Re: [PATCH v7 01/45] x86/compressed/64: detect/setup SEV/SME features earlier in boot
From: Venu Busireddy <hidden>
Date: 2021-11-23 21:56:49
Also in:
kvm, linux-efi, linux-mm, lkml, platform-driver-x86
On 2021-11-12 14:30:01 -0600, Michael Roth wrote:
On Fri, Nov 12, 2021 at 05:52:51PM +0100, Borislav Petkov wrote:quoted
On Wed, Nov 10, 2021 at 04:06:47PM -0600, Brijesh Singh wrote:quoted
+void sev_enable(struct boot_params *bp) +{ + unsigned int eax, ebx, ecx, edx; + + /* Check for the SME/SEV support leaf */ + eax = 0x80000000; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (eax < 0x8000001f) + return; + + /* + * Check for the SME/SEV feature: + * CPUID Fn8000_001F[EAX] + * - Bit 0 - Secure Memory Encryption support + * - Bit 1 - Secure Encrypted Virtualization support + * CPUID Fn8000_001F[EBX] + * - Bits 5:0 - Pagetable bit position used to indicate encryption + */ + eax = 0x8000001f; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + /* Check whether SEV is supported */ + if (!(eax & BIT(1))) + return; + + /* Check the SEV MSR whether SEV or SME is enabled */ + sev_status = rd_sev_status_msr(); + + if (!(sev_status & MSR_AMD64_SEV_ENABLED)) + error("SEV support indicated by CPUID, but not SEV status MSR.");What is the practical purpose of this test?In the current QEMU/KVM implementation the SEV* CPUID bits are only exposed for SEV guests, so this was more of a sanity check on that. But looking at things more closely: that's more of a VMM-specific behavior and isn't necessarily an invalid guest configuration as far as the spec is concerned, so I think this check should be dropped.quoted
quoted
+ sme_me_mask = 1UL << (ebx & 0x3f);sme_me_mask = BIT_ULL(ebx & 0x3f);Will do.
Also, could you please remove the references to set_sev_encryption_mask() at lines 195 and 572? And perhaps reword those comments too? Thanks, Venu
Thanks, Mike