Re: AES leaks, cgd ciphers, and vector units in the kernel

To: Brian Buhrow <buhrow%nfbcal.org@localhost>
Subject: Re: AES leaks, cgd ciphers, and vector units in the kernel
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Thu, 18 Jun 2020 22:26:10 +0000

> Date: Thu, 18 Jun 2020 11:37:36 -0700
> From: Brian Buhrow <buhrow%nfbcal.org@localhost>
> 
> Does xen advertise and allow the use of these instructions on PV and PVH
> domu's?

Generally I would expect yes.  You can test on a particular system
with `cpuctl identify'.  For example:

# cpuctl identify 0 | grep -w AES
cpu0: features1 0x7fbae3bf<DEADLINE,AES,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
                                    ^^^
The highlighted part in `features1' is the important thing.

Of course, it is possible that a Xen host might do something to
disable exposing the AES-NI feature bit to the guest, but this would
be a little unusual.  On a couple Xen systems I checked, the bit is
set in the guest.

If you want to try the patch set, you can boot with `boot -v'
(AB_VERBOSE), and the kernel will print a single line identifying the
selected AES implementation.  For example:

# dmesg | grep aes:
[     1.345962] aes: Intel AES-NI

Follow-Ups:
- Re: AES leaks, cgd ciphers, and vector units in the kernel
  - From: Martin Husemann

References:
- Re: AES leaks, cgd ciphers, and vector units in the kernel
  - From: Brian Buhrow

Prev by Date: Re: AES leaks, cgd ciphers, and vector units in the kernel
Next by Date: Re: AES leaks, cgd ciphers, and vector units in the kernel
Previous by Thread: Re: AES leaks, cgd ciphers, and vector units in the kernel
Next by Thread: Re: AES leaks, cgd ciphers, and vector units in the kernel
Indexes:

Home | Main Index | Thread Index | Old Index