Re: [RFC PATCH v4 05/28] x86: Add Secure Memory Encryption (SME) support
From: Borislav Petkov <bp@alien8.de>
Date: 2017-02-17 12:00:44
Also in:
kvm, linux-arch, linux-iommu, linux-mm, lkml
On Thu, Feb 16, 2017 at 09:43:07AM -0600, Tom Lendacky wrote:
quoted hunk ↗ jump to hunk
Add support for Secure Memory Encryption (SME). This initial support provides a Kconfig entry to build the SME support into the kernel and defines the memory encryption mask that will be used in subsequent patches to mark pages as encrypted. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> --- arch/x86/Kconfig | 22 +++++++++++++++++++ arch/x86/include/asm/mem_encrypt.h | 42 ++++++++++++++++++++++++++++++++++++ arch/x86/mm/Makefile | 1 + arch/x86/mm/mem_encrypt.c | 21 ++++++++++++++++++ include/linux/mem_encrypt.h | 37 ++++++++++++++++++++++++++++++++ 5 files changed, 123 insertions(+) create mode 100644 arch/x86/include/asm/mem_encrypt.h create mode 100644 arch/x86/mm/mem_encrypt.c create mode 100644 include/linux/mem_encrypt.hdiff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f8fbfc5..a3b8c71 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig@@ -1395,6 +1395,28 @@ config X86_DIRECT_GBPAGES supports them), so don't confuse the user by printing that we have them enabled. +config AMD_MEM_ENCRYPT + bool "AMD Secure Memory Encryption (SME) support" + depends on X86_64 && CPU_SUP_AMD + ---help--- + Say yes to enable support for the encryption of system memory. + This requires an AMD processor that supports Secure Memory + Encryption (SME). + +config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT + bool "Activate AMD Secure Memory Encryption (SME) by default" + default y + depends on AMD_MEM_ENCRYPT + ---help--- + Say yes to have system memory encrypted by default if running on + an AMD processor that supports Secure Memory Encryption (SME). + + If set to Y, then the encryption of system memory can be + deactivated with the mem_encrypt=off command line option. + + If set to N, then the encryption of system memory can be + activated with the mem_encrypt=on command line option.
Good.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.