Linux s390 Architecture development
 help / color / mirror / Atom feed
From: Cornelia Huck <cohuck@redhat.com>
To: freude@linux.ibm.com
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
	david@kernel.org, thuth@redhat.com, berrange@redhat.com,
	qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
	linux-s390@vger.kernel.org, dengler@linux.ibm.com,
	borntraeger@linux.ibm.com, fcallies@linux.ibm.com
Subject: Re: [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys
Date: Mon, 06 Jul 2026 14:41:04 +0200	[thread overview]
Message-ID: <87se5wjnof.fsf@redhat.com> (raw)
In-Reply-To: <26e04f8752e3235d6e8819cad1a5d9df@linux.ibm.com>

On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:

> On 2026-07-06 13:51, Cornelia Huck wrote:
>> On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:
>> 
>>> Add base support for cpacf protected key handling.
>>> 
>>> The qemu version provided here is only a fake intended to make
>>> protected key available for developing and testing purpose:
>>> * The protected key is 'derived' from the clear key by xoring
>>>   the fixed pattern 0xAAAA... onto the key value.
>>> * The AES Wrapping Key Verification Pattern is a fixed
>>>   value of 32 bytes 0xFACEFACE...
>>> 
>>> Add preprocessor defines for the xor pattern and wkvp used to
>>> construct ('encrypt') a protected key from a clear key value with
>>> this implementation. Also add some static functions to 'encrypt'
>>> from clear key to protected key and 'decrypt' back to cpacf_aes.c.
>>> 
>>> The preprocessor defines shall be used later in testcases to
>>> construct and decode protected keys.
>> 
>> Hmm... so does that mean that we only provide the protected key 
>> handling
>> in the !KVM case for people who want to run via tcg for some 
>> development
>> purposes? Does the user actually get some kind of notice in that case,
>> if for example they run with !KVM due to some configuration hiccup? 
>> IOW,
>> do users get some clue that they are running with a fake placeholder
>> implementation, other than the setup being slow?
>> 
>
> Well, there are 2 paths leading to protected use:
> 1) you have a secure key and want to 'derive' a protected key from that
>     to operate faster. This is for example the case now when you have an
>     PAES encrypted filesystem.
>     In such a case you need a crypto card with the Master Key setting
>     fitting to when your secure key was generated.
>     -> this is not a practical way for qemu on !KVM as you need a crypto
>     card AND the s390 firmware stack.

Nod.

> 2) you 'derive' a protected key from a clear key value. On a s390 system
>     this is done via the privileged instruction PCKMO. On this qemu with
>     !KVM this is the fake I implemented.
>     In general it is absolutely not recommended to go this path as the 
> source
>     of the key is/was/needs to stay in OS memory. So you don't win any
>     security by using protected keys this way - in fact you would have
>     done better to just use the clear key as it is. Please note also, 
> that
>     by default this path on a s390 system is disabled - however, for 
> testing
>     purpose there are ways to use it this way.
>     However, this is exactly what this implementation here is for. For 
> testing
>     purpose you may 'derive' a protected key from clear key or any other 
> way
>     as the algorithm to derive is clear documented here. And then you can 
> play
>     around and run tests with protected key implementations.

Yes, and it is useful for that.

>
> I see your point: How can a innocent user see that his/her vm is running 
> with
> this fake installation instead of the real one. The answer is:
> If the source of the protected key is a secure key - then there is no 
> path
> on the faked implementation to get a hand on a protected key.
> If the source of the protected key is a clear key - honestly does it 
> even
> matter which implementation is then running?
>
> Hopefully I could explain the difference.

Yes, thanks.

It seems we have similar cases for other archs, so let's just keep it as
it is now.


  reply	other threads:[~2026-07-06 12:41 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-06  9:42 [PATCH v10 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-06 12:26   ` Holger Dengler
2026-07-06  9:42 ` [PATCH v10 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-06 13:41   ` Holger Dengler
2026-07-06  9:42 ` [PATCH v10 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06  9:42 ` [PATCH v10 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07  7:21   ` Holger Dengler
2026-07-06  9:43 ` [PATCH v10 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-06 11:51   ` Cornelia Huck
2026-07-06 12:18     ` Harald Freudenberger
2026-07-06 12:41       ` Cornelia Huck [this message]
2026-07-06  9:43 ` [PATCH v10 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-06  9:43 ` [PATCH v10 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87se5wjnof.fsf@redhat.com \
    --to=cohuck@redhat.com \
    --cc=berrange@redhat.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=david@kernel.org \
    --cc=dengler@linux.ibm.com \
    --cc=fcallies@linux.ibm.com \
    --cc=freude@linux.ibm.com \
    --cc=iii@linux.ibm.com \
    --cc=linux-s390@vger.kernel.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-s390x@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox