Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Huang, Kai" <kai.huang@xxxxxxxxx>, "luto@xxxxxxxxxx" <luto@xxxxxxxxxx>
Subject: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 6 Dec 2018 20:23:54 -0800
Cc: "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "jmorris@xxxxxxxxx" <jmorris@xxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "keyrings@xxxxxxxxxxxxxxx" <keyrings@xxxxxxxxxxxxxxx>, "willy@xxxxxxxxxxxxx" <willy@xxxxxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "dhowells@xxxxxxxxxx" <dhowells@xxxxxxxxxx>, "linux-security-module@xxxxxxxxxxxxxxx" <linux-security-module@xxxxxxxxxxxxxxx>, "Williams, Dan J" <dan.j.williams@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "Sakkinen, Jarkko" <jarkko.sakkinen@xxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "Schofield, Alison" <alison.schofield@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
In-reply-to: <1544147742.28511.18.camel@intel.com>
Openpgp: preference=signencrypt
References: <cover.1543903910.git.alison.schofield@intel.com> <CALCETrUqqQiHR_LJoKB2JE6hCZ-e7LiFprEhmo-qoegDZJ9uYQ@mail.gmail.com> <c610138f-32dd-a24c-dc52-4e0006a21409@intel.com> <CALCETrU34U3berTaEQbvNt0rfCdsjwj+xDb8x7bgAMFHEo=eUw@mail.gmail.com> <1544147742.28511.18.camel@intel.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

On 12/6/18 5:55 PM, Huang, Kai wrote:
> I think one usage of user-specified key is for NVDIMM, since CPU key
> will be gone after machine reboot, therefore if NVDIMM is encrypted
> by CPU key we are not able to retrieve it once shutdown/reboot, etc.

I think we all agree that the NVDIMM uses are really useful.

But, these patches don't implement that.  So, if NVDIMMs are the only
reasonable use case, we shouldn't merge these patches until we add
NVDIMM support.

References:
- [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Alison Schofield
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Andy Lutomirski
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Dave Hansen
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Andy Lutomirski
- Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
  - From: Huang, Kai

Prev by Date: Re: [PATCH] mm, kmemleak: Little optimization while scanning
Next by Date: [Question] Why we always pass NULL to drain_local_pages() in drain_local_pages_wq()?
Previous by thread: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Next by thread: Re: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]