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Hao Feng" <fenghao@hygon.cn>,
"'Tom Lendacky '" <thomas.lendacky@amd.com>,
"'Gary Hook '" <gary.hook@amd.com>,
"'Herbert Xu '" <herbert@gondor.apana.org.au>,
"' David S. Miller '" <davem@davemloft.net>,
"'Janakarajan Natarajan '" <Janakarajan.Natarajan@amd.com>,
"'Joerg Roedel '" <joro@8bytes.org>,
"' Radim Krčmář '" <rkrcmar@redhat.com>,
"'Thomas Gleixner '" <tglx@linutronix.de>,
"'Ingo Molnar '" <mingo@redhat.com>,
"'Borislav Petkov '" <bp@alien8.de>,
"' H. Peter Anvin '" <hpa@zytor.com>
Cc: 'Zhaohui Du ' <duzhaohui@hygon.cn>,
'Zhiwei Ying ' <yingzhiwei@hygon.cn>, 'Wen Pu ' <puwen@hygon.cn>,
"x86@kernel.org" <x86@kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH 0/6] Add Hygon SEV support
Date: Tue, 16 Apr 2019 09:08:49 +0000 [thread overview]
Message-ID: <DBBPR09MB3526D65B174254E791553545D2240@DBBPR09MB3526.eurprd09.prod.outlook.com> (raw)
In-Reply-To: <985108b1-6d51-4458-48de-c5b96c5f14f9@redhat.com>
> >
> > Uhm ... no, the fact that something is actually *useful* to
> potentially
> > a billion plus people doesn't mean anything ...
>
> Useful does not mean secure, does it? PKZIP encryption was certainly
> useful back in the day, but it was not secure.
>
"Secure" is a relative term anyway. There's always a trade-off between
performance, cost, power consumption and security. Different use cases
require different levels of security. IMHO that decision should be up
to the application / user / market, and not up to some software
engineers that are not experts on the subject matter anyway (but I am
hopeful that some people here are, in fact, experts to some extent).
> "Freedom" didn't apply when Speck was proposed for inclusion in Linux,
> and I would like to make sure I don't make a mistake when adding crypto
> interfaces. If SM2/3/4 were broken, I couldn't care less if someone
> HAS to use them, they can patch their kernel.
>
Is Speck actually used in any real-life protocol or application?
I did not follow the Speck discussion but I have a hunch that was a far
more important reason not to include it than it being a weak cipher or
it's shady NSA origins ...
And yes, they can always fork the kernel and do their own stuff with it,
but that's going to be a support nightmare for people - like us - wanting
to add HW acceleration on top of that. And yes, "we" can do SM3 & SM4.
Full disclosure: it is in my/our interest to keep SM3 & SM4 in the tree.
> But if they're not then I appreciate that you wrote to correct me,
> it's helpful. Please
> understand that 99% of the community has not ever heard of anything but
> SHA-{1,2,3}, ECDSA, Ed25519, AES. If somebody comes up with a patch
> with "strange" crypto, it's up to them to say that they are secure---
> and again, the key word is secure, not useful.
>
I recognise the fact that most people are not experts on the subject
matter. However, there's a lot you can find out in a short Google session
before you start a discussion on incorrect assumptions ...
Anyway, always happy to educate people a bit.
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Inside Secure
next prev parent reply other threads:[~2019-04-16 9:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-15 12:04 [PATCH 0/6] Add Hygon SEV support Hao Feng
2019-04-15 12:04 ` [PATCH 1/6] crypto: ccp: Add Hygon Dhyana support Hao Feng
2019-04-15 12:04 ` [PATCH 2/6] crypto: ccp: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 3/6] crypto: ccp: Implement SEV_GM_PUBKEY_GEN ioctl command Hao Feng
2019-04-15 12:04 ` [PATCH 4/6] KVM: Define Hygon SEV commands Hao Feng
2019-04-15 12:04 ` [PATCH 5/6] KVM: SVM: Add support for KVM_SEV_GM_GET_DIGEST command Hao Feng
2019-04-15 15:09 ` Borislav Petkov
[not found] ` <896956377bf441c3bfd911716418ce7e@hygon.cn>
2019-04-16 8:15 ` Borislav Petkov
2019-04-16 11:47 ` Hao Feng
2019-04-15 12:04 ` [PATCH 6/6] KVM: SVM: Add support for KVM_SEV_GM_VERIFY_DIGEST command Hao Feng
2019-04-15 15:32 ` [PATCH 0/6] Add Hygon SEV support Lendacky, Thomas
2019-04-15 15:37 ` Paolo Bonzini
2019-04-15 15:51 ` Pascal Van Leeuwen
2019-04-15 16:04 ` Paolo Bonzini
2019-04-16 6:58 ` Pascal Van Leeuwen
2019-04-16 8:09 ` Paolo Bonzini
2019-04-16 9:08 ` Pascal Van Leeuwen [this message]
2019-04-16 10:28 ` Hao Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBBPR09MB3526D65B174254E791553545D2240@DBBPR09MB3526.eurprd09.prod.outlook.com \
--to=pvanleeuwen@insidesecure.com \
--cc=Janakarajan.Natarajan@amd.com \
--cc=bp@alien8.de \
--cc=davem@davemloft.net \
--cc=duzhaohui@hygon.cn \
--cc=fenghao@hygon.cn \
--cc=gary.hook@amd.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=puwen@hygon.cn \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
--cc=yingzhiwei@hygon.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.