Linux s390 Architecture development
 help / color / mirror / Atom feed
From: Harald Freudenberger <freude@linux.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
	david@kernel.org, thuth@redhat.com, berrange@redhat.com,
	qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
	linux-s390@vger.kernel.org, dengler@linux.ibm.com,
	borntraeger@linux.ibm.com, fcallies@linux.ibm.com
Subject: Re: [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys
Date: Mon, 06 Jul 2026 14:18:25 +0200	[thread overview]
Message-ID: <26e04f8752e3235d6e8819cad1a5d9df@linux.ibm.com> (raw)
In-Reply-To: <87v7asjpzc.fsf@redhat.com>

On 2026-07-06 13:51, Cornelia Huck wrote:
> On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:
> 
>> Add base support for cpacf protected key handling.
>> 
>> The qemu version provided here is only a fake intended to make
>> protected key available for developing and testing purpose:
>> * The protected key is 'derived' from the clear key by xoring
>>   the fixed pattern 0xAAAA... onto the key value.
>> * The AES Wrapping Key Verification Pattern is a fixed
>>   value of 32 bytes 0xFACEFACE...
>> 
>> Add preprocessor defines for the xor pattern and wkvp used to
>> construct ('encrypt') a protected key from a clear key value with
>> this implementation. Also add some static functions to 'encrypt'
>> from clear key to protected key and 'decrypt' back to cpacf_aes.c.
>> 
>> The preprocessor defines shall be used later in testcases to
>> construct and decode protected keys.
> 
> Hmm... so does that mean that we only provide the protected key 
> handling
> in the !KVM case for people who want to run via tcg for some 
> development
> purposes? Does the user actually get some kind of notice in that case,
> if for example they run with !KVM due to some configuration hiccup? 
> IOW,
> do users get some clue that they are running with a fake placeholder
> implementation, other than the setup being slow?
> 

Well, there are 2 paths leading to protected use:
1) you have a secure key and want to 'derive' a protected key from that
    to operate faster. This is for example the case now when you have an
    PAES encrypted filesystem.
    In such a case you need a crypto card with the Master Key setting
    fitting to when your secure key was generated.
    -> this is not a practical way for qemu on !KVM as you need a crypto
    card AND the s390 firmware stack.
2) you 'derive' a protected key from a clear key value. On a s390 system
    this is done via the privileged instruction PCKMO. On this qemu with
    !KVM this is the fake I implemented.
    In general it is absolutely not recommended to go this path as the 
source
    of the key is/was/needs to stay in OS memory. So you don't win any
    security by using protected keys this way - in fact you would have
    done better to just use the clear key as it is. Please note also, 
that
    by default this path on a s390 system is disabled - however, for 
testing
    purpose there are ways to use it this way.
    However, this is exactly what this implementation here is for. For 
testing
    purpose you may 'derive' a protected key from clear key or any other 
way
    as the algorithm to derive is clear documented here. And then you can 
play
    around and run tests with protected key implementations.

I see your point: How can a innocent user see that his/her vm is running 
with
this fake installation instead of the real one. The answer is:
If the source of the protected key is a secure key - then there is no 
path
on the faked implementation to get a hand on a protected key.
If the source of the protected key is a clear key - honestly does it 
even
matter which implementation is then running?

Hopefully I could explain the difference.

>> 
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> ---
>>  target/s390x/tcg/cpacf.h     | 25 +++++++++++++++++++++++
>>  target/s390x/tcg/cpacf_aes.c | 39 
>> ++++++++++++++++++++++++++++++++++++
>>  2 files changed, 64 insertions(+)

  reply	other threads:[~2026-07-06 12:18 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-06  9:42 [PATCH v10 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-06 12:26   ` Holger Dengler
2026-07-06  9:42 ` [PATCH v10 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-06 13:41   ` Holger Dengler
2026-07-06  9:42 ` [PATCH v10 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-06 11:51   ` Cornelia Huck
2026-07-06 12:18     ` Harald Freudenberger [this message]
2026-07-06 12:41       ` Cornelia Huck
2026-07-06  9:43 ` [PATCH v10 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=26e04f8752e3235d6e8819cad1a5d9df@linux.ibm.com \
    --to=freude@linux.ibm.com \
    --cc=berrange@redhat.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=cohuck@redhat.com \
    --cc=david@kernel.org \
    --cc=dengler@linux.ibm.com \
    --cc=fcallies@linux.ibm.com \
    --cc=iii@linux.ibm.com \
    --cc=linux-s390@vger.kernel.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-s390x@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox