diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0045-x86-mm-Don-t-attempt-to-encrypt-initrd-under-SEV.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0045-x86-mm-Don-t-attempt-to-encrypt-initrd-under-SEV.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0045-x86-mm-Don-t-attempt-to-encrypt-initrd-under-SEV.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0045-x86-mm-Don-t-attempt-to-encrypt-initrd-under-SEV.patch new file mode 100644 index 00000000..1da2e057 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0045-x86-mm-Don-t-attempt-to-encrypt-initrd-under-SEV.patch @@ -0,0 +1,52 @@ +From e15f9433db1cdc2f48c3b9529b0d009b66ed4613 Mon Sep 17 00:00:00 2001 +From: Sudheesh Mavila <sudheesh.mavila@amd.com> +Date: Mon, 13 Aug 2018 14:34:26 +0530 +Subject: [PATCH 45/95] x86/mm: Don't attempt to encrypt initrd under SEV + +From 682af54399b6111730aec0be63e5f6a3a3359a76 + +When SEV is active the initrd/initramfs will already have already been +placed in memory encrypted so do not try to encrypt it. + +Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Reviewed-by: Borislav Petkov <bp@suse.de> +Tested-by: Borislav Petkov <bp@suse.de> +Cc: kvm@vger.kernel.org +Cc: Borislav Petkov <bp@alien8.de> +Cc: Andy Lutomirski <luto@kernel.org> +Link: https://lkml.kernel.org/r/20171020143059.3291-4-brijesh.singh@amd.com + +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + arch/x86/kernel/setup.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + mode change 100644 => 100755 arch/x86/kernel/setup.c + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +old mode 100644 +new mode 100755 +index dcb00ac..aa23f8c +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -376,6 +376,16 @@ static void __init reserve_initrd(void) + !ramdisk_image || !ramdisk_size) + return; /* No initrd provided by bootloader */ + ++ /* ++ * If SME is active, this memory will be marked encrypted by the ++ * kernel when it is accessed (including relocation). However, the ++ * ramdisk image was loaded decrypted by the bootloader, so make ++ * sure that it is encrypted before accessing it. For SEV the ++ * ramdisk will already be encrypted, so only do this for SME. ++ */ ++ if (sme_active()) ++ sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); ++ + initrd_start = 0; + + mapped_size = memblock_mem_size(max_pfn_mapped); +-- +2.7.4 + |