Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On 3/1/2017 11:36 AM, Borislav Petkov wrote: On Thu, Feb 16, 2017 at 09:48:08AM -0600, Tom Lendacky wrote: This patch adds the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The

Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On Thu, Mar 02, 2017 at 12:30:31PM -0600, Tom Lendacky wrote: > The "* 2" here and above is that a PUD and a PMD is needed for both > the encrypted and decrypted mappings. I'll add a comment to clarify > that. Ah, makes sense. Definitely needs a comment. > Yup, I can do that here too (but need

Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On 3/1/2017 11:36 AM, Borislav Petkov wrote: On Thu, Feb 16, 2017 at 09:48:08AM -0600, Tom Lendacky wrote: This patch adds the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The

Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On Thu, Mar 02, 2017 at 12:30:31PM -0600, Tom Lendacky wrote: > The "* 2" here and above is that a PUD and a PMD is needed for both > the encrypted and decrypted mappings. I'll add a comment to clarify > that. Ah, makes sense. Definitely needs a comment. > Yup, I can do that here too (but need

Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On Thu, Feb 16, 2017 at 09:48:08AM -0600, Tom Lendacky wrote: > This patch adds the support to encrypt the kernel in-place. This is > done by creating new page mappings for the kernel - a decrypted > write-protected mapping and an encrypted mapping. The kernel is encyrpted s/encyrpted/encrypted/

Re: [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

On Thu, Feb 16, 2017 at 09:48:08AM -0600, Tom Lendacky wrote: > This patch adds the support to encrypt the kernel in-place. This is > done by creating new page mappings for the kernel - a decrypted > write-protected mapping and an encrypted mapping. The kernel is encyrpted s/encyrpted/encrypted/

[RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

This patch adds the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encyrpted by copying the kernel through a temporary buffer. Signed-off-by: Tom Lendacky

[RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place

This patch adds the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encyrpted by copying the kernel through a temporary buffer. Signed-off-by: Tom Lendacky ---