Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
On Tue, Nov 29, 2016 at 12:48:17PM -0600, Tom Lendacky wrote:
> > One more thing: just like we're adding an =on switch, we'd need an =off
> > switch in case something's wrong with the SME code. IOW, if a user
> > supplies "mem_encrypt=off", we do not encrypt.
>
> Well, we can document "off", but if the exact string "mem_encrypt=on"
> isn't specified on the command line then the encryption won't occur.
So you have this:
+ /*
+* Fixups have not been to applied phys_base yet, so we must obtain
+* the address to the SME command line option in the following way.
+*/
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+: "=r" (cmdline_arg)
+: "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
If I parse this right, we will enable SME *only* if mem_encrypt=on is
explicitly supplied on the command line.
Which means, users will have to *know* about that cmdline switch first.
Which then means, we have to go and tell them. Do you see where I'm
going with this?
I know we talked about this already but I still think we should enable
it by default and people who don't want it will use the =off switch. We
can also do something like CONFIG_AMD_SME_ENABLED_BY_DEFAULT which we
can be selected during build for the different setups.
Hmmm.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
On 11/26/2016 2:47 PM, Borislav Petkov wrote: > On Wed, Nov 09, 2016 at 06:38:38PM -0600, Tom Lendacky wrote: >> This patch adds the support to check if SME has been enabled and if the >> mem_encrypt=on command line option is set. If both of these conditions >> are true, then the encryption mask is set and the kernel is encrypted >> "in place." >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/kernel/head_64.S |1 + >> arch/x86/kernel/mem_encrypt_init.c | 60 >> +++- >> arch/x86/mm/mem_encrypt.c |2 + >> 3 files changed, 62 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S >> index e8a7272..c225433 100644 >> --- a/arch/x86/kernel/head_64.S >> +++ b/arch/x86/kernel/head_64.S >> @@ -100,6 +100,7 @@ startup_64: >> * to include it in the page table fixups. >> */ >> push%rsi >> +movq%rsi, %rdi >> callsme_enable >> pop %rsi >> movq%rax, %r12 >> diff --git a/arch/x86/kernel/mem_encrypt_init.c >> b/arch/x86/kernel/mem_encrypt_init.c >> index 7bdd159..c94ceb8 100644 >> --- a/arch/x86/kernel/mem_encrypt_init.c >> +++ b/arch/x86/kernel/mem_encrypt_init.c >> @@ -16,9 +16,14 @@ >> #include >> >> #include >> +#include >> +#include >> +#include >> >> #ifdef CONFIG_AMD_MEM_ENCRYPT >> >> +static char sme_cmdline_arg[] __initdata = "mem_encrypt=on"; > > One more thing: just like we're adding an =on switch, we'd need an =off > switch in case something's wrong with the SME code. IOW, if a user > supplies "mem_encrypt=off", we do not encrypt. Well, we can document "off", but if the exact string "mem_encrypt=on" isn't specified on the command line then the encryption won't occur. The cmdline_find_option_bool() function looks for the exact string and isn't interpreting the value on the right side of the equal sign. So omitting mem_encrypt=on or using mem_encrypt=off is the same. Thanks, Tom > > Thanks. > -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
On Wed, Nov 09, 2016 at 06:38:38PM -0600, Tom Lendacky wrote: > This patch adds the support to check if SME has been enabled and if the > mem_encrypt=on command line option is set. If both of these conditions > are true, then the encryption mask is set and the kernel is encrypted > "in place." > > Signed-off-by: Tom Lendacky > --- > arch/x86/kernel/head_64.S |1 + > arch/x86/kernel/mem_encrypt_init.c | 60 > +++- > arch/x86/mm/mem_encrypt.c |2 + > 3 files changed, 62 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S > index e8a7272..c225433 100644 > --- a/arch/x86/kernel/head_64.S > +++ b/arch/x86/kernel/head_64.S > @@ -100,6 +100,7 @@ startup_64: >* to include it in the page table fixups. >*/ > push%rsi > + movq%rsi, %rdi > callsme_enable > pop %rsi > movq%rax, %r12 > diff --git a/arch/x86/kernel/mem_encrypt_init.c > b/arch/x86/kernel/mem_encrypt_init.c > index 7bdd159..c94ceb8 100644 > --- a/arch/x86/kernel/mem_encrypt_init.c > +++ b/arch/x86/kernel/mem_encrypt_init.c > @@ -16,9 +16,14 @@ > #include > > #include > +#include > +#include > +#include > > #ifdef CONFIG_AMD_MEM_ENCRYPT > > +static char sme_cmdline_arg[] __initdata = "mem_encrypt=on"; One more thing: just like we're adding an =on switch, we'd need an =off switch in case something's wrong with the SME code. IOW, if a user supplies "mem_encrypt=off", we do not encrypt. Thanks. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply. -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
On Wed, Nov 09, 2016 at 06:38:38PM -0600, Tom Lendacky wrote: > This patch adds the support to check if SME has been enabled and if the > mem_encrypt=on command line option is set. If both of these conditions > are true, then the encryption mask is set and the kernel is encrypted > "in place." Something went wrong here - 19/20 and 20/20 have the same Subject and commit message. Care to resend only 19 and 20 with the above fixed? Thanks. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply. -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
This patch adds the support to check if SME has been enabled and if the
mem_encrypt=on command line option is set. If both of these conditions
are true, then the encryption mask is set and the kernel is encrypted
"in place."
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head_64.S |1 +
arch/x86/kernel/mem_encrypt_init.c | 60 +++-
arch/x86/mm/mem_encrypt.c |2 +
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e8a7272..c225433 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -100,6 +100,7 @@ startup_64:
* to include it in the page table fixups.
*/
push%rsi
+ movq%rsi, %rdi
callsme_enable
pop %rsi
movq%rax, %r12
diff --git a/arch/x86/kernel/mem_encrypt_init.c
b/arch/x86/kernel/mem_encrypt_init.c
index 7bdd159..c94ceb8 100644
--- a/arch/x86/kernel/mem_encrypt_init.c
+++ b/arch/x86/kernel/mem_encrypt_init.c
@@ -16,9 +16,14 @@
#include
#include
+#include
+#include
+#include
#ifdef CONFIG_AMD_MEM_ENCRYPT
+static char sme_cmdline_arg[] __initdata = "mem_encrypt=on";
+
extern void sme_encrypt_execute(unsigned long, unsigned long, unsigned long,
void *, pgd_t *);
@@ -219,7 +224,60 @@ unsigned long __init sme_get_me_mask(void)
return sme_me_mask;
}
-unsigned long __init sme_enable(void)
+unsigned long __init sme_enable(void *boot_data)
{
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ struct boot_params *bp = boot_data;
+ unsigned int eax, ebx, ecx, edx;
+ u64 msr;
+ unsigned long cmdline_ptr;
+ void *cmdline_arg;
+
+ /* Check for an AMD processor */
+ eax = 0;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if ((ebx != 0x68747541) || (edx != 0x69746e65) || (ecx != 0x444d4163))
+ goto out;
+
+ /* Check for the SME support leaf */
+ eax = 0x8000;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (eax < 0x801f)
+ goto out;
+
+ /*
+* Check for the SME feature:
+* CPUID Fn8000_001F[EAX] - Bit 0
+* Secure Memory Encryption support
+* CPUID Fn8000_001F[EBX] - Bits 5:0
+* Pagetable bit position used to indicate encryption
+*/
+ eax = 0x801f;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (!(eax & 1))
+ goto out;
+
+ /* Check if SME is enabled */
+ msr = native_read_msr(MSR_K8_SYSCFG);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ goto out;
+
+ /*
+* Fixups have not been to applied phys_base yet, so we must obtain
+* the address to the SME command line option in the following way.
+*/
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+: "=r" (cmdline_arg)
+: "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
+
+out:
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
return sme_me_mask;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index e351003..d0bc3f5 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -251,6 +251,8 @@ void __init mem_encrypt_init(void)
/* Make SWIOTLB use an unencrypted DMA area */
swiotlb_clear_encryption();
+
+ pr_info("AMD Secure Memory Encryption active\n");
}
void swiotlb_set_mem_unenc(void *vaddr, unsigned long size)
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
