From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id EE5296B7F05 for ; Fri, 7 Dec 2018 20:12:01 -0500 (EST) Received: by mail-pl1-f199.google.com with SMTP id d23so3937467plj.22 for ; Fri, 07 Dec 2018 17:12:01 -0800 (PST) Received: from mga18.intel.com (mga18.intel.com. [134.134.136.126]) by mx.google.com with ESMTPS id k16si4137421pls.124.2018.12.07.17.12.00 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Dec 2018 17:12:00 -0800 (PST) Subject: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) References: <1544147742.28511.18.camel@intel.com> From: Dave Hansen Message-ID: <5862ff39-e4ab-2a04-95be-84d2e8b67120@intel.com> Date: Fri, 7 Dec 2018 17:11:58 -0800 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Andy Lutomirski , kai.huang@intel.com Cc: "Kirill A. Shutemov" , James Morris , Peter Zijlstra , keyrings@vger.kernel.org, Matthew Wilcox , Thomas Gleixner , Linux-MM , David Howells , LSM List , Dan Williams , X86 ML , "H. Peter Anvin" , Ingo Molnar , "Sakkinen, Jarkko" , Borislav Petkov , Alison Schofield , Jun Nakajima On 12/7/18 3:53 PM, Andy Lutomirski wrote: > The third problem is the real show-stopper, though: this scheme > requires that the ciphertext go into predetermined physical > addresses, which would be a giant mess. There's a more fundamental problem than that. The tweak fed into the actual AES-XTS operation is determined by the firmware, programmed into the memory controller, and is not visible to software. So, not only would you need to put stuff at a fixed physical address, the tweaks can change from boot-to-boot, so whatever you did would only be good for one boot.