| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Mar 2024 18:53:37 -0700 From: "Chang S. Bae" <chang.seok.bae@...el.com> To: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org, dm-devel@...hat.com Cc: ebiggers@...nel.org, luto@...nel.org, dave.hansen@...ux.intel.com, tglx@...utronix.de, bp@...en8.de, mingo@...nel.org, x86@...nel.org, herbert@...dor.apana.org.au, ardb@...nel.org, elliott@....com, dan.j.williams@...el.com, bernie.keany@...el.com, charishma1.gairuboyina@...el.com, chang.seok.bae@...el.com Subject: [PATCH v9 05/14] x86/msr-index: Add MSRs for Key Locker wrapping key The wrapping key resides in the same power domain as the CPU cache. Consequently, any sleep state that invalidates the cache, such as S3, also affects the wrapping key's state. However, as the wrapping key's state is inaccessible to software, a specialized mechanism is necessary to save and restore the key during deep sleep. A set of new MSRs is provided as an abstract interface for saving, restoring, and checking the wrapping key's status. The wrapping key is securely saved in a platform-scoped state using non-volatile media. Both the backup storage and its path from the CPU are encrypted and integrity-protected to ensure security. Define those MSRs for saving and restoring the key during S3/4 sleep states. Note that the non-volatility of the backup storage is not architecturally guaranteed across off-states such as S5 and G3. In such cases, the kernel may generate a new key during the next boot. Signed-off-by: Chang S. Bae <chang.seok.bae@...el.com> Reviewed-by: Dan Williams <dan.j.williams@...el.com> --- Changes from v8: * Tweak the changelog. Changes from v6: * Tweak the changelog -- put the last for those about other sleep states Changes from RFC v2: * Update the changelog. (Dan Williams) * Rename the MSRs. (Dan Williams) --- arch/x86/include/asm/msr-index.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 05956bd8bacf..a451fa1e2cd9 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1192,4 +1192,10 @@ * a #GP */ +/* MSRs for managing a CPU-internal wrapping key for Key Locker. */ +#define MSR_IA32_IWKEY_COPY_STATUS 0x00000990 +#define MSR_IA32_IWKEY_BACKUP_STATUS 0x00000991 +#define MSR_IA32_BACKUP_IWKEY_TO_PLATFORM 0x00000d91 +#define MSR_IA32_COPY_IWKEY_TO_LOCAL 0x00000d92 + #endif /* _ASM_X86_MSR_INDEX_H */ -- 2.34.1
Powered by blists - more mailing lists