blob: 1da2e057eeb2f17fdcdfd8eea697cb1a2c803a9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
From e15f9433db1cdc2f48c3b9529b0d009b66ed4613 Mon Sep 17 00:00:00 2001
From: Sudheesh Mavila <sudheesh.mavila@amd.com>
Date: Mon, 13 Aug 2018 14:34:26 +0530
Subject: [PATCH 45/95] x86/mm: Don't attempt to encrypt initrd under SEV
From 682af54399b6111730aec0be63e5f6a3a3359a76
When SEV is active the initrd/initramfs will already have already been
placed in memory encrypted so do not try to encrypt it.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Tested-by: Borislav Petkov <bp@suse.de>
Cc: kvm@vger.kernel.org
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@kernel.org>
Link: https://lkml.kernel.org/r/20171020143059.3291-4-brijesh.singh@amd.com
Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com>
---
arch/x86/kernel/setup.c | 10 ++++++++++
1 file changed, 10 insertions(+)
mode change 100644 => 100755 arch/x86/kernel/setup.c
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
old mode 100644
new mode 100755
index dcb00ac..aa23f8c
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -376,6 +376,16 @@ static void __init reserve_initrd(void)
!ramdisk_image || !ramdisk_size)
return; /* No initrd provided by bootloader */
+ /*
+ * If SME is active, this memory will be marked encrypted by the
+ * kernel when it is accessed (including relocation). However, the
+ * ramdisk image was loaded decrypted by the bootloader, so make
+ * sure that it is encrypted before accessing it. For SEV the
+ * ramdisk will already be encrypted, so only do this for SME.
+ */
+ if (sme_active())
+ sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image);
+
initrd_start = 0;
mapped_size = memblock_mem_size(max_pfn_mapped);
--
2.7.4
|
