lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0a717d253785b3b6ea5f889d7399ad06ca465896.camel@intel.com>
Date:   Thu, 07 Apr 2022 13:00:44 +1200
From:   Kai Huang <kai.huang@...el.com>
To:     Isaku Yamahata <isaku.yamahata@...il.com>
Cc:     isaku.yamahata@...el.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
        Jim Mattson <jmattson@...gle.com>, erdemaktas@...gle.com,
        Connor Kuehl <ckuehl@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>
Subject: Re: [RFC PATCH v5 023/104] x86/cpu: Add helper functions to
 allocate/free MKTME keyid

> 
> > 
> > Also export the global TDX private host key id that is used to encrypt TDX
> > module, its memory and some dynamic data (e.g. TDR).  
> > 

Sorry I was replying too quick.

This sentence is not correct.  Hardware doesn't use global KeyID to encrypt TDX
module itself.  In current generation of TDX, global KeyID is used to encrypt
TDX memory metadata (PAMTs) and TDRs.


> > When VMM releasing
> > encrypted page to reuse it, the page needs to be flushed with the used host
> > key id.  VMM needs the global TDX private host key id to flush such pages
> > TDX module accesses with the global TDX private host key id.
> > 
> > 
> 
> Find to me.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ