Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key... | linux-crypto

[PATCH v3 00/15] x86: Support Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 01/15] Documentation/x86: Document Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 02/15] x86/cpufeature: Enumerate Key Locker feature · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 03/15] x86/insn: Add Key Locker instructions to the opcode map · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 04/15] x86/asm: Add a wrapper function for the LOADIWKEY instruction · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 05/15] x86/msr-index: Add MSRs for Key Locker internal wrapping key · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 06/15] x86/keylocker: Define Key Locker CPUID leaf · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Dan Williams <hidden> · 2021-11-30
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Ard Biesheuvel <ardb@kernel.org> · 2021-12-06
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-12-06
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Peter Zijlstra <peterz@infradead.org> · 2021-12-02
Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions · Bae, Chang Seok <hidden> · 2021-12-06
[PATCH v3 07/15] x86/cpu/keylocker: Load an internal wrapping key at boot-time · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 09/15] x86/cpu: Add a configuration and command line option for Key Locker · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
[PATCH v3-fix 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Chang S. Bae <hidden> · 2021-11-30
Re: [PATCH v3 08/15] x86/power/keylocker: Restore internal wrapping key from the ACPI S3/4 sleep states · Bae, Chang Seok <hidden> · 2021-11-30
[PATCH v3 12/15] crypto: x86/aes-kl - Support ECB mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 10/15] crypto: x86/aes - Prepare for a new AES implementation · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 13/15] crypto: x86/aes-kl - Support CBC mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 14/15] crypto: x86/aes-kl - Support CTR mode · Chang S. Bae <hidden> · 2021-11-24
[PATCH v3 15/15] crypto: x86/aes-kl - Support XTS mode · Chang S. Bae <hidden> · 2021-11-24
Re: [PATCH v3 00/15] x86: Support Key Locker · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Bae, Chang Seok <hidden> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH v3 00/15] x86: Support Key Locker · Bae, Chang Seok <hidden> · 2021-11-30

Re: [PATCH v3 11/15] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions

From: Peter Zijlstra <peterz@infradead.org>
Date: 2021-12-02 17:31:14
Also in: lkml

On Wed, Nov 24, 2021 at 12:06:56PM -0800, Chang S. Bae wrote:

+	encodekey256 %eax, %eax

So this thing uses the fancy new keylocker instructions, however:

quoted hunk ↗ jump to hunk

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 285f82647d2b..784a04433549 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig

@@ -1113,6 +1113,50 @@ config CRYPTO_AES_NI_INTEL
 	  ECB, CBC, LRW, XTS. The 64 bit version has additional
 	  acceleration for CTR.
 
+config CRYPTO_AES_KL
+	tristate "AES cipher algorithms (AES-KL)"
+	depends on (LD_VERSION >= 23600) || (LLD_VERSION >= 120000)
+	depends on DM_CRYPT
+	select X86_KEYLOCKER
+	select CRYPTO_AES_NI_INTEL


There is no dependency on the compiler actually supporting them..

config AS_HAS_KEYLOCKER
	def_bool $(as-instr,encodekey256)

	depends on AS_HAS_KEYLOCKER

Hmm?

+
+	help
+	  Key Locker provides AES SIMD instructions (AES-KL) for secure
+	  data encryption and decryption. While this new instruction
+	  set is analogous to AES-NI, AES-KL supports to encode an AES
+	  key to an encoded form ('key handle') and uses it to transform
+	  data instead of accessing the AES key.
+
+	  The setkey() transforms an AES key to a key handle, then the AES
+	  key is no longer needed for data transformation. A user may
+	  displace their keys from possible exposition.
+
+	  This key encryption is done by the CPU-internal wrapping key. The
+	  x86 core code loads a new random key at every boot time and
+	  restores it from deep sleep states. This wrapping key support is
+	  provided with X86_KEYLOCKER.
+
+	  AES-KL supports 128-/256-bit keys only. While giving a 192-bit
+	  key does not return an error, as AES-NI is chosen to process it,
+	  the claimed security property is not available with that.
+
+	  GNU binutils version 2.36 or above and LLVM version 12 or above
+	  are assemblers that support AES-KL instructions.
+
+	  Bare metal disk encryption is the preferred use case. Make it
+	  depend on DM_CRYPT.
+
+	  This selection enables an alternative crypto cipher for
+	  cryptsetup, e.g. "capi:xts-aes-aeskl-plain", to use with dm-crypt
+	  volumes. It trades off raw performance for reduced clear-text key
+	  exposure and has an additional failure mode compared to AES-NI.
+	  See Documentation/x86/keylocker.rst for more details. Key Locker
+	  usage requires explicit opt-in at cryptsetup time. So, select it
+	  if unsure.
+
+	  See also the CRYPTO_AES_NI_INTEL description for more about the
+	  AES cipher algorithm.
+
 config CRYPTO_AES_SPARC64
 	tristate "AES cipher algorithms (SPARC64)"
 	depends on SPARC64
-- 
2.17.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help