From: Cornelia Huck <cohuck@redhat.com>
To: Harald Freudenberger <freude@linux.ibm.com>,
richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com
Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com
Subject: Re: [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys
Date: Mon, 06 Jul 2026 13:51:19 +0200 [thread overview]
Message-ID: <87v7asjpzc.fsf@redhat.com> (raw)
In-Reply-To: <20260706094317.17032-11-freude@linux.ibm.com>
On Mon, Jul 06 2026, Harald Freudenberger <freude@linux.ibm.com> wrote:
> Add base support for cpacf protected key handling.
>
> The qemu version provided here is only a fake intended to make
> protected key available for developing and testing purpose:
> * The protected key is 'derived' from the clear key by xoring
> the fixed pattern 0xAAAA... onto the key value.
> * The AES Wrapping Key Verification Pattern is a fixed
> value of 32 bytes 0xFACEFACE...
>
> Add preprocessor defines for the xor pattern and wkvp used to
> construct ('encrypt') a protected key from a clear key value with
> this implementation. Also add some static functions to 'encrypt'
> from clear key to protected key and 'decrypt' back to cpacf_aes.c.
>
> The preprocessor defines shall be used later in testcases to
> construct and decode protected keys.
Hmm... so does that mean that we only provide the protected key handling
in the !KVM case for people who want to run via tcg for some development
purposes? Does the user actually get some kind of notice in that case,
if for example they run with !KVM due to some configuration hiccup? IOW,
do users get some clue that they are running with a fake placeholder
implementation, other than the setup being slow?
>
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> ---
> target/s390x/tcg/cpacf.h | 25 +++++++++++++++++++++++
> target/s390x/tcg/cpacf_aes.c | 39 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 64 insertions(+)
next prev parent reply other threads:[~2026-07-06 11:51 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-06 9:42 [PATCH v10 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-06 12:26 ` Holger Dengler
2026-07-06 9:42 ` [PATCH v10 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-06 13:41 ` Holger Dengler
2026-07-06 9:42 ` [PATCH v10 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06 9:42 ` [PATCH v10 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 7:21 ` Holger Dengler
2026-07-06 9:43 ` [PATCH v10 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-06 11:51 ` Cornelia Huck [this message]
2026-07-06 12:18 ` Harald Freudenberger
2026-07-06 12:41 ` Cornelia Huck
2026-07-06 9:43 ` [PATCH v10 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-06 9:43 ` [PATCH v10 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v7asjpzc.fsf@redhat.com \
--to=cohuck@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox