Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

On 09/03/2017 15:07, Borislav Petkov wrote: > + /* Check if running under a hypervisor */ > + eax = 0x4000; > + ecx = 0; > + native_cpuid(, , , ); This is not how you check if running under a hypervisor; you should check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This

Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote: > This is not how you check if running under a hypervisor; you should > check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn > tells you if leaf 0x4000 is valid. Ah, good point, I already do that in the microcode

Re: [PATCH v2 0/2] Propagate fallback bit for cbc and ctr

On Mon, Feb 27, 2017 at 09:38:24AM -0300, Marcelo Henrique Cerri wrote: > Hi Hebert, > > For v2: > > - fixed the memory leakage in cbc. > - included crypto/algapi.h in crypto/cbc.c for crypto_requires_off(); > - ERR_CAST instead PTR_ERR in ctr. > - Also propagated the fallback bit for rfc3686. >

Re: [PATCH 0/2] crypto: constify test vectors

On Fri, Feb 24, 2017 at 03:46:57PM -0800, Eric Biggers wrote: > From: Eric Biggers > > These two patches mark all the cryptographic test vectors as 'const'. > This has several potential advantages and moves a large amount of data > from .data to .rodata when the tests are

Re: [RFC PATCH v2 0/3] Cavium ThunderX ZIP driver

On Thu, Mar 9, 2017 at 4:16 PM, Herbert Xu wrote: > On Wed, Feb 15, 2017 at 10:45:07AM +0530, Mahipal Challa wrote: >> Hi Herbert, >> >> This series adds support for hardware accelerated compression & decompression >> as found on ThunderX (arm64) SOCs. >> >> As per

Re: [RFC PATCH v2 0/3] Cavium ThunderX ZIP driver

On Wed, Feb 15, 2017 at 10:45:07AM +0530, Mahipal Challa wrote: > Hi Herbert, > > This series adds support for hardware accelerated compression & decompression > as found on ThunderX (arm64) SOCs. > > As per your suggestion, we've switched to the new crypto acomp/scomp > interface. > > To test

Re: [PATCH v2 1/2] crypto: arm/aes-neonbs - resolve fallback cipher at runtime

On Tue, Feb 14, 2017 at 09:51:01PM +, Ard Biesheuvel wrote: > Currently, the bit sliced NEON AES code for ARM has a link time > dependency on the scalar ARM asm implementation, which it uses as a > fallback to perform CBC encryption and the encryption of the initial > XTS tweak. > > The bit

Re: [PATCH 0/4] crypto: gf128mul cleanups

On Tue, Feb 14, 2017 at 01:43:26PM -0800, Eric Biggers wrote: > This patchset makes a few cleanups to the generic GF(2^128) multiplication > code > to make it slightly easier to understand and modify. No functional changes > are > intended. > > Eric Biggers (4): > crypto: gf128mul - fix some

Re: [PATCH v2 2/2] crypto: algapi - annotate expected branch behavior in crypto_inc()

On Tue, Feb 14, 2017 at 09:51:02PM +, Ard Biesheuvel wrote: > To prevent unnecessary branching, mark the exit condition of the > primary loop as likely(), given that a carry in a 32-bit counter > occurs very rarely. > > On arm64, the resulting code is emitted by GCC as > > 9a8: cmp

Re: [PATCH] crypto: s5p-sss - Fix spinlock recursion on LRW(AES)

On Wed, Mar 08, 2017 at 11:14:20PM +0200, Krzysztof Kozlowski wrote: > Running TCRYPT with LRW compiled causes spinlock recursion: > > testing speed of async lrw(aes) (lrw(ecb-aes-s5p)) encryption > tcrypt: test 0 (256 bit key, 16 byte blocks): 19007 operations in 1 > seconds (304112

Re: [PATCH] crypto: brcm: fix spelling mistake: "genereate" -> "generate"

On Wed, Feb 22, 2017 at 11:51:38PM +, Colin King wrote: > From: Colin Ian King > > trivial fix to spelling mistake in pr_err message > > Signed-off-by: Colin Ian King Patch applied. Thanks. -- Email: Herbert Xu

Re: [RFC PATCH v2 13/32] KVM: SVM: Enable SEV by setting the SEV_ENABLE CPU feature

On Thu, Mar 02, 2017 at 10:15:01AM -0500, Brijesh Singh wrote: > From: Tom Lendacky > > Modify the SVM cpuid update function to indicate if Secure Encrypted > Virtualization (SEV) is active in the guest by setting the SEV KVM CPU > features bit. SEV is active if Secure

Re: [PATCH] crypto: Add ECB dependency for XTS mode

On Fri, Mar 03, 2017 at 07:25:21AM +0100, Milan Broz wrote: > Patch below should be backported to 4.10 stable > (only 4.10, older kernels are ok). > We have reports some systems fail to boot from LUKS now > (missing ecb module in initramdisk) ... > > Upstream commit is

Re: [PATCH V2 2/3] crypto: ccp - Enable support for AES GCM on v5 CCPs

On Thu, Mar 02, 2017 at 03:26:54PM -0600, Gary R Hook wrote: > A version 5 device provides the primitive commands > required for AES GCM. This patch adds support for > en/decryption. > > Signed-off-by: Gary R Hook This patch doesn't apply to the current cryptodev tree.

Re: [RFC] how to handle AAD copy operation for algif_aead

Am Donnerstag, 9. März 2017, 11:00:11 CET schrieb Herbert Xu: Hi Herbert, > On Fri, Feb 24, 2017 at 02:24:47PM +0100, Stephan Müller wrote: > > Hi Herbert et al, > > > > attached are two patches where each patch has a different approach to copy > > the AAD in the algif_aead operation. I would

Re: [RFC] how to handle AAD copy operation for algif_aead

Am Donnerstag, 9. März 2017, 11:05:54 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Mar 09, 2017 at 11:02:41AM +0100, Stephan Müller wrote: > > > > The patch > > > > 0001-crypto-algif_aead-copy-AAD-from-src-to-dst_separate.patch > > > > simply copies the AAD over from TX SGL to RX SGL. The pro

Re: [RFC] how to handle AAD copy operation for algif_aead

On Thu, Mar 09, 2017 at 11:08:32AM +0100, Stephan Müller wrote: > > This is the first patch (0001-crypto-algif_aead-copy-AAD-from-src-to- > dst_separate.patch). > > The second alternative patch (0001-crypto-algif_aead-copy-AAD-from-src-to- > dst_inplace.patch) does: I see. Yes that looks good.

Re: XTS Crypto Not Found In /proc/crypto Even After Compiled for 4.10.1.

Gave it a try on 4.10.1, but still to no avail: * [8.516138] raid6: using intx1 recovery algorithm [ [0;32m OK [0m] Started Flush Journal to Persistent Storage. [9.692091] Unable to handle kernel NULL pointer dereference at virtual address 0004 [9.698896] pgd = c0004000 [

Re: [RFC] how to handle AAD copy operation for algif_aead

On Thu, Mar 09, 2017 at 11:02:41AM +0100, Stephan Müller wrote: > > > > The patch 0001-crypto-algif_aead-copy-AAD-from-src-to-dst_separate.patch > > > simply copies the AAD over from TX SGL to RX SGL. The pro is that the > > > patch is small. The con is that this approach does *not* provide an > >

[PATCH] crypto: doc - fix typo (struct sdesc)

Add missing " " in api-samples.rst Signed-off-by: Fabien Dessenne --- Documentation/crypto/api-samples.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/crypto/api-samples.rst b/Documentation/crypto/api-samples.rst index

Re: [RFC] how to handle AAD copy operation for algif_aead

On Fri, Feb 24, 2017 at 02:24:47PM +0100, Stephan Müller wrote: > Hi Herbert et al, > > attached are two patches where each patch has a different approach to copy > the > AAD in the algif_aead operation. I would like to hear your opinion which > approach should be taken. > > The patch

Re: [RFC] how to handle AAD copy operation for algif_aead

Am Donnerstag, 9. März 2017, 11:23:16 CET schrieb Herbert Xu: Hi Herbert, > I see. Yes that looks good. Thank you. I will provide an official patch after the discussion about the memory handling is completed. As the memory handling patch should be considered for stable whereas the AAD copy

Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

On Thu, Mar 02, 2017 at 10:14:48AM -0500, Brijesh Singh wrote: > From: Tom Lendacky > > Early in the boot process, add checks to determine if the kernel is > running with Secure Encrypted Virtualization (SEV) active by issuing > a CPUID instruction. > > During early