diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0086-x86-mm-Encrypt-the-initrd-earlier-for-BSP-microcode-.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0086-x86-mm-Encrypt-the-initrd-earlier-for-BSP-microcode-.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0086-x86-mm-Encrypt-the-initrd-earlier-for-BSP-microcode-.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0086-x86-mm-Encrypt-the-initrd-earlier-for-BSP-microcode-.patch new file mode 100644 index 00000000..4217bf56 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0086-x86-mm-Encrypt-the-initrd-earlier-for-BSP-microcode-.patch @@ -0,0 +1,54 @@ +From 853fcc15e4523f42f229d49844c11f5ad1faaa8b Mon Sep 17 00:00:00 2001 +From: Sudheesh Mavila <sudheesh.mavila@amd.com> +Date: Tue, 14 Aug 2018 23:20:36 +0530 +Subject: [PATCH 86/95] x86/mm: Encrypt the initrd earlier for BSP microcode + update + + From 107cd2532181b96c549e8f224cdcca8631c3076b + +Currently the BSP microcode update code examines the initrd very early +in the boot process. If SME is active, the initrd is treated as being +encrypted but it has not been encrypted (in place) yet. Update the +early boot code that encrypts the kernel to also encrypt the initrd so +that early BSP microcode updates work. + +Tested-by: Gabriel Craciunescu <nix.or.die@gmail.com> +Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> +Reviewed-by: Borislav Petkov <bp@suse.de> +Cc: Borislav Petkov <bp@alien8.de> +Cc: Brijesh Singh <brijesh.singh@amd.com> +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Peter Zijlstra <peterz@infradead.org> +Cc: Thomas Gleixner <tglx@linutronix.de> +Link: http://lkml.kernel.org/r/20180110192634.6026.10452.stgit@tlendack-t1.amdoffice.net +Signed-off-by: Ingo Molnar <mingo@kernel.org> + +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + arch/x86/kernel/setup.c | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index aa23f8c..dcb00ac 100755 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -376,16 +376,6 @@ static void __init reserve_initrd(void) + !ramdisk_image || !ramdisk_size) + return; /* No initrd provided by bootloader */ + +- /* +- * If SME is active, this memory will be marked encrypted by the +- * kernel when it is accessed (including relocation). However, the +- * ramdisk image was loaded decrypted by the bootloader, so make +- * sure that it is encrypted before accessing it. For SEV the +- * ramdisk will already be encrypted, so only do this for SME. +- */ +- if (sme_active()) +- sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); +- + initrd_start = 0; + + mapped_size = memblock_mem_size(max_pfn_mapped); +-- +2.7.4 + |