lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jul 2018 11:44:33 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Kai Huang <kai.huang@...ux.intel.com>,
        Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCHv4 18/18] x86: Introduce CONFIG_X86_INTEL_MKTME

On 07/09/2018 11:36 AM, Konrad Rzeszutek Wilk wrote:
> On Tue, Jun 26, 2018 at 05:22:45PM +0300, Kirill A. Shutemov wrote:
> Rip out the X86?
>> +	bool "Intel Multi-Key Total Memory Encryption"
>> +	select DYNAMIC_PHYSICAL_MASK
>> +	select PAGE_EXTENSION
> 
> And maybe select 5-page?

Why?  It's not a strict dependency.  You *can* build a 4-level kernel
and run it on smaller systems.

>> +	depends on X86_64 && CPU_SUP_INTEL
>> +	---help---
>> +	  Say yes to enable support for Multi-Key Total Memory Encryption.
>> +	  This requires an Intel processor that has support of the feature.
>> +
>> +	  Multikey Total Memory Encryption (MKTME) is a technology that allows
>> +	  transparent memory encryption in and upcoming Intel platforms.
> 
> How about saying which CPUs? Or just dropping this?

We don't have any information about specifically which processors with
have this feature to share.  But, this config text does tell someone
that they can't use this feature on today's platforms.

We _did_ say this for previous features (protection keys stands out
where we said it was for "Skylake Servers" IIRC), but we are not yet
able to do the same for this feature.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ