From: Peter Zijlstra <peterz@infradead.org>
To: "Chang S. Bae" <chang.seok.bae@intel.com>
Cc: tglx@linutronix.de, bp@suse.de, dave.hansen@linux.intel.com,
mingo@kernel.org, luto@kernel.org, x86@kernel.org,
herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, dan.j.williams@intel.com,
charishma1.gairuboyina@intel.com, kumar.n.dwarakanath@intel.com,
lalithambika.krishnakumar@intel.com, ravi.v.shankar@intel.com
Subject: Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions
Date: Thu, 2 Dec 2021 15:21:22 +0100 [thread overview]
Message-ID: <YajWYuwFAy81VP5t@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20211124200700.15888-12-chang.seok.bae@intel.com>
On Wed, Nov 24, 2021 at 12:06:56PM -0800, Chang S. Bae wrote:
> + encodekey256 %eax, %eax
So this thing uses the fancy new keylocker instructions, however:
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 285f82647d2b..784a04433549 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -1113,6 +1113,50 @@ config CRYPTO_AES_NI_INTEL
> ECB, CBC, LRW, XTS. The 64 bit version has additional
> acceleration for CTR.
>
> +config CRYPTO_AES_KL
> + tristate "AES cipher algorithms (AES-KL)"
> + depends on (LD_VERSION >= 23600) || (LLD_VERSION >= 120000)
> + depends on DM_CRYPT
> + select X86_KEYLOCKER
> + select CRYPTO_AES_NI_INTEL
There is no dependency on the compiler actually supporting them..
config AS_HAS_KEYLOCKER
def_bool $(as-instr,encodekey256)
depends on AS_HAS_KEYLOCKER
Hmm?
> +
> + help
> + Key Locker provides AES SIMD instructions (AES-KL) for secure
> + data encryption and decryption. While this new instruction
> + set is analogous to AES-NI, AES-KL supports to encode an AES
> + key to an encoded form ('key handle') and uses it to transform
> + data instead of accessing the AES key.
> +
> + The setkey() transforms an AES key to a key handle, then the AES
> + key is no longer needed for data transformation. A user may
> + displace their keys from possible exposition.
> +
> + This key encryption is done by the CPU-internal wrapping key. The
> + x86 core code loads a new random key at every boot time and
> + restores it from deep sleep states. This wrapping key support is
> + provided with X86_KEYLOCKER.
> +
> + AES-KL supports 128-/256-bit keys only. While giving a 192-bit
> + key does not return an error, as AES-NI is chosen to process it,
> + the claimed security property is not available with that.
> +
> + GNU binutils version 2.36 or above and LLVM version 12 or above
> + are assemblers that support AES-KL instructions.
> +
> + Bare metal disk encryption is the preferred use case. Make it
> + depend on DM_CRYPT.
> +
> + This selection enables an alternative crypto cipher for
> + cryptsetup, e.g. "capi:xts-aes-aeskl-plain", to use with dm-crypt
> + volumes. It trades off raw performance for reduced clear-text key
> + exposure and has an additional failure mode compared to AES-NI.
> + See Documentation/x86/keylocker.rst for more details. Key Locker
> + usage requires explicit opt-in at cryptsetup time. So, select it
> + if unsure.
> +
> + See also the CRYPTO_AES_NI_INTEL description for more about the
> + AES cipher algorithm.
> +
> config CRYPTO_AES_SPARC64
> tristate "AES cipher algorithms (SPARC64)"
> depends on SPARC64
> --
> 2.17.1
>
next prev parent reply other threads:[~2021-12-02 17:31 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-24 20:06 [PATCH v3 00/15] x86: Support Key Locker Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 01/15] Documentation/x86: Document " Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 02/15] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 03/15] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 04/15] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 05/15] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 06/15] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 07/15] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states Chang S. Bae
2021-11-30 3:30 ` Eric Biggers
2021-11-30 6:31 ` [PATCH v3-fix " Chang S. Bae
2021-11-30 6:56 ` [PATCH v3 " Bae, Chang Seok
2021-11-24 20:06 ` [PATCH v3 09/15] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 10/15] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2021-11-30 3:48 ` Eric Biggers
2021-11-30 6:57 ` Bae, Chang Seok
2021-11-30 7:03 ` Dan Williams
2021-12-06 22:14 ` Ard Biesheuvel
2021-12-06 22:59 ` Bae, Chang Seok
2021-12-02 14:21 ` Peter Zijlstra [this message]
2021-12-06 21:32 ` Bae, Chang Seok
2021-11-24 20:06 ` [PATCH v3 12/15] crypto: x86/aes-kl - Support ECB mode Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 13/15] crypto: x86/aes-kl - Support CBC mode Chang S. Bae
2021-11-24 20:06 ` [PATCH v3 14/15] crypto: x86/aes-kl - Support CTR mode Chang S. Bae
2021-11-24 20:07 ` [PATCH v3 15/15] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2021-11-30 3:27 ` [PATCH v3 00/15] x86: Support Key Locker Eric Biggers
2021-11-30 6:36 ` Bae, Chang Seok
2021-11-30 7:23 ` Eric Biggers
2021-11-30 7:34 ` Bae, Chang Seok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YajWYuwFAy81VP5t@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bp@suse.de \
--cc=chang.seok.bae@intel.com \
--cc=charishma1.gairuboyina@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=kumar.n.dwarakanath@intel.com \
--cc=lalithambika.krishnakumar@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.