lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 17 Feb 2017 10:43:37 -0600
From:   Tom Lendacky <>
To:     Konrad Rzeszutek Wilk <>
CC:     <>, <>,
        <>, <>,
        <>, <>,
        <>, <>,
        <>, Rik van Riel <>,
        Radim Krčmář <>,
        Toshimitsu Kani <>,
        Arnd Bergmann <>,
        Jonathan Corbet <>,
        Matt Fleming <>,
        "Michael S. Tsirkin" <>,
        Joerg Roedel <>,
        Paolo Bonzini <>,
        Brijesh Singh <>,
        Ingo Molnar <>,
        Alexander Potapenko <>,
        Andy Lutomirski <>,
        "H. Peter Anvin" <>, Borislav Petkov <>,
        Andrey Ryabinin <>,
        Thomas Gleixner <>,
        Larry Woodman <>,
        Dmitry Vyukov <>
Subject: Re: [RFC PATCH v4 26/28] x86: Allow kexec to be used with SME

On 2/17/2017 9:57 AM, Konrad Rzeszutek Wilk wrote:
> On Thu, Feb 16, 2017 at 09:47:55AM -0600, Tom Lendacky wrote:
>> Provide support so that kexec can be used to boot a kernel when SME is
>> enabled.
> Is the point of kexec and kdump to ehh, dump memory ? But if the
> rest of the memory is encrypted you won't get much, will you?

Kexec can be used to reboot a system without going back through BIOS.
So you can use kexec without using kdump.

For kdump, just taking a quick look, the option to enable memory
encryption can be provided on the crash kernel command line and then
crash kernel can would be able to copy the memory decrypted if the
pagetable is set up properly. It looks like currently ioremap_cache()
is used to map the old memory page.  That might be able to be changed
to a memremap() so that the encryption bit is set in the mapping. That
will mean that memory that is not marked encrypted (EFI tables, swiotlb
memory, etc) would not be read correctly.

> Would it make sense to include some printk to the user if they
> are setting up kdump that they won't get anything out of it?

Probably a good idea to add something like that.


> Thanks.

Powered by blists - more mailing lists