Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@amacapital.net> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@kernel.org> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 03/13] syscall/x86: Wire up a new system call for memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 08/13] mm: Use reference counting for encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Andy Lutomirski <luto@amacapital.net> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
[RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Kirill A. Shutemov <hidden> · 2018-12-07
[RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Eric Rannaud <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dan Williams <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05

From: Sakkinen, Jarkko <hidden>
Date: 2018-12-13 05:52:17
Also in: keyrings, linux-mm

On Thu, 2018-12-13 at 07:49 +0200, Jarkko Sakkinen wrote:

On Thu, 2018-12-13 at 07:27 +0800, Huang, Kai wrote:

quoted

This all should be summarized in the documentation (high-level model and
corner cases).

I am not sure whether it is necessary to document L1TF explicitly, since it
is
quite obvious that MKTME doesn't prevent that. IMHO if needed we only need
to
mention MKTME doesn't prevent any sort of cache based attack, since data in
cache is in clear.

In fact SGX doesn't prevent this either..

Sorry, was a bit unclear. I meant the assumptions and goals.

I.e. what I put in my earlier response, what belongs to TCB and what
types adversaries is pursued to be protected.

/Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help