From: Cornelia Huck <cohuck@redhat.com>
To: freude@linux.ibm.com
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com
Subject: Re: [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys
Date: Mon, 06 Jul 2026 14:41:04 +0200 [thread overview]
Message-ID: <87se5wjnof.fsf@redhat.com> (raw)
In-Reply-To: <26e04f8752e3235d6e8819cad1a5d9df@linux.ibm.com>
On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:
> On 2026-07-06 13:51, Cornelia Huck wrote:
>> On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:
>>
>>> Add base support for cpacf protected key handling.
>>>
>>> The qemu version provided here is only a fake intended to make
>>> protected key available for developing and testing purpose:
>>> * The protected key is 'derived' from the clear key by xoring
>>> the fixed pattern 0xAAAA... onto the key value.
>>> * The AES Wrapping Key Verification Pattern is a fixed
>>> value of 32 bytes 0xFACEFACE...
>>>
>>> Add preprocessor defines for the xor pattern and wkvp used to
>>> construct ('encrypt') a protected key from a clear key value with
>>> this implementation. Also add some static functions to 'encrypt'
>>> from clear key to protected key and 'decrypt' back to cpacf_aes.c.
>>>
>>> The preprocessor defines shall be used later in testcases to
>>> construct and decode protected keys.
>>
>> Hmm... so does that mean that we only provide the protected key
>> handling
>> in the !KVM case for people who want to run via tcg for some
>> development
>> purposes? Does the user actually get some kind of notice in that case,
>> if for example they run with !KVM due to some configuration hiccup?
>> IOW,
>> do users get some clue that they are running with a fake placeholder
>> implementation, other than the setup being slow?
>>
>
> Well, there are 2 paths leading to protected use:
> 1) you have a secure key and want to 'derive' a protected key from that
> to operate faster. This is for example the case now when you have an
> PAES encrypted filesystem.
> In such a case you need a crypto card with the Master Key setting
> fitting to when your secure key was generated.
> -> this is not a practical way for qemu on !KVM as you need a crypto
> card AND the s390 firmware stack.
Nod.
> 2) you 'derive' a protected key from a clear key value. On a s390 system
> this is done via the privileged instruction PCKMO. On this qemu with
> !KVM this is the fake I implemented.
> In general it is absolutely not recommended to go this path as the
> source
> of the key is/was/needs to stay in OS memory. So you don't win any
> security by using protected keys this way - in fact you would have
> done better to just use the clear key as it is. Please note also,
> that
> by default this path on a s390 system is disabled - however, for
> testing
> purpose there are ways to use it this way.
> However, this is exactly what this implementation here is for. For
> testing
> purpose you may 'derive' a protected key from clear key or any other
> way
> as the algorithm to derive is clear documented here. And then you can
> play
> around and run tests with protected key implementations.
Yes, and it is useful for that.
>
> I see your point: How can a innocent user see that his/her vm is running
> with
> this fake installation instead of the real one. The answer is:
> If the source of the protected key is a secure key - then there is no
> path
> on the faked implementation to get a hand on a protected key.
> If the source of the protected key is a clear key - honestly does it
> even
> matter which implementation is then running?
>
> Hopefully I could explain the difference.
Yes, thanks.
It seems we have similar cases for other archs, so let's just keep it as
it is now.
next prev parent reply other threads:[~2026-07-06 12:41 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-06 9:42 [PATCH v10 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-06 12:26 ` Holger Dengler
2026-07-06 9:42 ` [PATCH v10 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-06 13:41 ` Holger Dengler
2026-07-06 9:42 ` [PATCH v10 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 7:21 ` Holger Dengler
2026-07-06 9:43 ` [PATCH v10 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-06 11:51 ` Cornelia Huck
2026-07-06 12:18 ` Harald Freudenberger
2026-07-06 12:41 ` Cornelia Huck [this message]
2026-07-06 9:43 ` [PATCH v10 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87se5wjnof.fsf@redhat.com \
--to=cohuck@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox