Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@amacapital.net> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@kernel.org> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 03/13] syscall/x86: Wire up a new system call for memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 08/13] mm: Use reference counting for encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Andy Lutomirski <luto@amacapital.net> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
[RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Kirill A. Shutemov <hidden> · 2018-12-07
[RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Eric Rannaud <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dan Williams <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05

From: Sakkinen, Jarkko <hidden>
Date: 2018-12-07 23:45:21
Also in: keyrings, linux-mm

On Fri, 2018-12-07 at 13:59 -0800, Jarkko Sakkinen wrote:

On Fri, 2018-12-07 at 14:57 +0300, Kirill A. Shutemov wrote:

quoted

What is the threat model anyway for AMD and Intel technologies?

For me it looks like that you can read, write and even replay 
encrypted pages both in SME and TME.

What replay attack are you talking about? MKTME uses AES-XTS with physical
address tweak. So the data is tied to the place in physical address space
and
replacing one encrypted page with another encrypted page from different
address will produce garbage on decryption.

Just trying to understand how this works.

So you use physical address like a nonce/version for the page and
thus prevent replay? Was not aware of this.

The brutal fact is that a physical address is an astronomical stretch
from a random value or increasing counter. Thus, it is fair to say that
MKTME provides only naive measures against replay attacks...

/Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help