linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@kernel.org>
To: "Chang S. Bae" <chang.seok.bae@intel.com>,
	tglx@linutronix.de, bp@suse.de, dave.hansen@linux.intel.com,
	mingo@kernel.org, x86@kernel.org, herbert@gondor.apana.org.au
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
	ebiggers@kernel.org, dan.j.williams@intel.com,
	charishma1.gairuboyina@intel.com, kumar.n.dwarakanath@intel.com,
	lalithambika.krishnakumar@intel.com, ravi.v.shankar@intel.com
Subject: Re: [PATCH v4 11/13] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions
Date: Fri, 24 Dec 2021 09:42:39 -0800	[thread overview]
Message-ID: <75ec3ad1-6234-ae1f-1b83-482793e4fd23@kernel.org> (raw)
In-Reply-To: <20211214005212.20588-12-chang.seok.bae@intel.com>

On 12/13/21 16:52, Chang S. Bae wrote:
> Key Locker is a CPU feature to reduce key exfiltration opportunities while
> maintaining a programming interface similar to AES-NI. It converts the AES
> key into an encoded form, called the 'key handle'.
> 
> The key handle is a wrapped version of the clear-text key where the
> wrapping key has limited exposure. Once converted via setkey(), all
> subsequent data encryption using new AES instructions ('AES-KL') uses this
> key handle, reducing the exposure of private key material in memory.
> 
> AES-KL is analogous to that of AES-NI. Most assembly code is translated
> from the AES-NI code. They are operational in both 32-bit and 64-bit modes
> like AES-NI. However, users need to be aware of the following differences:
> 
> == Key Handle ==
> 
> AES-KL may fail with an invalid key handle. It could be corrupted or fail
> with handle restriction. A key handle may be encoded with some
> restrictions. The implementation restricts every handle only available
> in kernel mode via setkey().
> 

I find it a bit bizarre that this tries to be a drop-in replacement for 
normal AES.  Is this actually what we want, or do we want users to opt 
in to the KL implementation?

It seems like it might make more sense for tools like cryptsetup (or 
dm-crypt -- the actual layer is subject to some degree of debate) to 
explicitly create a key handle and then ask the kernel to use that key 
handle, not for the kernel to do this by magic.

What happens when someone applies your patches and runs dmsetup table 
--showkeys?

Why should the use of keylocker be part of the luksFormat operation? 
Surely a non-KL machine should still be able to decrypt a nominally 
KL-using volume in a pinch, for recovery purposes if nothing else.

--Andy

  reply	other threads:[~2021-12-24 17:42 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-14  0:51 [PATCH v4 00/13] x86: Support Key Locker Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 01/13] Documentation/x86: Document " Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 02/13] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 03/13] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 04/13] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 05/13] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 06/13] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 07/13] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 08/13] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states Chang S. Bae
2021-12-17 15:42   ` Rafael J. Wysocki
2021-12-22  4:58     ` Bae, Chang Seok
2021-12-14  0:52 ` [PATCH v4 09/13] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 10/13] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 11/13] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2021-12-24 17:42   ` Andy Lutomirski [this message]
2022-01-07 18:06     ` Bae, Chang Seok
2021-12-14  0:52 ` [PATCH v4 12/13] crypto: x86/aes-kl - Support CBC mode Chang S. Bae
2021-12-14  0:52 ` [PATCH v4 13/13] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2021-12-16  1:09 ` [PATCH v4 00/13] x86: Support Key Locker Eric Biggers
2022-01-05 21:55   ` Bae, Chang Seok
2022-01-06  5:07     ` Eric Biggers
2022-01-06  6:13       ` Bae, Chang Seok
2022-01-06 16:25       ` [dm-devel] " Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=75ec3ad1-6234-ae1f-1b83-482793e4fd23@kernel.org \
    --to=luto@kernel.org \
    --cc=bp@suse.de \
    --cc=chang.seok.bae@intel.com \
    --cc=charishma1.gairuboyina@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=kumar.n.dwarakanath@intel.com \
    --cc=lalithambika.krishnakumar@intel.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).