From 853fcc15e4523f42f229d49844c11f5ad1faaa8b Mon Sep 17 00:00:00 2001 From: Sudheesh Mavila Date: Tue, 14 Aug 2018 23:20:36 +0530 Subject: [PATCH 86/95] x86/mm: Encrypt the initrd earlier for BSP microcode update From 107cd2532181b96c549e8f224cdcca8631c3076b Currently the BSP microcode update code examines the initrd very early in the boot process. If SME is active, the initrd is treated as being encrypted but it has not been encrypted (in place) yet. Update the early boot code that encrypts the kernel to also encrypt the initrd so that early BSP microcode updates work. Tested-by: Gabriel Craciunescu Signed-off-by: Tom Lendacky Reviewed-by: Borislav Petkov Cc: Borislav Petkov Cc: Brijesh Singh Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20180110192634.6026.10452.stgit@tlendack-t1.amdoffice.net Signed-off-by: Ingo Molnar Signed-off-by: Sudheesh Mavila --- arch/x86/kernel/setup.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index aa23f8c..dcb00ac 100755 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -376,16 +376,6 @@ static void __init reserve_initrd(void) !ramdisk_image || !ramdisk_size) return; /* No initrd provided by bootloader */ - /* - * If SME is active, this memory will be marked encrypted by the - * kernel when it is accessed (including relocation). However, the - * ramdisk image was loaded decrypted by the bootloader, so make - * sure that it is encrypted before accessing it. For SEV the - * ramdisk will already be encrypted, so only do this for SME. - */ - if (sme_active()) - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); - initrd_start = 0; mapped_size = memblock_mem_size(max_pfn_mapped); -- 2.7.4