Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp6269621ybi; Wed, 31 Jul 2019 11:15:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqzjXP+ew3rk/+NRGg4m+Lbym5REsA7Bt3ZzvYXpanwIT9pdYcxtjCMNTZSoDOEzcZlffxPb X-Received: by 2002:a63:8f55:: with SMTP id r21mr113657078pgn.318.1564596931510; Wed, 31 Jul 2019 11:15:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564596931; cv=none; d=google.com; s=arc-20160816; b=CSew5jjbG3T0ed+n26CewNNd0td0nNWR3hsOy+SoxzOcapH3YeLLVP3kEiK1kI3UYL NCs3XtxQByHWzWVbQAad9ixrp/05YkXc1Mu0Z+frxOHRYgO17DzTy+wAKHY5EyqC7btj hI0FLp9dhB5/Go9xvnCe4cJdPMTAPlqr1QiT48Ofv7mKj3OtRLXFC1sRxrSkWQNjtSZi wFymh0RI5Nd0yoFp7ovjWvfkwwbcAuy/ww8BYIL2s+6rDX7ZKkAfjmMDYnATYGYUzi7t GiXooXcZXcyuyTpNJ5DzJR+8zMYfTFtns70t5Oat6sjygnYLD48X9j6JHhqiQTU/eQr8 fKlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rS7n4vbFz7RKbnJIWYLJ3LD2/VhASWWBXDQ1YiyXUK4=; b=BLaCnyjzT/KkY/h/5PAB/kKkUH12ISOYHFMO4XyZS9hTGy7nQCbrJysSEPR4eXm2C4 D/JS2RiTw+ISDbwtAEwgOqSEzs+COLocDnmwX4DZerD/2gsG4cjJpKqJdi7wNcF37fdf uit3bNpTHMqn6/NWixkQcgIco4/iMJd5ABOGBMd5KRkPiOGmAuIikmwuvl2CfOvWY8+N lgDe9b0izn4s0W9RpOy8I7dOPzA6hBV52ZOh17mfz37UEJLK3k7ZVxA7eUn4xiUJ8r/o grweGuevn+HymyrWa3i16q06+SgQjbuhd639aNGjgsedIUEV1RbwMyZvAUCL1u8b+O5H OVPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=afbMm0Gf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g18si13999056pgk.246.2019.07.31.11.15.16; Wed, 31 Jul 2019 11:15:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=afbMm0Gf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729360AbfGaPTE (ORCPT + 99 others); Wed, 31 Jul 2019 11:19:04 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:33936 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726594AbfGaPTD (ORCPT ); Wed, 31 Jul 2019 11:19:03 -0400 Received: by mail-ed1-f66.google.com with SMTP id s49so31230402edb.1 for ; Wed, 31 Jul 2019 08:19:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rS7n4vbFz7RKbnJIWYLJ3LD2/VhASWWBXDQ1YiyXUK4=; b=afbMm0GfaAisY0kxZUpRSnh8R0UIgNbJC7BJabH5D9WD/FNoXqbra0An01CbRBxtGZ 6HU1X6ERvuzfNqTtDr+HgIFNQrS9uH8mDg4JioI9lUGBcB+JyiVbUiZDn49xnAK2QQn2 oQ3mhFNgfpG+AUJM6loNdB65enq3rg75smpnnn5r67isH8PNtXlUf6jqP5gfHsQbMQyF l59jSDgnvEUi9oWKOkD6rlyjzioaGiCcKXFv5vzlqChSrqbNMbLCeGEwMXmrJepCKBgI Uuo0QV/OGqvUg9Jx7SfUQ3NHZ5kkTcCYHyjFw9TFCxaRJlkdceV57/R8dgaSbT3qft98 VEWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rS7n4vbFz7RKbnJIWYLJ3LD2/VhASWWBXDQ1YiyXUK4=; b=mfnL1QyMvxZ7qxPI0zAKHg6FhqsqcMidMRFl+6ix/GvmIsZOWnep/CRlf6uOKhHdB/ FJRThUx7ERzrlhXkJlqrmIRbZdSC9CRNakoRlWaqhlv3+/IGkATqtvb1jHfL9NmGT4uw fSDVwWJ5BBpl4+DJrNzLysldnE63khH+heJ8FpQ/m9L66Eo9sgVleOmMiXWlAiDqDEkR pK3ANMVye3E9MHW1lfPWECmbXxkAfvCjnK5XxAs/aVLmoCt7QNjqXfe0V2X5VMCOqQNe A4ipyD2daXzp9HlaWlr90x8ImyKX76QhLx8HP16jhE1Q85JklK20fWZzWukL8Q/UxYpK vy1w== X-Gm-Message-State: APjAAAUZgwo7k0ylGuWnx4rCpdF6lIt7gDhx7soYZZM+SyKjjixoW59s puAjwnButvewUa584o475L0= X-Received: by 2002:a17:906:6bc4:: with SMTP id t4mr97503471ejs.256.1564586032415; Wed, 31 Jul 2019 08:13:52 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id 9sm8069757ejw.63.2019.07.31.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:50 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 7337F1048A6; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 54/59] x86/mktme: Overview of Multi-Key Total Memory Encryption Date: Wed, 31 Jul 2019 18:08:08 +0300 Message-Id: <20190731150813.26289-55-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alison Schofield Provide an overview of MKTME on Intel Platforms. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/index.rst | 1 + Documentation/x86/mktme/index.rst | 8 +++ Documentation/x86/mktme/mktme_overview.rst | 57 ++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 Documentation/x86/mktme/index.rst create mode 100644 Documentation/x86/mktme/mktme_overview.rst diff --git a/Documentation/x86/index.rst b/Documentation/x86/index.rst index af64c4bb4447..449bb6abeb0e 100644 --- a/Documentation/x86/index.rst +++ b/Documentation/x86/index.rst @@ -22,6 +22,7 @@ x86-specific Documentation intel_mpx intel-iommu intel_txt + mktme/index amd-memory-encryption pti mds diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst new file mode 100644 index 000000000000..1614b52dd3e9 --- /dev/null +++ b/Documentation/x86/mktme/index.rst @@ -0,0 +1,8 @@ + +========================================= +Multi-Key Total Memory Encryption (MKTME) +========================================= + +.. toctree:: + + mktme_overview diff --git a/Documentation/x86/mktme/mktme_overview.rst b/Documentation/x86/mktme/mktme_overview.rst new file mode 100644 index 000000000000..64c3268a508e --- /dev/null +++ b/Documentation/x86/mktme/mktme_overview.rst @@ -0,0 +1,57 @@ +Overview +========= +Multi-Key Total Memory Encryption (MKTME)[1] is a technology that +allows transparent memory encryption in upcoming Intel platforms. +It uses a new instruction (PCONFIG) for key setup and selects a +key for individual pages by repurposing physical address bits in +the page tables. + +Support for MKTME is added to the existing kernel keyring subsystem +and via a new mprotect_encrypt() system call that can be used by +applications to encrypt anonymous memory with keys obtained from +the keyring. + +This architecture supports encrypting both normal, volatile DRAM +and persistent memory. However, persistent memory support is +not included in the Linux kernel implementation at this time. +(We anticipate adding that support next.) + +Hardware Background +=================== + +MKTME is built on top of an existing single-key technology called +TME. TME encrypts all system memory using a single key generated +by the CPU on every boot of the system. TME provides mitigation +against physical attacks, such as physically removing a DIMM or +watching memory bus traffic. + +MKTME enables the use of multiple encryption keys[2], allowing +selection of the encryption key per-page using the page tables. +Encryption keys are programmed into each memory controller and +the same set of keys is available to all entities on the system +with access to that memory (all cores, DMA engines, etc...). + +MKTME inherits many of the mitigations against hardware attacks +from TME. Like TME, MKTME does not mitigate vulnerable or +malicious operating systems or virtual machine managers. MKTME +offers additional mitigations when compared to TME. + +TME and MKTME use the AES encryption algorithm in the AES-XTS +mode. This mode, typically used for block-based storage devices, +takes the physical address of the data into account when +encrypting each block. This ensures that the effective key is +different for each block of memory. Moving encrypted content +across physical address results in garbage on read, mitigating +block-relocation attacks. This property is the reason many of +the discussed attacks require control of a shared physical page +to be handed from the victim to the attacker. + +-- +1. https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf +2. The MKTME architecture supports up to 16 bits of KeyIDs, so a + maximum of 65535 keys on top of the “TME key” at KeyID-0. The + first implementation is expected to support 6 bits, making 63 + keys available to applications. However, this is not guaranteed. + The number of available keys could be reduced if, for instance, + additional physical address space is desired over additional + KeyIDs. -- 2.21.0