Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker

[RFC PATCH v2 00/11] x86: Support Intel Key Locker · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 01/11] x86/cpufeature: Enumerate Key Locker feature · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 02/11] x86/insn: Add Key Locker instructions to the opcode map · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 03/11] x86/cpu: Load Key Locker internal key at boot-time · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 04/11] x86/msr-index: Add MSRs for Key Locker internal key · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 05/11] x86/power: Restore Key Locker internal key from the ACPI S3/4 sleep states · Chang S. Bae <hidden> · 2021-05-14
Re: [RFC PATCH v2 05/11] x86/power: Restore Key Locker internal key from the ACPI S3/4 sleep states · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-05-24
[RFC PATCH v2 06/11] x86/cpu: Add a config option and a chicken bit for Key Locker · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 07/11] selftests/x86: Test Key Locker internal key maintenance · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 08/11] crypto: x86/aes-ni - Improve error handling · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 11/11] x86/cpu: Support the hardware randomization option for Key Locker internal key · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 09/11] crypto: x86/aes-ni - Refactor to prepare a new AES implementation · Chang S. Bae <hidden> · 2021-05-14
[RFC PATCH v2 10/11] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Chang S. Bae <hidden> · 2021-05-14
Re: [RFC PATCH v2 10/11] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Eric Biggers <ebiggers@kernel.org> · 2021-05-17
Re: [RFC PATCH v2 10/11] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-05-17
Re: [RFC PATCH v2 10/11] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Eric Biggers <ebiggers@kernel.org> · 2021-05-17
Re: [RFC PATCH v2 10/11] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Andy Lutomirski <luto@kernel.org> · 2021-05-18
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Andy Lutomirski <luto@kernel.org> · 2021-05-15
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Bae, Chang Seok <hidden> · 2021-05-17
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Dan Williams <hidden> · 2021-05-17
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Bae, Chang Seok <hidden> · 2021-05-17
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Sean Christopherson <seanjc@google.com> · 2021-05-17
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Andy Lutomirski <luto@kernel.org> · 2021-05-18
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Sean Christopherson <seanjc@google.com> · 2021-05-18
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Andy Lutomirski <luto@kernel.org> · 2021-05-19
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Sean Christopherson <seanjc@google.com> · 2021-05-19
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Sean Christopherson <seanjc@google.com> · 2021-05-20
Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker · Bae, Chang Seok <hidden> · 2021-12-06

From: Bae, Chang Seok <hidden>
Date: 2021-05-17 22:20:41
Also in: lkml

On May 17, 2021, at 11:45, Dan Williams [off-list ref] wrote:

On Mon, May 17, 2021 at 11:21 AM Bae, Chang Seok
[off-list ref] wrote:

quoted

On May 15, 2021, at 11:01, Andy Lutomirski [off-list ref] wrote:

quoted


I certainly understand how KL is valuable in a context where
a verified boot process installs some KL keys that are not subsequently
accessible outside the KL ISA, but Linux does not really work like this.

Do you mind elaborating on the concern?  I try to understand any issue with
PATCH3 [1], specifically.

If I understand Andy's concern it is the observation that the weakest
link in this facility is the initial key load. Yes, KL reduces
exposure after that event, but the key loading process is still
vulnerable. This question is similar to the concern between the Linux
"encrypted-keys" and "trusted-keys" interface. The trusted-keys
interface still has an attack window where the key is unwrapped in
kernel space to decrypt the sub-keys, but that exposure need not cross
the user-kernel boundary and can be time-limited to a given PCR state.
The encrypted-keys interface maintains the private-key material
outside the kernel where it has increased exposure. KL is effectively
"encrypted-keys" and Andy is questioning whether this makes KL similar
to the MKTME vs SGX / TDX situation.

I don’t fully grasp the MKTME vs SGX/TDX background, but LOADIWKEY provides a
hardware randomization option for the initial load.  Then, the internal key is
unknown.  Nonetheless, if one does not trust this randomization and decides
not to use it, then perhaps unavoidable is the key in memory sometime during
boot-time.

I think Dan just gave an example here, but FWIW, these “encrypted-keys” and
“trusted-keys” are for the kernel keyring service. I wish to clarify the
keyring service itself is not intended usage here. Instead, this series is
intended to focus on the kernel Crypto API, as this technology protects AES
keys during data transformation time.

quoted

I'm wondering what people will use it for.

Mentioned above.

I don't think this answers Andy's question. There is a distinction
between what it can be used for and what people will deploy with it in
practice given the "encrypted-keys"-like exposure. Clarify the end
user benefit that motivates the kernel to carry this support.

The end-user of this series will benefit from key protection at data
transformation time and also be provided with matched performance as AES-NI
does.

Thanks,
Chang

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help