RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@amacapital.net> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@kernel.org> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 03/13] syscall/x86: Wire up a new system call for memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 08/13] mm: Use reference counting for encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Andy Lutomirski <luto@amacapital.net> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
[RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Kirill A. Shutemov <hidden> · 2018-12-07
[RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Eric Rannaud <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dan Williams <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05

From: Huang, Kai <hidden>
Date: 2018-12-12 23:24:25
Also in: keyrings, linux-mm

I strongly suspect that, on L1TF-vulnerable CPUs, MKTME provides no
protection whatsoever.  It sounds like MKTME is implemented in the
memory controller -- as far as the rest of the CPU and the cache hierarchy
are concerned, the MKTME key selction bits are just part of the physical
address.  So an attack like L1TF that leaks a cacheline that's selected by
physical address will leak the cleartext if the key selection bits are set
correctly.

Right. MKTME doesn't prevent cache based attack. Data in cache is in clear.

Thanks,
-Kai

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help