From patchwork Fri Sep 7 22:23:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10592621 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8E86F13BB for ; Fri, 7 Sep 2018 22:22:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7730D2B3B2 for ; Fri, 7 Sep 2018 22:22:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6ADA52B3FC; Fri, 7 Sep 2018 22:22:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09A532B3B2 for ; Fri, 7 Sep 2018 22:22:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726561AbeIHDFr (ORCPT ); Fri, 7 Sep 2018 23:05:47 -0400 Received: from mga04.intel.com ([192.55.52.120]:60396 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726147AbeIHDFr (ORCPT ); Fri, 7 Sep 2018 23:05:47 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Sep 2018 15:22:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,344,1531810800"; d="scan'208";a="89919124" Received: from alison-desk.jf.intel.com ([10.54.74.53]) by orsmga002.jf.intel.com with ESMTP; 07 Sep 2018 15:22:42 -0700 Date: Fri, 7 Sep 2018 15:23:24 -0700 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: Kai Huang , Jun Nakajima , Kirill Shutemov , Dave Hansen , Jarkko Sakkinen , jmorris@namei.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-mm@kvack.org Subject: [RFC 00/12] Multi-Key Total Memory Encryption API (MKTME) Message-ID: MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Seeking comments on the APIs supporting MKTME on future Intel platforms. MKTME (Multi-Key Total Memory Encryption) is a technology supporting memory encryption on upcoming Intel platforms. Whereas TME allows encryption of the entire system memory using a single key, MKTME allows mulitple encryption domains, each having their own key. While the main use case for the feature is virtual machine isolation, the API needs the flexibility to work for a wide range of use cases. This RFC presents the 2 API additions that enable userspace to: 1) Create Encryption Keys: Kernel Key Service type "mktme" 2) Use the Encryption Keys: system call encrypt_mprotect() In order to share between: the Kernel Key Service, the new system call, and the existing mm code, helper functions were created in arch/x86/mktme This patchset is built upon Kirill Shutemov's patchset for the core MKTME support. You can find that here: git://git.kernel.org/pub/scm/linux/kernel/git/kas/linux.git mktme/wip Alison Schofield (12): docs/x86: Document the Multi-Key Total Memory Encryption API mm: Generalize the mprotect implementation to support extensions syscall/x86: Wire up a new system call for memory encryption keys x86/mm: Add helper functions to manage memory encryption keys x86/mm: Add a helper function to set keyid bits in encrypted VMA's mm: Add the encrypt_mprotect() system call x86/mm: Add helper functions to track encrypted VMA's mm: Track VMA's in use for each memory encryption keyid mm: Restrict memory encryption to anonymous VMA's x86/pconfig: Program memory encryption keys on a system-wide basis keys/mktme: Add a new key service type for memory encryption keys keys/mktme: Do not revoke in use memory encryption keys Documentation/x86/mktme-keys.txt | 153 ++++++++++++++++ arch/x86/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/x86/include/asm/intel_pconfig.h | 42 ++++- arch/x86/include/asm/mktme.h | 21 +++ arch/x86/mm/mktme.c | 141 ++++++++++++++ fs/exec.c | 4 +- include/keys/mktme-type.h | 28 +++ include/linux/key.h | 2 + include/linux/mm.h | 9 +- include/linux/syscalls.h | 2 + include/uapi/asm-generic/unistd.h | 4 +- kernel/fork.c | 2 + kernel/sys_ni.c | 2 + mm/mmap.c | 12 ++ mm/mprotect.c | 93 +++++++++- mm/nommu.c | 4 + security/keys/Kconfig | 11 ++ security/keys/Makefile | 1 + security/keys/internal.h | 6 + security/keys/keyctl.c | 7 + security/keys/mktme_keys.c | 325 +++++++++++++++++++++++++++++++++ 23 files changed, 855 insertions(+), 17 deletions(-) create mode 100644 Documentation/x86/mktme-keys.txt create mode 100644 include/keys/mktme-type.h create mode 100644 security/keys/mktme_keys.c