Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas

From: Florian Weimer
Date: Wed Aug 26 2020 - 15:01:44 EST

Next message: tip-bot2 for Andy Lutomirski: "[tip: x86/fsgsbase] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS"
Previous message: Randy Dunlap: "Re: [PATCH 2/2] usb: dwc3: Add driver for Xilinx platforms"
In reply to: Andy Lutomirski: "Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andy Lutomirski:

>> I _believe_ there are also things like AES-NI that can get strong
>> protection from stuff like this. They load encryption keys into (AVX)
>> registers and then can do encrypt/decrypt operations without the keys
>> leaving the registers. If the key was loaded from a secret memory area
>> right into the registers, I think the protection from cache attacks
>> would be pretty strong.
>
> Except for context switches :)

An rseq sequence could request that the AVX registers should be
cleared on context switch. (I'm mostly kidding.)

I think the main issue is that we do not have a good established
programming model to actually use such features and completely avoid
making copies of secret data.

Next message: tip-bot2 for Andy Lutomirski: "[tip: x86/fsgsbase] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS"
Previous message: Randy Dunlap: "Re: [PATCH 2/2] usb: dwc3: Add driver for Xilinx platforms"
In reply to: Andy Lutomirski: "Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]