From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83C10C282CA for ; Tue, 12 Feb 2019 23:51:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5C675222CE for ; Tue, 12 Feb 2019 23:51:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732430AbfBLXvT (ORCPT ); Tue, 12 Feb 2019 18:51:19 -0500 Received: from ipmail07.adl2.internode.on.net ([150.101.137.131]:34718 "EHLO ipmail07.adl2.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728445AbfBLXvT (ORCPT ); Tue, 12 Feb 2019 18:51:19 -0500 Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252]) by ipmail07.adl2.internode.on.net with ESMTP; 13 Feb 2019 10:21:16 +1030 Received: from dave by dastard with local (Exim 4.80) (envelope-from ) id 1gthpa-0003sF-Pw; Wed, 13 Feb 2019 10:51:14 +1100 Date: Wed, 13 Feb 2019 10:51:14 +1100 From: Dave Chinner To: Dave Hansen Cc: lsf-pc@lists.linux-foundation.org, linux-fsdevel , Linux-MM , "Williams, Dan J" , "Shutemov, Kirill" , "Schofield, Alison" , "Darrick J. Wong" , Jan Kara , Christoph Hellwig Subject: Re: [LSF/MM TOPIC] Memory Encryption on top of filesystems Message-ID: <20190212235114.GM20493@dastard> References: <788d7050-f6bb-b984-69d9-504056e6c5a6@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <788d7050-f6bb-b984-69d9-504056e6c5a6@intel.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Tue, Feb 12, 2019 at 08:55:57AM -0800, Dave Hansen wrote: > Multi-Key Total Memory Encryption (MKTME) [1] is feature of a memory > controller that allows memory to be selectively encrypted with > user-controlled key, in hardware, at a very low runtime cost. However, > it is implemented using AES-XTS which encrypts each block with a key > that is generated based on the physical address of the data being > encrypted. This has nice security properties, making some replay and > substitution attacks harder, but it means that encrypted data can not be > naively relocated. The subject is "Memory Encryption on top of filesystems", but really what you are talking about is "physical memory encryption /below/ filesystems". i.e. it's encryption of the physical storage the filesystem manages, not encryption within the fileystem (like fscrypt) or or user data on top of the filesystem (ecryptfs or userspace). > Combined with persistent memory, MKTME allows data to be unlocked at the > device (DIMM or namespace) level, but left encrypted until it actually > needs to be used. This sounds more like full disk encryption (either in the IO path software by dm-crypt or in hardware itself), where the contents are decrypted/encrypted in the IO path as the data is moved between physical storage and the filesystem's memory (page/buffer caches). Is there any finer granularity than a DIMM or pmem namespace for specifying encrypted regions? Note that filesystems are not aware of the physical layout of the memory address space (i.e. what DIMM corresponds to which sector in the block device), so DIMM-level granularity doesn't seem particularly useful right now.... Also, how many different hardware encryption keys are available for use, and how many separate memory regions can a single key have associated with it? > However, if encrypted data were placed on a > filesystem, it might be in its encrypted state for long periods of time > and could not be moved by the filesystem during that time. I'm not sure what you mean by "if encrypted data were placed on a filesystem", given that the memory encryption is transparent to the filesystem (i.e. happens in the memory controller on it's way to/from the physical storage). > The “easy” solution to this is to just require that the encryption key > be present and programmed into the memory controller before data is > moved. However, this means that filesystems would need to know when a > given block has been encrypted and can not be moved. I'm missing something here - how does the filesystem even get mounted if we haven't unlocked the device the filesystem is stored on? i.e. we need to unlock the entire memory region containing the filesystem so it can read and write it's metadata (which can be randomly spread all over the block device). And if we have to do that to mount the filesystem, then aren't we also unlocking all the same memory regions that contain user data and hence they can be moved? At what point do we end up with a filesystem mounted and trying to access a locked memory region? Cheers, Dave. -- Dave Chinner david@fromorbit.com