Gather Data Sampling is a transient execution side channel issue in some CPU models. The stale data in registers is not guaranteed as secure when this vulnerability is not addressed. In the Key Locker usage during AES transformations, the temporary storage of the original key in registers poses a risk. The key material can be staled in some implementations, leading to susceptibility to leakage of the AES key. To mitigate this vulnerability, a qualified microcode image must be applied. Software then verifies the mitigation state using MSRs. Add code to ensure that the mitigation is installed and securely locked. Disable the feature, otherwise. Signed-off-by: Chang S. Bae <chang.seok.bae@xxxxxxxxx> Cc: Dave Hansen <dave.hansen@xxxxxxxxx> Cc: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> --- Changes from v8: * Add as a new patch. Note that the code follows the guidance from [1]: "Intel recommends that system software does not enable Key Locker (by setting CR4.KL) unless the GDS mitigation is enabled (IA32_MCU_OPT_CTRL[GDS_MITG_DIS] (bit 4) is 0) and locked (IA32_MCU_OPT_CTRL [GDS_MITG_LOCK](bit 5) is 1)." [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html --- arch/x86/kernel/keylocker.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arch/x86/kernel/keylocker.c b/arch/x86/kernel/keylocker.c index 1b57e11d93ad..d4f3aa65ea8a 100644 --- a/arch/x86/kernel/keylocker.c +++ b/arch/x86/kernel/keylocker.c @@ -7,6 +7,7 @@ #include <linux/random.h> #include <linux/string.h> +#include <asm/cpu.h> #include <asm/fpu/api.h> #include <asm/keylocker.h> #include <asm/msr.h> @@ -112,6 +113,37 @@ void restore_keylocker(void) valid_wrapping_key = false; } +/* + * The mitigation is implemented at a microcode level. Ensure that the + * microcode update is applied and the mitigation is locked. + */ +static bool __init have_gds_mitigation(void) +{ + u64 mcu_ctrl; + + /* GDS_CTRL is set if new microcode is loaded. */ + if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) + goto vulnerable; + + /* If GDS_MITG_LOCKED is set, GDS_MITG_DIS is forced to 0. */ + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); + if (mcu_ctrl & GDS_MITG_LOCKED) + return true; + +vulnerable: + pr_warn("x86/keylocker: Susceptible to the GDS vulnerability.\n"); + return false; +} + +/* Check if Key Locker is secure enough to be used. */ +static bool __init secure_keylocker(void) +{ + if (boot_cpu_has_bug(X86_BUG_GDS) && !have_gds_mitigation()) + return false; + + return true; +} + static int __init init_keylocker(void) { u32 eax, ebx, ecx, edx; @@ -125,6 +157,9 @@ static int __init init_keylocker(void) goto clear_cap; } + if (!secure_keylocker()) + goto clear_cap; + cr4_set_bits(X86_CR4_KEYLOCKER); /* AESKLE depends on CR4.KEYLOCKER */ -- 2.34.1