On Mon, 2018-12-03 at 23:39 -0800, Alison Schofield wrote: > MKTME (Multi-Key Total Memory Encryption) key payloads may include > data encryption keys, tweak keys, and additional entropy bits. These > are used to program the MKTME encryption hardware. By default, the > kernel destroys this payload data once the hardware is programmed. > > However, in order to fully support CPU Hotplug, saving the key data > becomes important. The MKTME Key Service cannot allow a new physical > package to come online unless it can program the new packages Key Table > to match the Key Tables of all existing physical packages. > > With CPU generated keys (a.k.a. random keys or ephemeral keys) the > saving of user key data is not an issue. The kernel and MKTME hardware > can generate strong encryption keys without recalling any user supplied > data. > > With USER directed keys (a.k.a. user type) saving the key programming > data (data and tweak key) becomes an issue. The data and tweak keys > are required to program those keys on a new physical package. > > In preparation for adding CPU hotplug support: > > Add an 'mktme_vault' where key data is stored. > > Add 'mktme_savekeys' kernel command line parameter that directs > what key data can be stored. If it is not set, kernel does not > store users data key or tweak key. > > Add 'mktme_bitmap_user_type' to track when USER type keys are in > use. If no USER type keys are currently in use, a physical package > may be brought online, despite the absence of 'mktme_savekeys'. Overall, I am not sure whether saving key is good idea, since it breaks coldboot attack IMHO. We need to tradeoff between supporting CPU hotplug and security. I am not sure whether supporting CPU hotplug is that important, since for some other features such as SGX, we don't support CPU hotplug anyway. Alternatively, we can choose to use per-socket keyID, but not to program keyID globally across all sockets, so you don't have to save key while still supporting CPU hotplug. Thanks, -Kai
