Changes from v4 [1]: * Drop CBC mode support (PATCH10). (Eric Biggers) * Update the changelog (PATCH8). (Rafael Wysocki) A couple of other things outside of these patches are still in progress: * Support DM-crypt/cryptsetup for Key Locker usage (Andy Lutomirski) [2]. * Understand decryption under-performance (Eric Biggers and Milan Broz) [3][4]. This feature's usage for the threat model can be found in the previous cover letter [1]. This version is based on 5.16. Thanks, Chang [1] V4: https://lore.kernel.org/lkml/20211214005212.20588-1-chang.seok.bae@xxxxxxxxx/ [2] https://lore.kernel.org/lkml/75ec3ad1-6234-ae1f-1b83-482793e4fd23@xxxxxxxxxx/ [3] https://lore.kernel.org/lkml/YbqRseO+TtuGQk5x@sol.localdomain/ [4] https://lore.kernel.org/lkml/120368dc-e337-9176-936c-4db2a8bf710e@xxxxxxxxx/ Chang S. Bae (12): Documentation/x86: Document Key Locker x86/cpufeature: Enumerate Key Locker feature x86/insn: Add Key Locker instructions to the opcode map x86/asm: Add a wrapper function for the LOADIWKEY instruction x86/msr-index: Add MSRs for Key Locker internal wrapping key x86/keylocker: Define Key Locker CPUID leaf x86/cpu/keylocker: Load an internal wrapping key at boot-time x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 x86/cpu: Add a configuration and command line option for Key Locker crypto: x86/aes - Prepare for a new AES implementation crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions crypto: x86/aes-kl - Support XTS mode .../admin-guide/kernel-parameters.txt | 2 + Documentation/x86/index.rst | 1 + Documentation/x86/keylocker.rst | 98 +++ arch/x86/Kconfig | 3 + arch/x86/crypto/Makefile | 5 +- arch/x86/crypto/aes-intel_asm.S | 26 + arch/x86/crypto/aes-intel_glue.c | 125 ++++ arch/x86/crypto/aes-intel_glue.h | 48 ++ arch/x86/crypto/aeskl-intel_asm.S | 633 ++++++++++++++++++ arch/x86/crypto/aeskl-intel_glue.c | 216 ++++++ arch/x86/crypto/aesni-intel_asm.S | 58 +- arch/x86/crypto/aesni-intel_glue.c | 239 ++----- arch/x86/crypto/aesni-intel_glue.h | 17 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 8 +- arch/x86/include/asm/keylocker.h | 45 ++ arch/x86/include/asm/msr-index.h | 6 + arch/x86/include/asm/special_insns.h | 32 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/Makefile | 1 + arch/x86/kernel/cpu/common.c | 21 +- arch/x86/kernel/cpu/cpuid-deps.c | 1 + arch/x86/kernel/keylocker.c | 199 ++++++ arch/x86/kernel/smpboot.c | 2 + arch/x86/lib/x86-opcode-map.txt | 11 +- arch/x86/power/cpu.c | 2 + crypto/Kconfig | 36 + tools/arch/x86/lib/x86-opcode-map.txt | 11 +- 28 files changed, 1633 insertions(+), 216 deletions(-) create mode 100644 Documentation/x86/keylocker.rst create mode 100644 arch/x86/crypto/aes-intel_asm.S create mode 100644 arch/x86/crypto/aes-intel_glue.c create mode 100644 arch/x86/crypto/aes-intel_glue.h create mode 100644 arch/x86/crypto/aeskl-intel_asm.S create mode 100644 arch/x86/crypto/aeskl-intel_glue.c create mode 100644 arch/x86/crypto/aesni-intel_glue.h create mode 100644 arch/x86/include/asm/keylocker.h create mode 100644 arch/x86/kernel/keylocker.c base-commit: df0cc57e057f18e44dac8e6c18aba47ab53202f9 -- 2.17.1 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
