[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240329015346.635933-1-chang.seok.bae@intel.com>
Date: Thu, 28 Mar 2024 18:53:32 -0700
From: "Chang S. Bae" <chang.seok.bae@...el.com>
To: linux-kernel@...r.kernel.org,
linux-crypto@...r.kernel.org,
dm-devel@...hat.com
Cc: ebiggers@...nel.org,
luto@...nel.org,
dave.hansen@...ux.intel.com,
tglx@...utronix.de,
bp@...en8.de,
mingo@...nel.org,
x86@...nel.org,
herbert@...dor.apana.org.au,
ardb@...nel.org,
elliott@....com,
dan.j.williams@...el.com,
bernie.keany@...el.com,
charishma1.gairuboyina@...el.com,
chang.seok.bae@...el.com
Subject: [PATCH v9 00/14] x86: Support Key Locker
Hi all,
As posting this version, I wanted to make sure these code changes were
acknowledgeable at first:
The previous enabling process has been paused to address vulnerabilities
[1][2] that could compromise Key Locker's ability to protect AES keys.
Now, with the mainlining of mitigations [3][4], patches (Patch 10-11)
were added to ensure the application of these mitigations.
During this period, there was a significant change in the mainline commit
b81fac906a8f ("x86/fpu: Move FPU initialization into
arch_cpu_finalize_init()"). This affected Key Locker's initialization
code, which clobbers XMM registers for loading a wrapping key, as it
depends on FPU initialization.
In this revision, the setup code was adjusted to separate the
initialization part to be invoked during arch_initcall(). The remaining
code for copying the wrapping key from the backup resides in the
identify_cpu() -> setup_keylocker() path. This separation simplifies the
code and resolves an issue with hotplug.
The remaining changes mainly focus on the AES crypto driver, addressing
feedback from Eric. Notably, while doing so, it was realized better to
disallow a module build. Key Locker's AES instructions do not support
192-bit keys. Supporting a module build would require exporting some
AES-NI functions, leading to performance-impacting indirect calls. I
think we can revisit module support later if necessary.
Then, the following is a summary of changes per patch since v8 [6]:
PATCH7-8:
* Invoke the setup code via arch_initcall() due to upstream changes
delaying the FPU setup.
PATCH9-11:
* Add new patches for security and hotplug support clarification
PATCH12:
* Drop the "nokeylocker" option. (Borislav Petkov)
PATCH13:
* Introduce 'union x86_aes_ctx'. (Eric Biggers)
* Ensure 'inline' for wrapper functions.
PATCH14:
* Combine the XTS enc/dec assembly code in a macro. (Eric Biggers)
* Define setkey() as void instead of returning 'int'. (Eric Biggers)
* Rearrange the assembly code to reduce jumps, especially for success
cases. (Eric Biggers)
* Update the changelog for clarification. (Eric Biggers)
* Exclude module build.
This series is based on my AES-NI setkey() cleanup [7], which has been
recently merged into the crypto repository [8], and I thought it was
better to go first. You can also find this series here:
git://github.com/intel-staging/keylocker.git kl-v9
Thanks,
Chang
[1] Gather Data Sampling (GDS)
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html
[2] Register File Data Sampling (RFDS)
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
[3] Mainlining of GDS mitigation
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834
[4] Mainlining of RFDS Mitigation
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e33cf955f07e3991e45109cb3e29fbc9ca51d06
[5] Initialize FPU late
https://lore.kernel.org/lkml/168778151512.3634408.11432553576702911909.tglx@vps.praguecc.cz/
[6] V8: https://lore.kernel.org/lkml/20230603152227.12335-1-chang.seok.bae@intel.com/
[7] https://lore.kernel.org/lkml/20240322230459.456606-1-chang.seok.bae@intel.com/
[8] git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
Chang S. Bae (14):
Documentation/x86: Document Key Locker
x86/cpufeature: Enumerate Key Locker feature
x86/insn: Add Key Locker instructions to the opcode map
x86/asm: Add a wrapper function for the LOADIWKEY instruction
x86/msr-index: Add MSRs for Key Locker wrapping key
x86/keylocker: Define Key Locker CPUID leaf
x86/cpu/keylocker: Load a wrapping key at boot time
x86/PM/keylocker: Restore the wrapping key on the resume from ACPI
S3/4
x86/hotplug/keylocker: Ensure wrapping key backup capability
x86/cpu/keylocker: Check Gather Data Sampling mitigation
x86/cpu/keylocker: Check Register File Data Sampling mitigation
x86/Kconfig: Add a configuration for Key Locker
crypto: x86/aes - Prepare for new AES-XTS implementation
crypto: x86/aes-kl - Implement the AES-XTS algorithm
Documentation/arch/x86/index.rst | 1 +
Documentation/arch/x86/keylocker.rst | 96 +++++
arch/x86/Kconfig | 3 +
arch/x86/Kconfig.assembler | 5 +
arch/x86/crypto/Kconfig | 17 +
arch/x86/crypto/Makefile | 3 +
arch/x86/crypto/aes-helper_asm.S | 22 ++
arch/x86/crypto/aes-helper_glue.h | 168 ++++++++
arch/x86/crypto/aeskl-intel_asm.S | 412 ++++++++++++++++++++
arch/x86/crypto/aeskl-intel_glue.c | 187 +++++++++
arch/x86/crypto/aeskl-intel_glue.h | 35 ++
arch/x86/crypto/aesni-intel_asm.S | 47 +--
arch/x86/crypto/aesni-intel_glue.c | 193 ++-------
arch/x86/crypto/aesni-intel_glue.h | 40 ++
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/disabled-features.h | 8 +-
arch/x86/include/asm/keylocker.h | 42 ++
arch/x86/include/asm/msr-index.h | 6 +
arch/x86/include/asm/special_insns.h | 28 ++
arch/x86/include/uapi/asm/processor-flags.h | 2 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/cpu/common.c | 4 +-
arch/x86/kernel/cpu/cpuid-deps.c | 1 +
arch/x86/kernel/keylocker.c | 219 +++++++++++
arch/x86/lib/x86-opcode-map.txt | 11 +-
arch/x86/power/cpu.c | 2 +
tools/arch/x86/lib/x86-opcode-map.txt | 11 +-
27 files changed, 1363 insertions(+), 202 deletions(-)
create mode 100644 Documentation/arch/x86/keylocker.rst
create mode 100644 arch/x86/crypto/aes-helper_asm.S
create mode 100644 arch/x86/crypto/aes-helper_glue.h
create mode 100644 arch/x86/crypto/aeskl-intel_asm.S
create mode 100644 arch/x86/crypto/aeskl-intel_glue.c
create mode 100644 arch/x86/crypto/aeskl-intel_glue.h
create mode 100644 arch/x86/crypto/aesni-intel_glue.h
create mode 100644 arch/x86/include/asm/keylocker.h
create mode 100644 arch/x86/kernel/keylocker.c
base-commit: 3a447c31d337bdec7fbc605a7a1e00aff4c492d0
--
2.34.1
Powered by blists - more mailing lists