Re: [PATCH v7 34/36] x86/mm: Add support to encrypt the kernel in-place

On 6/23/2017 5:00 AM, Borislav Petkov wrote: On Fri, Jun 16, 2017 at 01:56:19PM -0500, Tom Lendacky wrote: Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encry

Re: [PATCH v7 36/36] x86/mm: Add support to make use of Secure Memory Encryption

On Fri, Jun 16, 2017 at 01:56:39PM -0500, Tom Lendacky wrote: > Add support to check if SME has been enabled and if memory encryption > should be activated (checking of command line option based on the > configuration of the default state). If memory encryption is to be > activated, then the encry

Re: [PATCH v7 35/36] x86/boot: Add early cmdline parsing for options with arguments

On Fri, Jun 16, 2017 at 01:56:30PM -0500, Tom Lendacky wrote: > Add a cmdline_find_option() function to look for cmdline options that > take arguments. The argument is returned in a supplied buffer and the > argument length (regardless of whether it fits in the supplied buffer) > is returned, with

Re: [PATCH v7 34/36] x86/mm: Add support to encrypt the kernel in-place

On Fri, Jun 16, 2017 at 01:56:19PM -0500, Tom Lendacky wrote: > Add the support to encrypt the kernel in-place. This is done by creating > new page mappings for the kernel - a decrypted write-protected mapping > and an encrypted mapping. The kernel is encrypted by copying it through > a temporary b

Re: [PATCH v7 33/36] x86/mm: Use proper encryption attributes with /dev/mem

On Fri, Jun 16, 2017 at 01:56:07PM -0500, Tom Lendacky wrote: > When accessing memory using /dev/mem (or /dev/kmem) use the proper > encryption attributes when mapping the memory. > > To insure the proper attributes are applied when reading or writing > /dev/mem, update the xlate_dev_mem_ptr() fun

Re: [PATCH v7 32/36] xen/x86: Remove SME feature in PV guests

On Fri, Jun 16, 2017 at 01:55:54PM -0500, Tom Lendacky wrote: > Xen does not currently support SME for PV guests. Clear the SME cpu nitpick: s/cpu/CPU/ > capability in order to avoid any ambiguity. > > Signed-off-by: Tom Lendacky > --- > arch/x86/xen/enlighten_pv.c |1 + > 1 file changed,

[PATCH] kexec:arm: support zImage with appended device tree

Arm linux supports zImage with appended dtb (CONFIG_ARM_APPENDED_DTB) and the concatenated image is generated like `cat zImage dtb > zImage_w_dtb`. This patch is to support the concatednated zImage. This changes the priority of source of dtb file. 1. --dtb dtb_file 2. zImage_w_dtb<= new

Re: [PATCH v7 31/36] x86/mm, kexec: Allow kexec to be used with SME

On Fri, Jun 16, 2017 at 01:55:45PM -0500, Tom Lendacky wrote: > Provide support so that kexec can be used to boot a kernel when SME is > enabled. > > Support is needed to allocate pages for kexec without encryption. This > is needed in order to be able to reboot in the kernel in the same manner >