Re: [PATCH, RFC 57/62] x86/mktme: Overview of Multi-Key Total Memory Encryption

From: Randy Dunlap
Date: Sun Jul 14 2019 - 14:16:56 EST


On 5/8/19 7:44 AM, Kirill A. Shutemov wrote:
> From: Alison Schofield <alison.schofield@xxxxxxxxx>
>
> Provide an overview of MKTME on Intel Platforms.
>
> Signed-off-by: Alison Schofield <alison.schofield@xxxxxxxxx>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> ---
> Documentation/x86/mktme/index.rst | 8 +++
> Documentation/x86/mktme/mktme_overview.rst | 57 ++++++++++++++++++++++
> 2 files changed, 65 insertions(+)
> create mode 100644 Documentation/x86/mktme/index.rst
> create mode 100644 Documentation/x86/mktme/mktme_overview.rst


> diff --git a/Documentation/x86/mktme/mktme_overview.rst b/Documentation/x86/mktme/mktme_overview.rst
> new file mode 100644
> index 000000000000..59c023965554
> --- /dev/null
> +++ b/Documentation/x86/mktme/mktme_overview.rst
> @@ -0,0 +1,57 @@
> +Overview
> +=========
...
> +--
> +1. https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
> +2. The MKTME architecture supports up to 16 bits of KeyIDs, so a
> + maximum of 65535 keys on top of the âTME keyâ at KeyID-0. The
> + first implementation is expected to support 5 bits, making 63

Hi,
How do 5 bits make 63 keys available?

> + keys available to applications. However, this is not guaranteed.
> + The number of available keys could be reduced if, for instance,
> + additional physical address space is desired over additional
> + KeyIDs.


thanks.
--
~Randy