From: Tom Lendacky <thomas.lendacky@amd.com> To: Andy Lutomirski <luto@amacapital.net> Cc: linux-arch <linux-arch@vger.kernel.org>, "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>, "kvm list" <kvm@vger.kernel.org>, "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>, "X86 ML" <x86@kernel.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, kasan-dev <kasan-dev@googlegroups.com>, "linux-mm@kvack.org" <linux-mm@kvack.org>, iommu@lists.linux-foundation.org, "Radim Krčmář" <rkrcmar@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>, "Jonathan Corbet" <corbet@lwn.net>, "Matt Fleming" <matt@codeblueprint.co.uk>, "Joerg Roedel" <joro@8bytes.org>, "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Ingo Molnar" <mingo@redhat.com>, "Borislav Petkov" <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, "Andrey Ryabinin" <aryabinin@virtuozzo.com>, "Alexander Potapenko" <glider@google.com>, "Thomas Gleixner" <tglx@l> Subject: Re: [RFC PATCH v1 00/18] x86: Secure Memory Encryption (AMD) Date: Wed, 27 Apr 2016 15:10:19 -0500 [thread overview] Message-ID: <57211CAB.9040902@amd.com> (raw) In-Reply-To: <CALCETrUdrMAmE6Vgj6_PALdmRZVVKa3QDwJtO=YDTOQdox=rhQ@mail.gmail.com> On 04/27/2016 09:39 AM, Andy Lutomirski wrote: > On Tue, Apr 26, 2016 at 3:55 PM, Tom Lendacky <thomas.lendacky@amd.com> wrote: >> This RFC patch series provides support for AMD's new Secure Memory >> Encryption (SME) feature. >> >> SME can be used to mark individual pages of memory as encrypted through the >> page tables. A page of memory that is marked encrypted will be automatically >> decrypted when read from DRAM and will be automatically encrypted when >> written to DRAM. Details on SME can found in the links below. > > Having read through the docs briefly, some questions: > > 1. How does the crypto work? Is it straight AES-ECB? Is it a > tweakable mode? If so, what does into the tweak? For example, if I > swap the ciphertext of two pages, does the plaintext of the pages get > swapped? If not, why not? The AES crypto uses a tweak such that two identical plaintexts at different locations will have different ciphertext. So swapping the ciphertext of two pages will not result in the plaintext being swapped. > > 2. In SEV mode, how does the hypervisor relocate a physical backing > page? Does it simple move it and update the 2nd-level page tables? > If so, is the result of decryption guaranteed to be garbage if it > relocates a page and re-inserts it at the wrong guest physical > address? For SEV mode, relocating a physical backing page takes extra steps. There are APIs that are used to have the AMD Secure Processor create a transportable encrypted page that can then be moved to a new location in memory. After moving it to the new location the APIs are used to haves the AMD Secure Processor re-encrypt the page for use with the guests SEV key. Based on #1 above, just moving a page without invoking the necessary APIs will result in the decryption returning garbage. > > 3. In SEV mode, does anything prevent the hypervisor from resuming a > guest with the wrong ASID, or is this all relying on the resulting > corruption of the guest code and data to cause a crash? There is nothing that prevents resuming a guest with the wrong ASID. This relies on the resulting corruption of the guest code/data to cause a crash. > > 4. As I understand it, the caches are all unencrypted, and they're > tagged with the physical address, *including* the SME bit (bit 47). > In SEV mode, are they also tagged with the ASID? I.e. if I have a > page in cache for ASID 1 and I try to read it with ASID 2, will I get > a fresh copy decrypted with ASID 2's key? If so, will the old ASID 1 > copy be evicted, or will it stay in cache and be non-coherent? In SEV mode, the caches are tagged with the ASID. So if you try to read a cached page with a different ASID, it would result in a cache miss for that ASID and will instead fetch from memory and decrypt using the that ASID's key. Thanks, Tom > > --Andy > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com> To: Andy Lutomirski <luto@amacapital.net> Cc: linux-arch <linux-arch@vger.kernel.org>, "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>, "kvm list" <kvm@vger.kernel.org>, "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>, "X86 ML" <x86@kernel.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, kasan-dev <kasan-dev@googlegroups.com>, "linux-mm@kvack.org" <linux-mm@kvack.org>, iommu@lists.linux-foundation.org, "Radim Krčmář" <rkrcmar@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>, "Jonathan Corbet" <corbet@lwn.net>, "Matt Fleming" <matt@codeblueprint.co.uk>, "Joerg Roedel" <joro@8bytes.org>, "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Ingo Molnar" <mingo@redhat.com>, "Borislav Petkov" <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, "Andrey Ryabinin" <aryabinin@virtuozzo.com>, "Alexander Potapenko" <glider@google.com>, "Thomas Gleixner" <tglx@linutronix.de>, "Dmitry Vyukov" <dvyukov@google.com> Subject: Re: [RFC PATCH v1 00/18] x86: Secure Memory Encryption (AMD) Date: Wed, 27 Apr 2016 15:10:19 -0500 [thread overview] Message-ID: <57211CAB.9040902@amd.com> (raw) Message-ID: <20160427201019.DRZn3Vau79DgBpyRleohZYA39pEVqLqvR29ptuPK_98@z> (raw) In-Reply-To: <CALCETrUdrMAmE6Vgj6_PALdmRZVVKa3QDwJtO=YDTOQdox=rhQ@mail.gmail.com> On 04/27/2016 09:39 AM, Andy Lutomirski wrote: > On Tue, Apr 26, 2016 at 3:55 PM, Tom Lendacky <thomas.lendacky@amd.com> wrote: >> This RFC patch series provides support for AMD's new Secure Memory >> Encryption (SME) feature. >> >> SME can be used to mark individual pages of memory as encrypted through the >> page tables. A page of memory that is marked encrypted will be automatically >> decrypted when read from DRAM and will be automatically encrypted when >> written to DRAM. Details on SME can found in the links below. > > Having read through the docs briefly, some questions: > > 1. How does the crypto work? Is it straight AES-ECB? Is it a > tweakable mode? If so, what does into the tweak? For example, if I > swap the ciphertext of two pages, does the plaintext of the pages get > swapped? If not, why not? The AES crypto uses a tweak such that two identical plaintexts at different locations will have different ciphertext. So swapping the ciphertext of two pages will not result in the plaintext being swapped. > > 2. In SEV mode, how does the hypervisor relocate a physical backing > page? Does it simple move it and update the 2nd-level page tables? > If so, is the result of decryption guaranteed to be garbage if it > relocates a page and re-inserts it at the wrong guest physical > address? For SEV mode, relocating a physical backing page takes extra steps. There are APIs that are used to have the AMD Secure Processor create a transportable encrypted page that can then be moved to a new location in memory. After moving it to the new location the APIs are used to haves the AMD Secure Processor re-encrypt the page for use with the guests SEV key. Based on #1 above, just moving a page without invoking the necessary APIs will result in the decryption returning garbage. > > 3. In SEV mode, does anything prevent the hypervisor from resuming a > guest with the wrong ASID, or is this all relying on the resulting > corruption of the guest code and data to cause a crash? There is nothing that prevents resuming a guest with the wrong ASID. This relies on the resulting corruption of the guest code/data to cause a crash. > > 4. As I understand it, the caches are all unencrypted, and they're > tagged with the physical address, *including* the SME bit (bit 47). > In SEV mode, are they also tagged with the ASID? I.e. if I have a > page in cache for ASID 1 and I try to read it with ASID 2, will I get > a fresh copy decrypted with ASID 2's key? If so, will the old ASID 1 > copy be evicted, or will it stay in cache and be non-coherent? In SEV mode, the caches are tagged with the ASID. So if you try to read a cached page with a different ASID, it would result in a cache miss for that ASID and will instead fetch from memory and decrypt using the that ASID's key. Thanks, Tom > > --Andy >
next prev parent reply other threads:[~2016-04-27 20:10 UTC|newest] Thread overview: 149+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-04-26 22:55 [RFC PATCH v1 00/18] x86: Secure Memory Encryption (AMD) Tom Lendacky 2016-03-22 13:00 ` Pavel Machek 2016-03-22 13:00 ` Pavel Machek [not found] ` <20160322130058.GA16528-5NIqAleC692hcjWhqY66xCZi+YwRKgec@public.gmane.org> 2016-04-27 14:05 ` Borislav Petkov 2016-04-27 14:05 ` Borislav Petkov 2016-04-27 14:30 ` Pavel Machek 2016-04-27 14:30 ` Pavel Machek 2016-04-27 14:39 ` Borislav Petkov 2016-04-27 14:39 ` Borislav Petkov [not found] ` <20160427143951.GH21011-fF5Pk5pvG8Y@public.gmane.org> 2016-04-27 14:58 ` Pavel Machek 2016-04-27 14:58 ` Pavel Machek 2016-04-27 15:47 ` Pavel Machek 2016-04-27 15:47 ` Pavel Machek 2016-04-27 14:21 ` Tom Lendacky 2016-04-27 14:21 ` Tom Lendacky 2016-04-26 22:55 ` Tom Lendacky 2016-04-26 22:56 ` [RFC PATCH v1 01/18] x86: Set the write-protect cache mode for AMD processors Tom Lendacky 2016-04-26 22:56 ` Tom Lendacky [not found] ` <20160426225604.13567.55443.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> 2016-04-27 14:33 ` Andy Lutomirski 2016-04-27 14:33 ` Andy Lutomirski 2016-04-27 14:44 ` Tom Lendacky 2016-04-27 14:44 ` Tom Lendacky 2016-04-27 14:47 ` Andy Lutomirski 2016-04-27 14:47 ` Andy Lutomirski [not found] ` <CALCETrV+JzPZjrrqkhWSVfvKQt62Aq8NSW=ZvfdiAi8XKoLi8A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2016-04-27 15:05 ` Tom Lendacky 2016-04-27 15:05 ` Tom Lendacky 2016-04-27 15:12 ` Andy Lutomirski 2016-04-27 15:12 ` Andy Lutomirski 2016-04-27 15:31 ` Borislav Petkov 2016-04-27 15:31 ` Borislav Petkov 2016-04-27 15:34 ` Andy Lutomirski 2016-04-27 15:34 ` Andy Lutomirski 2016-04-26 22:56 ` [RFC PATCH v1 02/18] x86: Secure Memory Encryption (SME) build enablement Tom Lendacky 2016-03-22 13:01 ` Pavel Machek 2016-03-22 13:01 ` Pavel Machek 2016-04-27 15:17 ` Tom Lendacky 2016-04-27 15:17 ` Tom Lendacky 2016-04-27 15:30 ` Pavel Machek 2016-04-27 15:30 ` Pavel Machek 2016-04-27 15:41 ` Borislav Petkov 2016-04-27 15:41 ` Borislav Petkov 2016-04-27 16:41 ` Pavel Machek 2016-04-27 17:07 ` Robin Murphy 2016-04-27 17:07 ` Robin Murphy 2016-04-27 17:12 ` Borislav Petkov 2016-04-26 22:56 ` Tom Lendacky 2016-04-26 22:56 ` [RFC PATCH v1 03/18] x86: Secure Memory Encryption (SME) support Tom Lendacky 2016-03-22 13:03 ` Pavel Machek 2016-03-22 13:03 ` Pavel Machek 2016-04-27 16:20 ` Tom Lendacky 2016-04-27 16:20 ` Tom Lendacky 2016-04-26 22:56 ` Tom Lendacky 2016-04-26 22:56 ` [RFC PATCH v1 04/18] x86: Add the Secure Memory Encryption cpu feature Tom Lendacky 2016-04-26 22:56 ` Tom Lendacky 2016-04-26 22:56 ` [RFC PATCH v1 05/18] x86: Handle reduction in physical address size with SME Tom Lendacky 2016-04-26 22:56 ` Tom Lendacky 2016-04-26 22:56 ` [RFC PATCH v1 06/18] x86: Provide general kernel support for memory encryption Tom Lendacky 2016-04-26 22:56 ` Tom Lendacky 2016-04-26 22:57 ` [RFC PATCH v1 07/18] x86: Extend the early_memmap support with additional attrs Tom Lendacky 2016-04-26 22:57 ` Tom Lendacky 2016-04-26 22:57 ` [RFC PATCH v1 08/18] x86: Add support for early encryption/decryption of memory Tom Lendacky 2016-04-26 22:57 ` Tom Lendacky 2016-04-26 22:57 ` [RFC PATCH v1 09/18] x86: Insure that memory areas are encrypted when possible Tom Lendacky 2016-04-26 22:57 ` Tom Lendacky 2016-04-26 22:57 ` [RFC PATCH v1 10/18] x86/efi: Access EFI related tables in the clear Tom Lendacky 2016-04-26 22:57 ` Tom Lendacky [not found] ` <20160426225740.13567.85438.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> 2016-05-10 13:43 ` Matt Fleming 2016-05-10 13:43 ` Matt Fleming [not found] ` <20160510134358.GR2839-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> 2016-05-10 13:57 ` Borislav Petkov 2016-05-10 13:57 ` Borislav Petkov 2016-05-12 18:20 ` Tom Lendacky 2016-05-12 18:20 ` Tom Lendacky 2016-05-24 14:54 ` Tom Lendacky 2016-05-24 14:54 ` Tom Lendacky 2016-05-25 16:09 ` Daniel Kiper 2016-05-25 16:09 ` Daniel Kiper 2016-05-25 19:30 ` Matt Fleming 2016-05-25 19:30 ` Matt Fleming 2016-05-26 13:45 ` Tom Lendacky 2016-05-26 13:45 ` Tom Lendacky 2016-06-08 10:07 ` Matt Fleming 2016-06-08 10:07 ` Matt Fleming 2016-06-09 16:16 ` Tom Lendacky 2016-06-09 16:16 ` Tom Lendacky 2016-06-13 12:03 ` Matt Fleming 2016-06-13 12:03 ` Matt Fleming 2016-06-13 12:34 ` Matt Fleming 2016-06-13 12:34 ` Matt Fleming 2016-06-13 15:16 ` Tom Lendacky 2016-06-13 15:16 ` Tom Lendacky 2016-06-08 11:18 ` Matt Fleming 2016-06-08 11:18 ` Matt Fleming 2016-06-09 18:33 ` Tom Lendacky 2016-06-09 18:33 ` Tom Lendacky 2016-06-13 13:51 ` Matt Fleming 2016-06-13 13:51 ` Matt Fleming [not found] ` <20160613135110.GC2658-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org> 2016-06-15 13:17 ` Tom Lendacky 2016-06-15 13:17 ` Tom Lendacky [not found] ` <57615561.4090502-5C7GfCeVMHo@public.gmane.org> 2016-06-16 14:38 ` Tom Lendacky 2016-06-16 14:38 ` Tom Lendacky 2016-06-17 15:51 ` Matt Fleming 2016-06-17 15:51 ` Matt Fleming 2016-04-26 22:57 ` [RFC PATCH v1 11/18] x86: Decrypt trampoline area if memory encryption is active Tom Lendacky 2016-04-26 22:57 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 12/18] x86: Access device tree in the clear Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 13/18] x86: DMA support for memory encryption Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-04-29 7:17 ` Konrad Rzeszutek Wilk 2016-04-29 15:12 ` Tom Lendacky 2016-04-29 15:12 ` Tom Lendacky 2016-04-29 16:27 ` Konrad Rzeszutek Wilk [not found] ` <20160429162757.GA1191-he5eyhs8q0BAdwtm4QZOy9BPR1lH4CV8@public.gmane.org> 2016-04-29 23:49 ` Tom Lendacky 2016-04-29 23:49 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 14/18] iommu/amd: AMD IOMMU " Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 15/18] x86: Enable memory encryption on the APs Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-05-01 22:10 ` Huang, Kai [not found] ` <f37dd7de-23ad-f70f-c32d-a32f116215ce-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> 2016-05-03 15:59 ` Tom Lendacky 2016-05-03 15:59 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 16/18] x86: Do not specify encrypted memory for VGA mapping Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-04-26 22:58 ` [RFC PATCH v1 17/18] x86/kvm: Enable Secure Memory Encryption of nested page tables Tom Lendacky 2016-04-26 22:58 ` Tom Lendacky 2016-04-26 22:59 ` [RFC PATCH v1 18/18] x86: Add support to turn on Secure Memory Encryption Tom Lendacky [not found] ` <20160426225904.13567.538.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> 2016-03-22 13:13 ` Pavel Machek 2016-03-22 13:13 ` Pavel Machek 2016-04-26 22:59 ` Tom Lendacky [not found] ` <20160426225553.13567.19459.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> 2016-04-27 14:39 ` [RFC PATCH v1 00/18] x86: Secure Memory Encryption (AMD) Andy Lutomirski 2016-04-27 14:39 ` Andy Lutomirski 2016-04-27 20:10 ` Tom Lendacky [this message] 2016-04-27 20:10 ` Tom Lendacky 2016-05-02 18:31 ` Andy Lutomirski 2016-05-02 18:31 ` Andy Lutomirski 2016-05-09 15:13 ` Paolo Bonzini 2016-05-09 15:13 ` Paolo Bonzini 2016-05-09 21:08 ` Tom Lendacky 2016-05-09 21:08 ` Tom Lendacky 2016-05-10 11:23 ` Paolo Bonzini 2016-05-10 11:23 ` Paolo Bonzini 2016-05-10 12:04 ` Borislav Petkov 2016-05-10 12:04 ` Borislav Petkov 2016-04-30 6:13 ` Elliott, Robert (Persistent Memory) 2016-04-30 6:13 ` Elliott, Robert (Persistent Memory) [not found] ` <94D0CD8314A33A4D9D801C0FE68B402963918FDA-wwDBVnaDRpYSZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org> 2016-05-03 15:55 ` Tom Lendacky 2016-05-03 15:55 ` Tom Lendacky -- strict thread matches above, loose matches on Subject: below -- 2016-04-26 22:45 Tom Lendacky 2016-04-26 22:45 ` Tom Lendacky
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=57211CAB.9040902@amd.com \ --to=thomas.lendacky@amd.com \ --cc=arnd@arndb.de \ --cc=aryabinin@virtuozzo.com \ --cc=bp@alien8.de \ --cc=corbet@lwn.net \ --cc=glider@google.com \ --cc=hpa@zytor.com \ --cc=iommu@lists.linux-foundation.org \ --cc=joro@8bytes.org \ --cc=kasan-dev@googlegroups.com \ --cc=konrad.wilk@oracle.com \ --cc=kvm@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@amacapital.net \ --cc=matt@codeblueprint.co.uk \ --cc=mingo@redhat.com \ --cc=pbonzini@redhat.com \ --cc=rkrcmar@redhat.com \ --cc=tglx@l \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).