Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address... | linux-coco

[PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 01/22] x86/sev: shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 01/22] x86/sev: shorten GHCB terminate macro names · Venu Busireddy <hidden> · 2021-06-08
[PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Venu Busireddy <hidden> · 2021-06-08
Re: [PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-06-08
[PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Borislav Petkov <bp@alien8.de> · 2021-06-03
Re: [PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Venu Busireddy <hidden> · 2021-06-08
[PATCH Part1 RFC v3 04/22] x86/mm: Add sev_feature_enabled() helper · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 04/22] x86/mm: Add sev_feature_enabled() helper · Borislav Petkov <bp@alien8.de> · 2021-06-05
[PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-06-07
Re: [PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-06-07
[PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-06-07
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-07
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-17
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-06-18
[PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-06-10
Re: [PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-14
[PATCH Part1 RFC v3 17/22] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-10
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Dr. David Alan Gilbert <hidden> · 2021-06-16
[PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-23
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-23
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-28
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-06-24
[PATCH Part1 RFC v3 07/22] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 07/22] x86/sev: Add a helper for the PVALIDATE instruction · Borislav Petkov <bp@alien8.de> · 2021-06-07
[PATCH Part1 RFC v3 12/22] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 12/22] x86/kernel: Make the bss.decrypted section shared in RMP table · Borislav Petkov <bp@alien8.de> · 2021-06-10
[PATCH Part1 RFC v3 18/22] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Sergio Lopez <hidden> · 2021-06-04
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-09
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-11
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-18
[PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Borislav Petkov <bp@alien8.de> · 2021-06-08
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-06-08
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Borislav Petkov <bp@alien8.de> · 2021-06-16
[PATCH Part1 RFC v3 13/22] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-06-30
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-06-30
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-07-01
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-07-01
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-07-03
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-07-05
[PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-06-09
Re: [PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-14
[PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-06-11
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-06-14
[PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Borislav Petkov <bp@alien8.de> · 2021-06-14
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-14
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Borislav Petkov <bp@alien8.de> · 2021-06-14
[PATCH Part1 RFC v3 15/22] KVM: SVM: define new SEV_FEATURES field in the VMCB Save State Area · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-16
Re: [PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Venu Busireddy <hidden> · 2021-06-07
Re: [PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Borislav Petkov <bp@alien8.de> · 2021-06-07

Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header

From: Brijesh Singh <hidden>
Date: 2021-06-18 13:57:23
Also in: kvm, linux-crypto, linux-efi, linux-mm, lkml, platform-driver-x86


On 6/18/2021 1:08 AM, Borislav Petkov wrote:

On Wed, Jun 02, 2021 at 09:04:14AM -0500, Brijesh Singh wrote:

quoted

While launching the encrypted guests, the hypervisor may need to provide
some additional information that will used during the guest boot. In the
case of AMD SEV-SNP the information includes the address of the secrets
and CPUID pages. The secrets page contains information such as a VM to
PSP communication key and CPUID page contain PSP filtered CPUID values.

When booting under the EFI based BIOS, the EFI configuration table
contains an entry for the confidential computing blob. In order to support
booting encrypted guests on non EFI VM, the hypervisor to pass these
additional information to the kernel with different method.

For this purpose expand the struct setup_header to hold the physical
address of the confidential computing blob location. Being zero means it
isn't passed.

Signed-off-by: Brijesh Singh <redacted>
---
 Documentation/x86/boot.rst            | 27 +++++++++++++++++++++++++++
 arch/x86/boot/header.S                |  7 ++++++-
 arch/x86/include/uapi/asm/bootparam.h |  1 +
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/Documentation/x86/boot.rst b/Documentation/x86/boot.rst
index fc844913dece..9b32805617bb 100644
--- a/Documentation/x86/boot.rst
+++ b/Documentation/x86/boot.rst

@@ -75,6 +75,8 @@ Protocol 2.14	BURNT BY INCORRECT COMMIT
 		DO NOT USE!!! ASSUME SAME AS 2.13.
 
 Protocol 2.15	(Kernel 5.5) Added the kernel_info and kernel_info.setup_type_max.
+
+Protocol 2.16	(Kernel 5.14) Added the confidential computing blob address
 =============	============================================================
 
 .. note::

@@ -226,6 +228,7 @@ Offset/Size	Proto		Name			Meaning
 0260/4		2.10+		init_size		Linear memory required during initialization
 0264/4		2.11+		handover_offset		Offset of handover entry point
 0268/4		2.15+		kernel_info_offset	Offset of the kernel_info
+026C/4		2.16+		cc_blob_address	        Physical address of the confidential computing blob

Why is this a separate thing instead of being passed as setup_data?

Don't have any strong reason to keep it separate, I can define a new type and use the
setup_data to pass this information.

-Brijesh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help