lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b1d00573-7234-2b72-89e1-db120395ff12@amd.com>
Date: Thu, 13 Jun 2024 09:10:44 +0530
From: "Nikunj A. Dadhania" <nikunj@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, thomas.lendacky@....com, x86@...nel.org,
 kvm@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
 dave.hansen@...ux.intel.com, pgonda@...gle.com, seanjc@...gle.com,
 pbonzini@...hat.com
Subject: Re: [PATCH v9 01/24] virt: sev-guest: Use AES GCM crypto library


On 6/12/2024 10:47 PM, Borislav Petkov wrote:
> On Fri, May 31, 2024 at 10:00:15AM +0530, Nikunj A Dadhania wrote:
>> The sev-guest driver encryption code uses Crypto API for SNP guest
>> messaging to interact with AMD Security processor. For enabling SecureTSC,
>> SEV-SNP guests need to send a TSC_INFO request guest message before the
>> smpboot phase starts. Details from the TSC_INFO response will be used to
>> program the VMSA before the secondary CPUs are brought up. The Crypto API
>> is not available this early in the boot phase.
>>
>> In preparation of moving the encryption code out of sev-guest driver to
>> support SecureTSC and make reviewing the diff easier, start using AES GCM
>> library implementation instead of Crypto API.
>>
>> Drop __enc_payload() and dec_payload() helpers as both are pretty small and
>> can be moved to the respective callers.
> 
> Please use this streamlined commit message for your next submission:
> 
> "The sev-guest driver encryption code uses the crypto API for SNP guest messaging
> with the AMD Security processor. In order to enable secure TSC, SEV-SNP guests
> need to send such a TSC_INFO message before the APs are booted. Details from the 
> TSC_INFO response will then be used to program the VMSA before the APs are 
> brought up.
> 
> However, the crypto API is not available this early in the boot process.
> 
> In preparation for moving the encryption code out of sev-guest to support secure
> TSC and to ease review, switch to using the AES GCM library implementation
> instead.
> 
> Drop __enc_payload() and dec_payload() helpers as both are small and can be
> moved to the respective callers."
> 

Sure

Regards
Nikunj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ