[RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME)
Dave Hansen
dave.hansen at intel.com
Sat Dec 8 01:11:58 UTC 2018
On 12/7/18 3:53 PM, Andy Lutomirski wrote:
> The third problem is the real show-stopper, though: this scheme
> requires that the ciphertext go into predetermined physical
> addresses, which would be a giant mess.
There's a more fundamental problem than that. The tweak fed into the
actual AES-XTS operation is determined by the firmware, programmed into
the memory controller, and is not visible to software. So, not only
would you need to put stuff at a fixed physical address, the tweaks can
change from boot-to-boot, so whatever you did would only be good for one
boot.
More information about the Linux-security-module-archive
mailing list