Re: [PATCH 0/6] Add Hygon SEV support
- Date: Mon, 15 Apr 2019 17:37:49 +0200
- From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
- Subject: Re: [PATCH 0/6] Add Hygon SEV support
On 15/04/19 14:04, Hao Feng wrote:
> Hygon SEV follows AMD SEV work flow, but uses China national standard
> cryptographic algorithms SM2/SM3/SM4 instead of (RSA, ECDSA,
> ECDH)/SHA/AES. Reuse most AMD SEV code path to support Hygon SEV,
> also adds 3 new commands(GM_PUBKEY_GEN, GM_GET_DIGEST,
> GM_VERIFY_DIGEST) to support SM2 key exchange protocol.
> SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
> curve. It can be used in digital signature, key exchange and
> asymmetric cryptography. For key exchange, SM2 is similar to ECDH, but
> involves new random key, meaning the two sides need to exchange extra
> random public key besides their public key, that's why additional APIs
> are needed to support Hygon SEV.
> SM3 is a hash algorithm, similar to SHA-256.
> SM4 is a block cipher algorithm, similar to AES-128.
I don't see SM2 and SM3 implemented elsewhere in Linux. SM4 is only
supported by a few wireless drivers.
Apart from the concerns that Thomas mentioned, you have to convince the
rest of the community that these primitives are secure (for example by
contributing support for them to drivers/crypto), and then KVM will
start using them.
Because as far as I know, they could be just as secure as double rot13.