Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Kirill A. Shutemov" <kirill@xxxxxxxxxxxxx>, "Sakkinen, Jarkko" <jarkko.sakkinen@xxxxxxxxx>
Subject: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 6 Dec 2018 06:59:10 -0800
Cc: "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "jmorris@xxxxxxxxx" <jmorris@xxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, "keyrings@xxxxxxxxxxxxxxx" <keyrings@xxxxxxxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "dhowells@xxxxxxxxxx" <dhowells@xxxxxxxxxx>, "linux-security-module@xxxxxxxxxxxxxxx" <linux-security-module@xxxxxxxxxxxxxxx>, "Williams, Dan J" <dan.j.williams@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "luto@xxxxxxxxxx" <luto@xxxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "Schofield, Alison" <alison.schofield@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
In-reply-to: <20181206112255.4bbumbrf5nnz4t2z@kshutemo-mobl1>
Openpgp: preference=signencrypt
References: <cover.1543903910.git.alison.schofield@intel.com> <20181204092550.GT11614@hirez.programming.kicks-ass.net> <20181204094647.tjsvwjgp3zq6yqce@black.fi.intel.com> <063026c66b599ba4ff0b30a5ecc7d2c716e4da5b.camel@intel.com> <20181206112255.4bbumbrf5nnz4t2z@kshutemo-mobl1>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

On 12/6/18 3:22 AM, Kirill A. Shutemov wrote:
>> When you say "disable encryption to a page" does the encryption get
>> actually disabled or does the CPU just decrypt it transparently i.e.
>> what happens physically?
> Yes, it gets disabled. Physically. It overrides TME encryption.

I know MKTME itself has a runtime overhead and we expect it to have a
performance impact in the low single digits.  Does TME have that
overhead?  Presumably MKTME plus no-encryption is not expected to have
the overhead.

We should probably mention that in the changelogs too.

Follow-Ups:
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Huang, Kai

References:
- [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Alison Schofield
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Peter Zijlstra
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Kirill A. Shutemov
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Sakkinen, Jarkko
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Kirill A. Shutemov

Prev by Date: Re: [PATCH V4 5/6] arm64: mm: introduce 52-bit userspace support
Next by Date: Re: [RFC v2 10/13] keys/mktme: Add the MKTME Key Service type for memory encryption
Previous by thread: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Next by thread: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]