Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp876599pxj;
        Tue, 18 May 2021 16:35:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwBuXw2qT9JuNfvdIgBNkPJU97hyM14lI14vU5qyIAZZxxlWreZA2IEOkaDRKyBmJvK81Js
X-Received: by 2002:a05:6e02:1aaa:: with SMTP id l10mr7287541ilv.29.1621380912993;
        Tue, 18 May 2021 16:35:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621380912; cv=none;
        d=google.com; s=arc-20160816;
        b=clM0WBoTQzz0R6lgowezLZTx9afAvaSOJTX2dmIeOAWYxUiYi2DYhhRqkgg3G8SSmu
         h0Qc14lZTQsKL4ZjGnDSgGOATwLd8DScb9RV3a2WyNXizyIYWx7EjcnyyE+LHnV6iaxd
         /BV9yeCPxdKYLKWJQDouezZWHoSlk4cE4Xh11QwgWpF0eWAb3zWj3SDSRLpQVYdnaMwp
         hmgfFz6MzScDAYWPmfAjy6B6W5+XQL/SiJU5Lnugr9kVTIlMPVOVi19VYpvZ63O+ZpZV
         r/Z4g9k2Twe3c+bgHmEEZxu/mJkUbR0LoVFBegxEqwxslG1yCZJqUtNMbR+/l2fsSrF3
         2j+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=AleBjFBWk3Df8DfvZfAUw4Js6OSMy8R4ZV9LCI/pwZE=;
        b=Q17xH1yEpnc1dL4mJKho5UFX6jbKfqZYqAaKTnpsb9hZbDFzzOmdEdwh+IQMLWtOfU
         RDOPHj8kBETouygKZJ4IQPuRcWKEpNmNmBdx5bCdfGHinuxIV8TC9q3DOFEcm2tNQa0Z
         DT8ZgNIrD/mDH3LZArVxCGirfpD0G4BhjJxtW82NB+zy26qoSRpifxXzMrNrAcfL27Ct
         3cw/GlHPCk8zzYZLiAHE1TaKdBwVtPS7CGo2yh1/+8Ebur1zw0chbw/vVgUZ+kUByU5L
         Gb/rXrMbMYgMBT8Yd0Ix9nKuB7AREONLxxWNTs+7JCC2z3txUdYz1QhfH+gEc1rme5wq
         GBWw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=JU135R0n;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h21si23229151jav.99.2021.05.18.16.34.48;
        Tue, 18 May 2021 16:35:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=JU135R0n;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235343AbhEQSqf (ORCPT <rfc822;kestrelseventyfour@gmail.com>
        + 99 others); Mon, 17 May 2021 14:46:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42160 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234106AbhEQSqe (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 17 May 2021 14:46:34 -0400
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7791C061756
        for <linux-crypto@vger.kernel.org>; Mon, 17 May 2021 11:45:17 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id r11so8062281edt.13
        for <linux-crypto@vger.kernel.org>; Mon, 17 May 2021 11:45:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=intel-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=AleBjFBWk3Df8DfvZfAUw4Js6OSMy8R4ZV9LCI/pwZE=;
        b=JU135R0n5DaljOl5R2QVLhmEXd6W9BOJCDVRRcwiuF87TC1z1ppmct1rIvJjAsWl0K
         e8Cw23klCNFsqrG9MMzEvBkNtNp8AJxVEMwS1o0bgYvdTMCbcOx8MAbK8+DfbqzovsKy
         bgicDs1vJAblZa/pBKh7x7PYrlS1lPicErkJX12tpDIEzCaPLTxNSjE3N9VLEmAa7Onc
         whfRhjW/EBLUf3Q2Qg8TbBkIssSxuOJ/TEMV1DP1yvRtVLzS55wOqZKg5uM/Lxjr3t/s
         Jk/NmP9VZ2xoNPGXj+pNZ06GkB9nhLaWZFgsn9OXE7NGrZ+v43cCKz5M/I9tflPg+4QO
         8YlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=AleBjFBWk3Df8DfvZfAUw4Js6OSMy8R4ZV9LCI/pwZE=;
        b=Y26mQWeMOy3VR0uqk2APkI78d69alH4ytUSvUudxe8Ip+ufX6FHAyWVKqLOAkE1JrN
         Kwl2vsZnRm95irpc3kc3iUi4zKI/wdQDZyVdMut9PK/Gls6wvpwk4xBNBdJF/g+fhrmb
         5HqJ1t5lE3xSVEhoeqVr1c9600Jp1oSqh3yOdZQpWxP5lRQuZlTWVJut+NGHxroIyFcZ
         bPbZaGWlSDI6rX4OBGxeIskvWCG/kmn5FBMFOEOgXjhLo9C/AKsS1mUUk01JHx65goxr
         RR2LZmxVig8SZ4777eGXDXwfgbQtI27uigewsSJap+S+gAxS40cp1CL417EZT6MBX6oS
         e6WA==
X-Gm-Message-State: AOAM531NO+DKgSJpa5JL5/pHpORfjPDgWKXnwNY9t60zcdV0gXuHuw4a
        nr25L68XItMXyqgsd3PNW5tVA8vOBpH89SRwyyaPXA==
X-Received: by 2002:a05:6402:13c3:: with SMTP id a3mr1824579edx.18.1621277116686;
 Mon, 17 May 2021 11:45:16 -0700 (PDT)
MIME-Version: 1.0
References: <20210514201508.27967-1-chang.seok.bae@intel.com>
 <9f556d3b-49d3-5b0b-0d92-126294ea082d@kernel.org> <C08CCADB-864B-48E0-89E0-4BF6841771E8@intel.com>
In-Reply-To: <C08CCADB-864B-48E0-89E0-4BF6841771E8@intel.com>
From:   Dan Williams <dan.j.williams@intel.com>
Date:   Mon, 17 May 2021 11:45:05 -0700
Message-ID: <CAPcyv4hkHoj5Jb6SdXyADuaFnPpW+zen-hZeJw+qisa64srOFQ@mail.gmail.com>
Subject: Re: [RFC PATCH v2 00/11] x86: Support Intel Key Locker
To:     "Bae, Chang Seok" <chang.seok.bae@intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@suse.de>,
        X86 ML <x86@kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        "Shankar, Ravi V" <ravi.v.shankar@intel.com>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Mon, May 17, 2021 at 11:21 AM Bae, Chang Seok
<chang.seok.bae@intel.com> wrote:
>
> On May 15, 2021, at 11:01, Andy Lutomirski <luto@kernel.org> wrote:
> > On 5/14/21 1:14 PM, Chang S. Bae wrote:
> >> Key Locker [1][2] is a new security feature available in new Intel CPU=
s to
> >> protect data encryption keys for the Advanced Encryption Standard
> >> algorithm. The protection limits the amount of time an AES key is expo=
sed
> >> in memory by sealing a key and referencing it with new AES instruction=
s.
> >>
> >> The new AES instruction set is a successor of Intel's AES-NI (AES New
> >> Instruction). Users may switch to the Key Locker version from crypto
> >> libraries.  This series includes a new AES implementation for the Cryp=
to
> >> API, which was validated through the crypto unit tests. The performanc=
e in
> >> the test cases was measured and found comparable to the AES-NI version=
.
> >>
> >> Key Locker introduces a (CPU-)internal key to encode AES keys. The ker=
nel
> >> needs to load it and ensure it unchanged as long as CPUs are operation=
al.
> >
> > I have high-level questions:
> >
> > What is the expected use case?
>
> The wrapping key here is only used for new AES instructions.
>
> I=E2=80=99m aware of their potential use cases for encrypting file system=
 or disks.
>
> > My personal hypothesis, based on various
> > public Intel slides, is that the actual intended use case was internal
> > to the ME, and that KL was ported to end-user CPUs more or less
> > verbatim.
>
> No, this is a separate one. The feature has nothing to do with the firmwa=
re
> except that in some situations it merely helps to back up the key in its
> state.
>
> > I certainly understand how KL is valuable in a context where
> > a verified boot process installs some KL keys that are not subsequently
> > accessible outside the KL ISA, but Linux does not really work like this=
.
>
> Do you mind elaborating on the concern?  I try to understand any issue wi=
th
> PATCH3 [1], specifically.

If I understand Andy's concern it is the observation that the weakest
link in this facility is the initial key load. Yes, KL reduces
exposure after that event, but the key loading process is still
vulnerable. This question is similar to the concern between the Linux
"encrypted-keys" and "trusted-keys" interface. The trusted-keys
interface still has an attack window where the key is unwrapped in
kernel space to decrypt the sub-keys, but that exposure need not cross
the user-kernel boundary and can be time-limited to a given PCR state.
The encrypted-keys interface maintains the private-key material
outside the kernel where it has increased exposure. KL is effectively
"encrypted-keys" and Andy is questioning whether this makes KL similar
to the MKTME vs SGX / TDX situation.

>
> > I'm wondering what people will use it for.
>
> Mentioned above.

I don't think this answers Andy's question. There is a distinction
between what it can be used for and what people will deploy with it in
practice given the "encrypted-keys"-like exposure. Clarify the end
user benefit that motivates the kernel to carry this support.