Re: [RFC PATCH v5 023/104] x86/cpu: Add helper functions to allocate/free MKTME keyid

From: Kai Huang
Date: Wed Apr 06 2022 - 21:00:55 EST

Next message: kernel test robot: "Re: [PATCH 6/7] KEYS: X.509: Flag Intermediate CA certs as built in"
Previous message: Tzung-Bi Shih: "Re: [v9 2/4] ASoC: mediatek: mt8192: refactor for I2S3 DAI link of speaker"
In reply to: Kai Huang: "Re: [RFC PATCH v5 023/104] x86/cpu: Add helper functions to allocate/free MKTME keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> >
> > Also export the global TDX private host key id that is used to encrypt TDX
> > module, its memory and some dynamic data (e.g. TDR).
> >

Sorry I was replying too quick.

This sentence is not correct. Hardware doesn't use global KeyID to encrypt TDX
module itself. In current generation of TDX, global KeyID is used to encrypt
TDX memory metadata (PAMTs) and TDRs.

> > When VMM releasing
> > encrypted page to reuse it, the page needs to be flushed with the used host
> > key id. VMM needs the global TDX private host key id to flush such pages
> > TDX module accesses with the global TDX private host key id.
> >
> >
>
> Find to me.
>

Next message: kernel test robot: "Re: [PATCH 6/7] KEYS: X.509: Flag Intermediate CA certs as built in"
Previous message: Tzung-Bi Shih: "Re: [v9 2/4] ASoC: mediatek: mt8192: refactor for I2S3 DAI link of speaker"
In reply to: Kai Huang: "Re: [RFC PATCH v5 023/104] x86/cpu: Add helper functions to allocate/free MKTME keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]