On Thu, 29 Sep 2005 06:48:19 -0400 John P Baker <[EMAIL PROTECTED]> wrote:
:>In a non-extended storage key environment, fetching of data from a storage :>page is permissible when the fetch protection bit of the page storage key is :>off or when the PSW-key matches the page storage key. Storing of data into :>a page is permissible when the PSW-key matches the page storage key. :>A program can switch between the various PSW keys using the SPKA :>instruction, subject (in problem state) to the PSW-key mask contained in :>control register 3. :>The extended storage key feature would provide far greater granularity in :>that within a particular PSW-key, up to 256 subkeys could be available to :>further limit access to specific pages. :>As an example, the introduction of hardware encryption instructions requires :>that the actual encryption keys be located in main storage. Wouldn't it :>make sense to locate the encryption control blocks, including encryption :>keys, etc. in extended storage key protected storage and to provide Program :>Call (PC) access to encryption service modules, to which would be granted :>access to the extended storage key protected storage in which those control :>blocks reside? Why do you feel that this is not available right now, with the existing keys? :>One can envisage many such examples of how the extended storage key feature :>could be used. Still don't get it. Key0 fetch protected seems adequate to me (as only supervisor state or the control program allowing setting key zero would permit access). Why are more storage keys needed? Whom are you trying to block? :>-----Original Message----- :>From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf :>Of Binyamin Dissen :>Sent: Thursday, September 29, 2005 03:11 :>To: [email protected] :>Subject: Re: Instruction Set Enhancement Idea :>I don't understand your business case. :>Why are more keys needed? -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
