On Thu, Mar 16, 2017 at 11:11:26AM -0500, Tom Lendacky wrote:
> Not quite. The guest still needs to understand about the encryption mask
> so that it can protect memory by setting the encryption mask in the
> pagetable entries. It can also decide when to share memory with the
> hypervisor by not s
On 3/16/2017 10:09 AM, Borislav Petkov wrote:
On Thu, Mar 16, 2017 at 09:28:58AM -0500, Tom Lendacky wrote:
Because there are differences between how SME and SEV behave
(instruction fetches are always decrypted under SEV, DMA to an
encrypted location is not supported under SEV, etc.) we need to
On Thu, Mar 16, 2017 at 09:28:58AM -0500, Tom Lendacky wrote:
> Because there are differences between how SME and SEV behave
> (instruction fetches are always decrypted under SEV, DMA to an
> encrypted location is not supported under SEV, etc.) we need to
> determine which mode we are in so that th
On 3/16/2017 5:16 AM, Borislav Petkov wrote:
On Fri, Mar 10, 2017 at 10:35:30AM -0600, Brijesh Singh wrote:
We could update this patch to use the below logic:
* CPUID(0) - Check for AuthenticAMD
* CPID(1) - Check if under hypervisor
* CPUID(0x8000) - Check for highest supported leaf
* C
On Fri, Mar 10, 2017 at 10:35:30AM -0600, Brijesh Singh wrote:
> We could update this patch to use the below logic:
>
> * CPUID(0) - Check for AuthenticAMD
> * CPID(1) - Check if under hypervisor
> * CPUID(0x8000) - Check for highest supported leaf
> * CPUID(0x801F).EAX - Check for SME
Hi Boris and Paolo,
On 03/09/2017 10:29 AM, Borislav Petkov wrote:
On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote:
This is not how you check if running under a hypervisor; you should
check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn
tells you if leaf 0x4000
On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote:
> This is not how you check if running under a hypervisor; you should
> check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn
> tells you if leaf 0x4000 is valid.
Ah, good point, I already do that in the microcode lo
On 09/03/2017 15:07, Borislav Petkov wrote:
> + /* Check if running under a hypervisor */
> + eax = 0x4000;
> + ecx = 0;
> + native_cpuid(&eax, &ebx, &ecx, &edx);
This is not how you check if running under a hypervisor; you should
check the HYPERVISOR bit, i.e. bit 31 of cpui
On Thu, Mar 02, 2017 at 10:14:48AM -0500, Brijesh Singh wrote:
> From: Tom Lendacky
>
> Early in the boot process, add checks to determine if the kernel is
> running with Secure Encrypted Virtualization (SEV) active by issuing
> a CPUID instruction.
>
> During early compressed kernel booting, if
From: Tom Lendacky
Early in the boot process, add checks to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) active by issuing
a CPUID instruction.
During early compressed kernel booting, if SEV is active the pagetables are
updated so that data is accessed and decomp
10 matches
Mail list logo