On 15/04/19 14:04, Hao Feng wrote: > Hygon SEV follows AMD SEV work flow, but uses China national standard > cryptographic algorithms SM2/SM3/SM4 instead of (RSA, ECDSA, > ECDH)/SHA/AES. Reuse most AMD SEV code path to support Hygon SEV, > also adds 3 new commands(GM_PUBKEY_GEN, GM_GET_DIGEST, > GM_VERIFY_DIGEST) to support SM2 key exchange protocol. > > SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special > curve. It can be used in digital signature, key exchange and > asymmetric cryptography. For key exchange, SM2 is similar to ECDH, but > involves new random key, meaning the two sides need to exchange extra > random public key besides their public key, that's why additional APIs > are needed to support Hygon SEV. > SM3 is a hash algorithm, similar to SHA-256. > SM4 is a block cipher algorithm, similar to AES-128. I don't see SM2 and SM3 implemented elsewhere in Linux. SM4 is only supported by a few wireless drivers. Apart from the concerns that Thomas mentioned, you have to convince the rest of the community that these primitives are secure (for example by contributing support for them to drivers/crypto), and then KVM will start using them. Because as far as I know, they could be just as secure as double rot13. Paolo