[RFC,60/62] x86/mktme: Document the MKTME Key Service API

Message ID	20190508144422.13171-61-kirill.shutemov@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <owner-linux-mm@kvack.org> Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> To: Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Andy Lutomirski <luto@amacapital.net>, David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Kai Huang <kai.huang@linux.intel.com>, Jacob Pan <jacob.jun.pan@linux.intel.com>, Alison Schofield <alison.schofield@intel.com>, linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com> Subject: [PATCH, RFC 60/62] x86/mktme: Document the MKTME Key Service API Date: Wed, 8 May 2019 17:44:20 +0300 Message-Id: <20190508144422.13171-61-kirill.shutemov@linux.intel.com> In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Intel MKTME enabling \| expand [RFC,00/62] Intel MKTME enabling [RFC,01/62] mm: Do no merge VMAs with different encryption KeyIDs [RFC,02/62] mm: Add helpers to setup zero page mappings [RFC,03/62] mm/ksm: Do not merge pages with different KeyIDs [RFC,04/62] mm/page_alloc: Unify alloc_hugepage_vma() [RFC,05/62] mm/page_alloc: Handle allocation for encrypted memory [RFC,06/62] mm/khugepaged: Handle encrypted pages [RFC,07/62] x86/mm: Mask out KeyID bits from page table entry pfn [RFC,08/62] x86/mm: Introduce variables to store number, shift and mask of KeyIDs [RFC,09/62] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() [RFC,10/62] x86/mm: Detect MKTME early [RFC,11/62] x86/mm: Add a helper to retrieve KeyID for a page [RFC,12/62] x86/mm: Add a helper to retrieve KeyID for a VMA [RFC,13/62] x86/mm: Add hooks to allocate and free encrypted pages [RFC,14/62] x86/mm: Map zero pages into encrypted mappings correctly [RFC,15/62] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING [RFC,16/62] x86/mm: Allow to disable MKTME after enumeration [RFC,17/62] x86/mm: Calculate direct mapping size [RFC,18/62] x86/mm: Implement syncing per-KeyID direct mappings [RFC,19/62] x86/mm: Handle encrypted memory in page_to_virt() and __pa() [RFC,20/62] mm/page_ext: Export lookup_page_ext() symbol [RFC,21/62] mm/rmap: Clear vma->anon_vma on unlink_anon_vmas() [RFC,22/62] x86/pconfig: Set a valid encryption algorithm for all MKTME commands [RFC,23/62] keys/mktme: Introduce a Kernel Key Service for MKTME [RFC,24/62] keys/mktme: Preparse the MKTME key payload [RFC,25/62] keys/mktme: Instantiate and destroy MKTME keys [RFC,26/62] keys/mktme: Move the MKTME payload into a cache aligned structure [RFC,27/62] keys/mktme: Strengthen the entropy of CPU generated MKTME keys [RFC,28/62] keys/mktme: Set up PCONFIG programming targets for MKTME keys [RFC,29/62] keys/mktme: Program MKTME keys into the platform hardware [RFC,30/62] keys/mktme: Set up a percpu_ref_count for MKTME keys [RFC,31/62] keys/mktme: Require CAP_SYS_RESOURCE capability for MKTME keys [RFC,32/62] keys/mktme: Store MKTME payloads if cmdline parameter allows [RFC,33/62] acpi: Remove __init from acpi table parsing functions [RFC,34/62] acpi/hmat: Determine existence of an ACPI HMAT [RFC,35/62] keys/mktme: Require ACPI HMAT to register the MKTME Key Service [RFC,36/62] acpi/hmat: Evaluate topology presented in ACPI HMAT for MKTME [RFC,37/62] keys/mktme: Do not allow key creation in unsafe topologies [RFC,38/62] keys/mktme: Support CPU hotplug for MKTME key service [RFC,39/62] keys/mktme: Find new PCONFIG targets during memory hotplug [RFC,40/62] keys/mktme: Program new PCONFIG targets with MKTME keys [RFC,41/62] keys/mktme: Support memory hotplug for MKTME keys [RFC,42/62] mm: Generalize the mprotect implementation to support extensions [RFC,43/62] syscall/x86: Wire up a system call for MKTME encryption keys [RFC,44/62] x86/mm: Set KeyIDs in encrypted VMAs for MKTME [RFC,45/62] mm: Add the encrypt_mprotect() system call for MKTME [RFC,46/62] x86/mm: Keep reference counts on encrypted VMAs for MKTME [RFC,47/62] mm: Restrict MKTME memory encryption to anonymous VMAs [RFC,48/62] selftests/x86/mktme: Test the MKTME APIs [RFC,49/62] mm, x86: export several MKTME variables [RFC,50/62] kvm, x86, mmu: setup MKTME keyID to spte for given PFN [RFC,51/62] iommu/vt-d: Support MKTME in DMA remapping [RFC,52/62] x86/mm: introduce common code for mem encryption [RFC,53/62] x86/mm: Use common code for DMA memory encryption [RFC,54/62] x86/mm: Disable MKTME on incompatible platform configurations [RFC,55/62] x86/mm: Disable MKTME if not all system memory supports encryption [RFC,56/62] x86: Introduce CONFIG_X86_INTEL_MKTME [RFC,57/62] x86/mktme: Overview of Multi-Key Total Memory Encryption [RFC,58/62] x86/mktme: Document the MKTME provided security mitigations [RFC,59/62] x86/mktme: Document the MKTME kernel configuration requirements [RFC,60/62] x86/mktme: Document the MKTME Key Service API [RFC,61/62] x86/mktme: Document the MKTME API for anonymous memory encryption [RFC,62/62] x86/mktme: Demonstration program using the MKTME APIs

Message ID

20190508144422.13171-61-kirill.shutemov@linux.intel.com (mailing list archive)

State

New, archived

Headers

Received-SPF: pass (google.com: best guess record for domain of
 kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted
 sender) client-ip=134.134.136.31;
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Andrew Morton <akpm@linux-foundation.org>,
	x86@kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Borislav Petkov <bp@alien8.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Andy Lutomirski <luto@amacapital.net>,
	David Howells <dhowells@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
	Dave Hansen <dave.hansen@intel.com>,
	Kai Huang <kai.huang@linux.intel.com>,
	Jacob Pan <jacob.jun.pan@linux.intel.com>,
	Alison Schofield <alison.schofield@intel.com>,
	linux-mm@kvack.org,
	kvm@vger.kernel.org,
	keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCH, RFC 60/62] x86/mktme: Document the MKTME Key Service API
Date: Wed,  8 May 2019 17:44:20 +0300
Message-Id: <20190508144422.13171-61-kirill.shutemov@linux.intel.com>
In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com>
References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Intel MKTME enabling | expand

Commit Message

kirill.shutemov@linux.intel.com May 8, 2019, 2:44 p.m. UTC

From: Alison Schofield <alison.schofield@intel.com>

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 Documentation/x86/mktme/index.rst      |  1 +
 Documentation/x86/mktme/mktme_keys.rst | 96 ++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)
 create mode 100644 Documentation/x86/mktme/mktme_keys.rst

diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst
index 0f021cc4a2db..8cf2b7d62091 100644
--- a/Documentation/x86/mktme/index.rst
+++ b/Documentation/x86/mktme/index.rst
@@ -8,3 +8,4 @@  Multi-Key Total Memory Encryption (MKTME)
    mktme_overview
    mktme_mitigations
    mktme_configuration
+   mktme_keys
diff --git a/Documentation/x86/mktme/mktme_keys.rst b/Documentation/x86/mktme/mktme_keys.rst
new file mode 100644
index 000000000000..161871dee0dc
--- /dev/null
+++ b/Documentation/x86/mktme/mktme_keys.rst
@@ -0,0 +1,96 @@ 
+MKTME Key Service API
+=====================
+MKTME is a new key service type added to the Linux Kernel Key Service.
+
+The MKTME Key Service type is available when CONFIG_X86_INTEL_MKTME is
+turned on in Intel platforms that support the MKTME feature.
+
+The MKTME Key Service type manages the allocation of hardware encryption
+keys. Users can request an MKTME type key and then use that key to
+encrypt memory with the encrypt_mprotect() system call.
+
+Usage
+-----
+    When using the Kernel Key Service to request an *mktme* key,
+    specify the *payload* as follows:
+
+    type=
+        *user*	User will supply the encryption key data. Use this
+                type to directly program a hardware encryption key.
+
+        *cpu*	User requests a CPU generated encryption key.
+                The CPU generates and assigns an ephemeral key.
+
+        *no-encrypt*
+                 User requests that hardware does not encrypt
+                 memory when this key is in use.
+
+    algorithm=
+        When type=user or type=cpu the algorithm field must be
+        *aes-xts-128*
+
+        When type=clear or type=no-encrypt the algorithm field
+        must not be present in the payload.
+
+    key=
+        When type=user the user must supply a 128 bit encryption
+        key as exactly 32 ASCII hexadecimal characters.
+
+	When type=cpu the user may optionally supply 128 bits of
+        entropy for the CPU generated encryption key in this field.
+        It must be exactly 32 ASCII hexadecimal characters.
+
+	When type=no-encrypt this key field must not be present
+        in the payload.
+
+    tweak=
+	When type=user the user must supply a 128 bit tweak key
+        as exactly 32 ASCII hexadecimal characters.
+
+	When type=cpu the user may optionally supply 128 bits of
+        entropy for the CPU generated tweak key in this field.
+        It must be exactly 32 ASCII hexadecimal characters.
+
+        When type=no-encrypt the tweak field must not be present
+        in the payload.
+
+ERRORS
+------
+    In addition to the Errors returned from the Kernel Key Service,
+    add_key(2) or keyctl(1) commands, the MKTME Key Service type may
+    return the following errors:
+
+    EINVAL for any payload specification that does not match the
+           MKTME type payload as defined above.
+
+    EACCES for access denied. The MKTME key type uses capabilities
+           to restrict the allocation of keys to privileged users.
+           CAP_SYS_RESOURCE is required, but it will accept the
+           broader capability of CAP_SYS_ADMIN. See capabilities(7).
+
+    ENOKEY if a hardware key cannot be allocated. Additional error
+           messages will describe the hardware programming errors.
+
+EXAMPLES
+--------
+    Add a 'user' type key::
+
+        char \*options_USER = "type=user
+                               algorithm=aes-xts-128
+                               key=12345678912345671234567891234567
+                               tweak=12345678912345671234567891234567";
+
+        key = add_key("mktme", "name", options_USER, strlen(options_USER),
+                      KEY_SPEC_THREAD_KEYRING);
+
+    Add a 'cpu' type key::
+
+        char \*options_USER = "type=cpu algorithm=aes-xts-128";
+
+        key = add_key("mktme", "name", options_CPU, strlen(options_CPU),
+                      KEY_SPEC_THREAD_KEYRING);
+
+    Add a "no-encrypt' type key::
+
+	key = add_key("mktme", "name", "no-encrypt", strlen(options_CPU),
+		      KEY_SPEC_THREAD_KEYRING);

[RFC,60/62] x86/mktme: Document the MKTME Key Service API

Commit Message

Patch