lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180709185246.GC17368@char.us.oracle.com>
Date:   Mon, 9 Jul 2018 14:52:46 -0400
From:   Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Kai Huang <kai.huang@...ux.intel.com>,
        Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCHv4 18/18] x86: Introduce CONFIG_X86_INTEL_MKTME

On Mon, Jul 09, 2018 at 11:44:33AM -0700, Dave Hansen wrote:
> On 07/09/2018 11:36 AM, Konrad Rzeszutek Wilk wrote:
> > On Tue, Jun 26, 2018 at 05:22:45PM +0300, Kirill A. Shutemov wrote:
> > Rip out the X86?
> >> +	bool "Intel Multi-Key Total Memory Encryption"
> >> +	select DYNAMIC_PHYSICAL_MASK
> >> +	select PAGE_EXTENSION
> > 
> > And maybe select 5-page?
> 
> Why?  It's not a strict dependency.  You *can* build a 4-level kernel
> and run it on smaller systems.

Sure, but in one of his commits he mentions that we may run in overlapping
physical memory if we use 4-level paging. Hence why not just move to 5-level
paging and simplify this.
> 
> >> +	depends on X86_64 && CPU_SUP_INTEL
> >> +	---help---
> >> +	  Say yes to enable support for Multi-Key Total Memory Encryption.
> >> +	  This requires an Intel processor that has support of the feature.
> >> +
> >> +	  Multikey Total Memory Encryption (MKTME) is a technology that allows
> >> +	  transparent memory encryption in and upcoming Intel platforms.
> > 
> > How about saying which CPUs? Or just dropping this?
> 
> We don't have any information about specifically which processors with
> have this feature to share.  But, this config text does tell someone
> that they can't use this feature on today's platforms.
> 
> We _did_ say this for previous features (protection keys stands out
> where we said it was for "Skylake Servers" IIRC), but we are not yet
> able to do the same for this feature.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ