Re: [PATCH v3 00/15] x86: Support Key Locker

[PATCH v3 00/15] x86: Support Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 01/15] Documentation/x86: Document Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 02/15] x86/cpufeature: Enumerate Key Locker feature · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 03/15] x86/insn: Add Key Locker instructions to the opcode map · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 04/15] x86/asm: Add a wrapper function for the LOADIWKEY instruction · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 05/15] x86/msr-index: Add MSRs for Key Locker internal wrapping key · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 06/15] x86/keylocker: Define Key Locker CPUID leaf · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Dan Williams <hidden> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Ard Biesheuvel <ardb@kernel.org> · 2021-12-06
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-12-06
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Peter Zijlstra <peterz@infradead.org> · 2021-12-02
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-12-06
[PATCH v3 07/15] x86/cpu/keylocker: Load an internal wrapping key at boot-time · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 09/15] x86/cpu: Add a configuration and command line option for Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
[PATCH v3-fix 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Chang S. Bae <hidden> · 2021-11-30
Re: [PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Bae, Chang Seok <hidden> · 2021-11-30
[PATCH v3 12/15] crypto: x86/aes-kl - Support ECB mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 10/15] crypto: x86/aes - Prepare for a new AES implementation · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 13/15] crypto: x86/aes-kl - Support CBC mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 14/15] crypto: x86/aes-kl - Support CTR mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 15/15] crypto: x86/aes-kl - Support XTS mode · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 00/15] x86: Support Key Locker · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Bae, Chang Seok <hidden> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Bae, Chang Seok <hidden> · 2021-11-30

From: Eric Biggers <ebiggers@kernel.org>
Date: 2021-11-30 07:23:49
Also in: lkml

On Tue, Nov 30, 2021 at 06:36:15AM +0000, Bae, Chang Seok wrote:

On Nov 29, 2021, at 19:27, Eric Biggers [off-list ref] wrote:

quoted

On Wed, Nov 24, 2021 at 12:06:45PM -0800, Chang S. Bae wrote:

quoted

== Non Use Cases ==

Bare metal disk encryption is the only use case intended by these patches.

If that's the case, why are so many encryption modes being added (ECB, CTR, CBC,
and XTS)?  Wouldn't just XTS be sufficient?

Right, it would reduce the crypt library changes significantly. But it is
clueless whether XTS is sufficient to support DM-crypt, because a user may
select the kernel’s crypto API via ‘capi:', [1].

Just because dm-crypt allows you to create a ECB or CTR encrypted disk does not
mean that it is a good idea.

- Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help