Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@amacapital.net> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Andy Lutomirski <luto@kernel.org> · 2018-12-05
Re: [RFC v2 01/13] x86/mktme: Document the MKTME APIs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 03/13] syscall/x86: Wire up a new system call for memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 08/13] mm: Use reference counting for encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
[RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Andy Lutomirski <luto@amacapital.net> · 2018-12-04
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 07/13] x86/mm: Add helpers for reference counting encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 05/13] x86/mm: Set KeyIDs in encrypted VMAs · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
[RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Alison Schofield <alison.schofield@intel.com> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows · Kirill A. Shutemov <hidden> · 2018-12-07
[RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Peter Zijlstra <peterz@infradead.org> · 2018-12-05
Re: [RFC v2 11/13] keys/mktme: Program memory encryption keys on a system wide basis · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption · Sakkinen, Jarkko <hidden> · 2018-12-06
[RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 13/13] keys/mktme: Support CPU Hotplug for MKTME keys · Alison Schofield <alison.schofield@intel.com> · 2018-12-05
[RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Alison Schofield <alison.schofield@intel.com> · 2018-12-04
Re: [RFC v2 06/13] mm: Add the encrypt_mprotect() system call · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Peter Zijlstra <peterz@infradead.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-04
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Jarkko Sakkinen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Kirill A. Shutemov <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-12
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-13
RE: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-12
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Eric Rannaud <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-05
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dan Williams <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-06
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Andy Lutomirski <luto@kernel.org> · 2018-12-07
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Dave Hansen <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Huang, Kai <hidden> · 2018-12-08
Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) · Sakkinen, Jarkko <hidden> · 2018-12-05

From: Kirill A. Shutemov <hidden>
Date: 2018-12-06 11:23:02
Also in: keyrings, linux-mm

On Wed, Dec 05, 2018 at 08:32:52PM +0000, Sakkinen, Jarkko wrote:

On Tue, 2018-12-04 at 12:46 +0300, Kirill A. Shutemov wrote:

quoted

On Tue, Dec 04, 2018 at 09:25:50AM +0000, Peter Zijlstra wrote:

quoted

On Mon, Dec 03, 2018 at 11:39:47PM -0800, Alison Schofield wrote:

quoted

(Multi-Key Total Memory Encryption)

I think that MKTME is a horrible name, and doesn't appear to accurately
describe what it does either. Specifically the 'total' seems out of
place, it doesn't require all memory to be encrypted.

MKTME implies TME. TME is enabled by BIOS and it encrypts all memory with
CPU-generated key. MKTME allows to use other keys or disable encryption
for a page.

When you say "disable encryption to a page" does the encryption get
actually disabled or does the CPU just decrypt it transparently i.e.
what happens physically?

Yes, it gets disabled. Physically. It overrides TME encryption.

-- 
 Kirill A. Shutemov

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help