[RFC v2 12/13] keys/mktme: Save MKTME data if kernel cmdline parameter allows
Kirill A. Shutemov
kirill at shutemov.name
Fri Dec 7 11:47:09 UTC 2018
On Fri, Dec 07, 2018 at 02:14:03AM +0000, Huang, Kai wrote:
> Alternatively, we can choose to use per-socket keyID, but not to program
> keyID globally across all sockets, so you don't have to save key while
> still supporting CPU hotplug.
Per-socket KeyID approach would make things more complex. For instance
KeyID on its own will not be enough to refer a key. You will need a node
too. It will also require a way to track whether theirs an KeyID on other
node for the key.
It also makes memory management less flexible: runtime migration of the
memory between nodes will be limited and it can hurt memory availablity
for non-encrypted tasks too.
In general, I don't see per-socket KeyID handling very attractive. It
creates more problems than solves.
--
Kirill A. Shutemov
More information about the Linux-security-module-archive
mailing list