Re: [PATCH 4.11 049/150] efi/bgrt: Skip efi_bgrt_init() in case of non-EFI boot

On 12.06.2017 at 17:24 wrote Greg Kroah-Hartman: > 4.11-stable review patch. If anyone has any objections, please let me know. > > -- > > From: Dave Young > > commit 7425826f4f7ac60f2538b06a7f0a5d1006405159 upstream. > > Sabrina Dubroca reported an early

Re: [PATCH v6 26/34] iommu/amd: Allow the AMD IOMMU to work with memory encryption

On 6/14/2017 12:42 PM, Borislav Petkov wrote: On Wed, Jun 07, 2017 at 02:17:45PM -0500, Tom Lendacky wrote: The IOMMU is programmed with physical addresses for the various tables and buffers that are used to communicate between the device and the driver. When the driver allocates this memory it

Re: [PATCH v6 25/34] swiotlb: Add warnings for use of bounce buffers with SME

On 6/14/2017 11:50 AM, Borislav Petkov wrote: On Wed, Jun 07, 2017 at 02:17:32PM -0500, Tom Lendacky wrote: Add warnings to let the user know when bounce buffers are being used for DMA when SME is active. Since the bounce buffers are not in encrypted memory, these notifications are to allow

Re: [PATCH v6 24/34] x86, swiotlb: Add memory encryption support

On 6/14/2017 11:45 AM, Borislav Petkov wrote: On Wed, Jun 07, 2017 at 02:17:21PM -0500, Tom Lendacky wrote: Since DMA addresses will effectively look like 48-bit addresses when the memory encryption mask is set, SWIOTLB is needed if the DMA mask of the device performing the DMA does not support

Re: [PATCH v6 26/34] iommu/amd: Allow the AMD IOMMU to work with memory encryption

On Wed, Jun 07, 2017 at 02:17:45PM -0500, Tom Lendacky wrote: > The IOMMU is programmed with physical addresses for the various tables > and buffers that are used to communicate between the device and the > driver. When the driver allocates this memory it is encrypted. In order > for the IOMMU to

Re: [PATCH v6 20/34] x86, mpparse: Use memremap to map the mpf and mpc data

On Wed, Jun 14, 2017 at 12:06:54PM -0500, Tom Lendacky wrote: > This isn't new... there are a number of messages issued in this file > with that prefix, so I was just following convention. The "convention" that some of the messages are prefixed and some aren't? :-) > Changing the prefix could

Re: [PATCH v6 20/34] x86, mpparse: Use memremap to map the mpf and mpc data

On 6/14/2017 11:07 AM, Borislav Petkov wrote: On Wed, Jun 07, 2017 at 02:16:43PM -0500, Tom Lendacky wrote: The SMP MP-table is built by UEFI and placed in memory in a decrypted state. These tables are accessed using a mix of early_memremap(), early_memunmap(), phys_to_virt() and

Re: [PATCH v6 25/34] swiotlb: Add warnings for use of bounce buffers with SME

On Wed, Jun 07, 2017 at 02:17:32PM -0500, Tom Lendacky wrote: > Add warnings to let the user know when bounce buffers are being used for > DMA when SME is active. Since the bounce buffers are not in encrypted > memory, these notifications are to allow the user to determine some > appropriate

Re: [PATCH v6 24/34] x86, swiotlb: Add memory encryption support

On Wed, Jun 07, 2017 at 02:17:21PM -0500, Tom Lendacky wrote: > Since DMA addresses will effectively look like 48-bit addresses when the > memory encryption mask is set, SWIOTLB is needed if the DMA mask of the > device performing the DMA does not support 48-bits. SWIOTLB will be > initialized to

Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active

On Wed, Jun 14, 2017 at 06:24:16PM +0200, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: > > When Secure Memory Encryption is enabled, the trampoline area must not > > be encrypted. A CPU running in real mode will not be able to decrypt > > memory that has

Re: [PATCH v6 22/34] x86/mm: Add support for changing the memory encryption attribute

On Wed, Jun 07, 2017 at 02:17:00PM -0500, Tom Lendacky wrote: > Add support for changing the memory encryption attribute for one or more > memory pages. This will be useful when we have to change the AP trampoline > area to not be encrypted. Or when we need to change the SWIOTLB area to > not be

Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active

On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: > When Secure Memory Encryption is enabled, the trampoline area must not > be encrypted. A CPU running in real mode will not be able to decrypt > memory that has been encrypted because it will not be able to use addresses > with the

Re: [PATCH v6 20/34] x86, mpparse: Use memremap to map the mpf and mpc data

On Wed, Jun 07, 2017 at 02:16:43PM -0500, Tom Lendacky wrote: > The SMP MP-table is built by UEFI and placed in memory in a decrypted > state. These tables are accessed using a mix of early_memremap(), > early_memunmap(), phys_to_virt() and virt_to_phys(). Change all accesses > to use