diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0043-x86-mm-Add-Secure-Encrypted-Virtualization-SEV-suppo.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0043-x86-mm-Add-Secure-Encrypted-Virtualization-SEV-suppo.patch | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0043-x86-mm-Add-Secure-Encrypted-Virtualization-SEV-suppo.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0043-x86-mm-Add-Secure-Encrypted-Virtualization-SEV-suppo.patch deleted file mode 100644 index 3ce54c27..00000000 --- a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0043-x86-mm-Add-Secure-Encrypted-Virtualization-SEV-suppo.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 6bcf9c90963dc4402738e2875e446770d283b08c Mon Sep 17 00:00:00 2001 -From: Sudheesh Mavila <sudheesh.mavila@amd.com> -Date: Mon, 13 Aug 2018 12:19:45 +0530 -Subject: [PATCH 43/95] x86/mm: Add Secure Encrypted Virtualization (SEV) - support - -From d8aa7eea78a1401cce39b3bb61ead0150044a3df - -Provide support for Secure Encrypted Virtualization (SEV). This initial -support defines a flag that is used by the kernel to determine if it is -running with SEV active. - -Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> -Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Borislav Petkov <bp@suse.de> -Tested-by: Borislav Petkov <bp@suse.de> -Cc: kvm@vger.kernel.org -Cc: Borislav Petkov <bp@alien8.de> -Cc: Andy Lutomirski <luto@kernel.org> -Link: https://lkml.kernel.org/r/20171020143059.3291-3-brijesh.singh@amd.com - -Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> ---- - arch/x86/include/asm/mem_encrypt.h | 6 ++++++ - arch/x86/mm/mem_encrypt.c | 26 ++++++++++++++++++++++++++ - include/linux/mem_encrypt.h | 7 +++++-- - 3 files changed, 37 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h -index e7d96c0..ad91ab5 100644 ---- a/arch/x86/include/asm/mem_encrypt.h -+++ b/arch/x86/include/asm/mem_encrypt.h -@@ -47,6 +47,9 @@ void __init mem_encrypt_init(void); - - void swiotlb_set_mem_attributes(void *vaddr, unsigned long size); - -+bool sme_active(void); -+bool sev_active(void); -+ - #else /* !CONFIG_AMD_MEM_ENCRYPT */ - - #define sme_me_mask 0ULL -@@ -64,6 +67,9 @@ static inline void __init sme_early_init(void) { } - static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } - static inline void __init sme_enable(struct boot_params *bp) { } - -+static inline bool sme_active(void) { return false; } -+static inline bool sev_active(void) { return false; } -+ - #endif /* CONFIG_AMD_MEM_ENCRYPT */ - - /* -diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c -index 48c03c7..4e4a304 100644 ---- a/arch/x86/mm/mem_encrypt.c -+++ b/arch/x86/mm/mem_encrypt.c -@@ -42,6 +42,8 @@ static char sme_cmdline_off[] __initdata = "off"; - u64 sme_me_mask __section(.data) = 0; - EXPORT_SYMBOL(sme_me_mask); - -+static bool sev_enabled __section(.data); -+ - /* Buffer used for early in-place encryption by BSP, no locking needed */ - static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); - -@@ -192,6 +194,30 @@ void __init sme_early_init(void) - protection_map[i] = pgprot_encrypted(protection_map[i]); - } - -+/* -+ * SME and SEV are very similar but they are not the same, so there are -+ * times that the kernel will need to distinguish between SME and SEV. The -+ * sme_active() and sev_active() functions are used for this. When a -+ * distinction isn't needed, the mem_encrypt_active() function can be used. -+ * -+ * The trampoline code is a good example for this requirement. Before -+ * paging is activated, SME will access all memory as decrypted, but SEV -+ * will access all memory as encrypted. So, when APs are being brought -+ * up under SME the trampoline area cannot be encrypted, whereas under SEV -+ * the trampoline area must be encrypted. -+ */ -+bool sme_active(void) -+{ -+ return sme_me_mask && !sev_enabled; -+} -+EXPORT_SYMBOL_GPL(sme_active); -+ -+bool sev_active(void) -+{ -+ return sme_me_mask && sev_enabled; -+} -+EXPORT_SYMBOL_GPL(sev_active); -+ - /* Architecture __weak replacement functions */ - void __init mem_encrypt_init(void) - { -diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h -index 265a9cd..b310a9c 100644 ---- a/include/linux/mem_encrypt.h -+++ b/include/linux/mem_encrypt.h -@@ -23,11 +23,14 @@ - - #define sme_me_mask 0ULL - -+static inline bool sme_active(void) { return false; } -+static inline bool sev_active(void) { return false; } -+ - #endif /* CONFIG_ARCH_HAS_MEM_ENCRYPT */ - --static inline bool sme_active(void) -+static inline bool mem_encrypt_active(void) - { -- return !!sme_me_mask; -+ return sme_me_mask; - } - - static inline u64 sme_get_me_mask(void) --- -2.7.4 - |