dm-devel.redhat.com archive mirror
 help / color / mirror / Atom feed
From: "Chang S. Bae" <chang.seok.bae@intel.com>
To: "Elliott, Robert (Servers)" <elliott@hpe.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"dm-devel@redhat.com" <dm-devel@redhat.com>
Cc: "x86@kernel.org" <x86@kernel.org>,
	"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
	"ardb@kernel.org" <ardb@kernel.org>,
	"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
	"Williams, Dan J" <dan.j.williams@intel.com>,
	"mingo@kernel.org" <mingo@kernel.org>,
	"ebiggers@kernel.org" <ebiggers@kernel.org>,
	"Krishnakumar,
	 Lalithambika" <lalithambika.krishnakumar@intel.com>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"Lutomirski, Andy" <luto@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Keany, Bernie" <bernie.keany@intel.com>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"bp@suse.de" <bp@suse.de>,
	"gmazyland@gmail.com" <gmazyland@gmail.com>,
	"Gairuboyina, Charishma1" <charishma1.gairuboyina@intel.com>
Subject: Re: [dm-devel] [PATCH v6 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time
Date: Mon, 8 May 2023 13:15:59 -0700	[thread overview]
Message-ID: <ac5de854-d274-92ab-a0fa-9a0e738a68fa@intel.com> (raw)
In-Reply-To: <MW5PR84MB184225DA6EA0FA7A9191C057AB719@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM>

On 5/8/2023 12:18 PM, Elliott, Robert (Servers) wrote:
> 
>> diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c
> ...
>> +void __init destroy_keylocker_data(void)
>> +{
>> +     memset(&kl_setup.key, KEY_DESTROY, sizeof(kl_setup.key));
>> +}
> 
> That's a special value for garbage collected keyring keys assigned
> a keytype of ".dead". memzero() or memzero_explicit() might be better
> for this use case.
memzero() looks to be the same as memset() in x86:

$ git grep memzero arch/x86/ | grep define
arch/x86/boot/compressed/misc.c:#define memzero(s, n)   memset((s), 0, (n))

Instead, memzero_explicit() looks to be about the right call here:

/**
  * memzero_explicit - Fill a region of memory (e.g. sensitive
  *		      keying data) with 0s.
  ...
  * Note: usually using memset() is just fine (!), but in cases
  * where clearing out _local_ data at the end of a scope is
  * necessary, memzero_explicit() should be used instead in
  * order to prevent the compiler from optimising away zeroing.
  ...

Then,

void __init destroy_keylocker_data(void)
{
	memzero_explicit(&kl_setup.key, sizeof(kl_setup.key));
}

Thanks,
Chang

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel


  reply	other threads:[~2023-05-09  0:03 UTC|newest]

Thread overview: 100+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-12 21:12 [dm-devel] [PATCH v5 00/12] x86: Support Key Locker Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 01/12] Documentation/x86: Document " Chang S. Bae
2023-06-05 10:52   ` Bagas Sanjaya
2022-01-12 21:12 ` [dm-devel] [PATCH v5 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2022-08-23 15:49   ` Evan Green
2022-08-24 22:20     ` Chang S. Bae
2022-08-24 22:52       ` Evan Green
2022-08-25  1:06         ` Chang S. Bae
2022-08-25 15:31           ` Evan Green
2022-08-31 23:08             ` Chang S. Bae
2022-09-06 16:22               ` Evan Green
2022-09-06 16:46                 ` Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae
2022-01-29 17:31   ` [dm-devel] [PATCH v5-fix " Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2022-01-12 21:12 ` [dm-devel] [PATCH v5 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2022-01-13 22:16 ` [dm-devel] [PATCH v5 00/12] x86: Support Key Locker Dave Hansen
2022-01-13 22:34   ` Bae, Chang Seok
2023-04-10 22:59 ` [dm-devel] [PATCH v6 " Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 01/12] Documentation/x86: Document " Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2023-05-05 23:05     ` Eric Biggers
2023-05-08 18:18       ` Chang S. Bae
2023-05-08 21:56         ` Dave Hansen
2023-05-09  0:31           ` Chang S. Bae
2023-05-09  0:51             ` Dave Hansen
2023-05-08 19:18     ` Elliott, Robert (Servers)
2023-05-08 20:15       ` Chang S. Bae [this message]
2023-04-10 22:59   ` [dm-devel] [PATCH v6 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae
2023-05-05 23:09     ` Eric Biggers
2023-05-08 18:18       ` Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2023-05-05 23:27     ` Eric Biggers
2023-05-09  0:55       ` Chang S. Bae
2023-05-11 19:05         ` Chang S. Bae
2023-05-11 21:39           ` Eric Biggers
2023-05-11 23:19             ` Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2023-05-06  0:01     ` Eric Biggers
2023-05-08 18:18       ` Chang S. Bae
2023-05-24 17:18         ` Chang S. Bae
2023-05-12 17:52       ` Milan Broz
2023-05-08 19:21     ` Elliott, Robert (Servers)
2023-05-08 19:24       ` Elliott, Robert (Servers)
2023-05-08 20:00         ` Chang S. Bae
2023-04-10 22:59   ` [dm-devel] [PATCH v6 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2023-05-24 16:57   ` [dm-devel] [PATCH v7 00/12] x86: Support Key Locker Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 01/12] Documentation/x86: Document " Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae
2023-05-26  6:54       ` Eric Biggers
2023-05-30 20:50         ` Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 11/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2023-05-24 16:57     ` [dm-devel] [PATCH v7 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae
2023-05-26  7:23       ` Eric Biggers
2023-05-30 20:49         ` Chang S. Bae
2023-06-03 15:22     ` [dm-devel] [PATCH v8 00/12] x86: Support Key Locker Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 01/12] Documentation/x86: Document " Chang S. Bae
2023-06-05 10:54         ` Bagas Sanjaya
2023-06-06  2:17         ` Randy Dunlap
2023-06-06  4:18           ` Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-06-03 16:37         ` Borislav Petkov
2023-06-04 22:13           ` Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae
2023-06-04 15:34         ` Eric Biggers
2023-06-04 22:02           ` Chang S. Bae
2023-06-05  2:46             ` Eric Biggers
2023-06-05  4:41               ` Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 11/12] crypto: x86/aes - Prepare for a new AES-XTS implementation Chang S. Bae
2023-06-03 15:22       ` [dm-devel] [PATCH v8 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae
2023-06-07  5:35         ` Eric Biggers
2023-06-07 22:06           ` Chang S. Bae

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ac5de854-d274-92ab-a0fa-9a0e738a68fa@intel.com \
    --to=chang.seok.bae@intel.com \
    --cc=ardb@kernel.org \
    --cc=bernie.keany@intel.com \
    --cc=bp@alien8.de \
    --cc=bp@suse.de \
    --cc=charishma1.gairuboyina@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=dm-devel@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=elliott@hpe.com \
    --cc=gmazyland@gmail.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=hpa@zytor.com \
    --cc=lalithambika.krishnakumar@intel.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).