On Thu, Dec 06, 2018 at 06:05:50PM -0800, Huang, Kai wrote: > On Wed, 2018-12-05 at 22:19 +0000, Sakkinen, Jarkko wrote: > > On Tue, 2018-12-04 at 11:19 -0800, Andy Lutomirski wrote: > > > I'm not Thomas, but I think it's the wrong direction. As it stands, > > > encrypt_mprotect() is an incomplete version of mprotect() (since it's > > > missing the protection key support), and it's also functionally just > > > MADV_DONTNEED. In other words, the sole user-visible effect appears > > > to be that the existing pages are blown away. The fact that it > > > changes the key in use doesn't seem terribly useful, since it's > > > anonymous memory, and the most secure choice is to use CPU-managed > > > keying, which appears to be the default anyway on TME systems. It > > > also has totally unclear semantics WRT swap, and, off the top of my > > > head, it looks like it may have serious cache-coherency issues and > > > like swapping the pages might corrupt them, both because there are no > > > flushes and because the direct-map alias looks like it will use the > > > default key and therefore appear to contain the wrong data. > > > > > > I would propose a very different direction: don't try to support MKTME > > > at all for anonymous memory, and instead figure out the important use > > > cases and support them directly. The use cases that I can think of > > > off the top of my head are: > > > > > > 1. pmem. This should probably use a very different API. > > > > > > 2. Some kind of VM hardening, where a VM's memory can be protected a > > > little tiny bit from the main kernel. But I don't see why this is any > > > better than XPO (eXclusive Page-frame Ownership), which brings to > > > mind: > > > > What is the threat model anyway for AMD and Intel technologies? > > > > For me it looks like that you can read, write and even replay > > encrypted pages both in SME and TME. > > Right. Neither of them (including MKTME) prevents replay attack. But > in my understanding SEV doesn't prevent replay attack either since it > doesn't have integrity protection. Yep, it doesn't :-) That's why I've been wondering after seeing presentations concerning SME and SVE what they are good for. Cold boot attacks are definitely at least something where these techs can help... /Jarkko
