On Mon, Sep 10, 2018 at 10:32:20AM -0700, Sakkinen, Jarkko wrote: > On Fri, 2018-09-07 at 15:34 -0700, Alison Schofield wrote: > > Document the API's used for MKTME on Intel platforms. > > MKTME: Multi-KEY Total Memory Encryption > > > > Signed-off-by: Alison Schofield <alison.schofield@xxxxxxxxx> > > --- > > Documentation/x86/mktme-keys.txt | 153 > > +++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 153 insertions(+) > > create mode 100644 Documentation/x86/mktme-keys.txt > > > > diff --git a/Documentation/x86/mktme-keys.txt b/Documentation/x86/mktme- > > keys.txt > > new file mode 100644 > > index 000000000000..2dea7acd2a17 > > --- /dev/null > > +++ b/Documentation/x86/mktme-keys.txt > > @@ -0,0 +1,153 @@ > > +MKTME (Multi-Key Total Memory Encryption) is a technology that allows > > +memory encryption on Intel platforms. Whereas TME (Total Memory Encryption) > > +allows encryption of the entire system memory using a single key, MKTME > > +allows multiple encryption domains, each having their own key. The main use > > +case for the feature is virtual machine isolation. The API's introduced here > > +are intended to offer flexibility to work in a wide range of uses. > > + > > +The externally available Intel Architecture Spec: > > +https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total- > > Memory-Encryption-Spec.pdf > > + > > +============================ API Overview ============================ > > + > > +There are 2 MKTME specific API's that enable userspace to create and use > > +the memory encryption keys: > > This is like saying that they are different APIs to do semantically the > same exact thing. Is that so? No. The API's used to create and use memory encryption keys are described below: > > /Jarkko
