| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Nov 2022 08:34:46 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"binbin.wu@...ux.intel.com" <binbin.wu@...ux.intel.com>
CC: "Hansen, Dave" <dave.hansen@...el.com>,
"Luck, Tony" <tony.luck@...el.com>,
"bagasdotme@...il.com" <bagasdotme@...il.com>,
"ak@...ux.intel.com" <ak@...ux.intel.com>,
"Wysocki, Rafael J" <rafael.j.wysocki@...el.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"Christopherson,, Sean" <seanjc@...gle.com>,
"Chatre, Reinette" <reinette.chatre@...el.com>,
"pbonzini@...hat.com" <pbonzini@...hat.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"Yamahata, Isaku" <isaku.yamahata@...el.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"Shahar, Sagi" <sagis@...gle.com>,
"imammedo@...hat.com" <imammedo@...hat.com>,
"Gao, Chao" <chao.gao@...el.com>,
"Brown, Len" <len.brown@...el.com>,
"sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"Huang, Ying" <ying.huang@...el.com>,
"Williams, Dan J" <dan.j.williams@...el.com>
Subject: Re: [PATCH v7 17/20] x86/virt/tdx: Configure global KeyID on all
packages
On Wed, 2022-11-30 at 11:35 +0800, Binbin Wu wrote:
> On 11/21/2022 8:26 AM, Kai Huang wrote:
> > After the array of TDMRs and the global KeyID are configured to the TDX
> > module, use TDH.SYS.KEY.CONFIG to configure the key of the global KeyID
> > on all packages.
> >
> > TDH.SYS.KEY.CONFIG must be done on one (any) cpu for each package. And
> > it cannot run concurrently on different CPUs. Implement a helper to
> > run SEAMCALL on one cpu for each package one by one, and use it to
> > configure the global KeyID on all packages.
> >
> > Intel hardware doesn't guarantee cache coherency across different
> > KeyIDs. The kernel needs to flush PAMT's dirty cachelines (associated
> > with KeyID 0) before the TDX module uses the global KeyID to access the
> > PAMT. Following the TDX module specification, flush cache before
> > configuring the global KeyID on all packages.
> >
> > Given the PAMT size can be large (~1/256th of system RAM), just use
> > WBINVD on all CPUs to flush.
> >
> > Note if any TDH.SYS.KEY.CONFIG fails, the TDX module may already have
> > used the global KeyID to write any PAMT. Therefore, need to use WBINVD
> > to flush cache before freeing the PAMTs back to the kernel. Note using
> > MOVDIR64B (which changes the page's associated KeyID from the old TDX
> > private KeyID back to KeyID 0, which is used by the kernel)
>
> It seems not accurate to say MOVDIR64B changes the page's associated KeyID.
> It just uses the current KeyID for memory operations.
The "write" to the memory changes the page's associated KeyID to the KeyID that
does the "write". A more accurate expression perhaps should be MOVDIR64B +
MFENSE, but I think it doesn't matter in changelog.
>
>
> > to clear
> > PMATs isn't needed, as the KeyID 0 doesn't support integrity check.
>
> For integrity check, is KeyID 0 special or it just has the same behavior
> as non-zero shared KeyID (if any)?
KeyID 0 is TME KeyID. It is special. Hardware treats the KeyID 0 differently.
>
> By saying "KeyID 0 doesn't support integrity check", is it because ofÂ
> the implementation of this patch set or hardware behavior?
It's hardware behaviour.
>
> According to Architecure Specification 1.0 of TDX Module (344425-004US),
> shared KeyID could also enable integrity check.
>
KeyID 0 is different from non-0 MKTME shared KeyID. For example, you cannot do
PCONFIG on KeyID 0.
Powered by blists - more mailing lists