From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: ACJfBotjG6hbl3UDP9zNh77atiygDNNFIXAWPcg5alhezgKlCQyMlFUQUIx7u61VMMmeos+eNHTh ARC-Seal: i=1; a=rsa-sha256; t=1516375677; cv=none; d=google.com; s=arc-20160816; b=haZyGVPD8cmuRM5LnqBmKYV86EtrJOVByCkPfgy+pJ+n5l8/tpMyfFnAxPbhS68T2/ vIT0uMq+A3r9JJFrUl2Is6D3HNWRrvBHqANnH4NniXmHyCRqK4TbBHGPrv7yja81Ra+I qk4rNlUPtn5zBQsQLEPv6UFxhh29fa4HvrPaIiUdrSWCFY6sC5dEMtAfATm74EKIAOw7 4sFPlw5HRURiqBsonUS62vFuUeibsRQ74TbH0fg6GLxSGXSObdxZIgszfZXHUZRcsFrJ JUhJ29RtB36wQkvfjcQprF4UVqEujXsJZMYLTi4liloLvLKKWN/wwrDIcnWNq+4S6UG4 amOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=spamdiagnosticmetadata:spamdiagnosticoutput :content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject :dkim-signature:arc-authentication-results; bh=ZWfuG+Bli+cXJxTFKbBfRnnini1tM3xYH5mDCtJQvLM=; b=CjuFwdmM2jiEY0gUZrcwvKKsrbKaU9y+VB6zpNXq4Zb5M285iduyB+b2PK1XDmalMm OMacO5ZDo9cVoRuSWmhIYu7T12rs5r/8KBRk9uHNEgfHyIrMdVLi3kn3v2akqNz9/klP v8PD1zS78ZOB0CQPeBdVHZOpGZsiIoh3vIkZnTzmTEX5581l8YsGXblr8A9r3D9xpmQ2 Rw0Ohg3GjqmKrahMaMMe2dgi3f1HKG/zI7+MryBUuzTSYuYhxfpqXMKN45xHagA1gHwE exzegOxNlQb5fedbXP2/S3x26IYrk24ztHLyKRhWaZOIRKJFGcfOPiuL+R7p2jqKDUNm tPSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=mwU885FE; spf=neutral (google.com: 104.47.33.52 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com Authentication-Results: mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=mwU885FE; spf=neutral (google.com: 104.47.33.52 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [PATCH v3 0/5] x86: SME: BSP/SME microcode update fix To: Greg Kroah-Hartman Cc: Gabriel C , Borislav Petkov , x86@kernel.org, Brijesh Singh , linux-kernel@vger.kernel.org, Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner References: <20180110192544.6026.17285.stgit@tlendack-t1.amdoffice.net> <20180111183313.7ub2t3xkeko5yb3z@pd.tnic> <68544677-2cbc-b41e-2db0-5799ef84d592@gmail.com> <20180119151150.GB9033@kroah.com> From: Tom Lendacky Message-ID: <47ab23e7-c3e8-0edd-a7ac-019bd0e47a02@amd.com> Date: Fri, 19 Jan 2018 09:27:47 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180119151150.GB9033@kroah.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2201CA0081.namprd22.prod.outlook.com (10.174.103.34) To CY4PR12MB1144.namprd12.prod.outlook.com (10.168.164.136) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a4f2f517-bc6b-46b3-a5a4-08d55f5136a0 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:CY4PR12MB1144; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;3:OGO5ieYKe1JBFM+vNBTsN7ck0BGD1UJlJuHMQlGFjRJ1jBgBmjxGdLFpyPWHuQOWvcP8H55Fj9NzAC/hZFfK4A3B6nsU5FtbD4HALERPlKNue1QeSWmsA4nVfvM7mIhr1SsTktgHXeyBNmn+mJL5d1POpU0azs+NmHm2dA/7SbELglaE6GDkemenlW7RD0+Bb6DwO+V+/1BAn6Z771cj30695DqSl+YpSvq2aYlsNGNLRyW48WVpjvvarrqkxGks;25:gxrNPJzg/9EBOiVorgscIFjUB0GBYKxRod9YCJk7K565r6Px26QZuU3mb/bpWFzISWcpEuUToS8bnuWLfRtBmfKAoGygC13AHM777j9PKHpkiixSBfdkZ7LPUjr/wuf02wvFxKxP95dpI9KTITQalmiZ3e3q4MdFgTr/jv+wy5Djc1tbgi1V0Rc+OmUfnqiBLNsD8cCdtNm/POmzAK/z0uXAWsSswDuvnuBwB3zmKDBi6ZkwIuFGnvz+foiR+mHN1SYLNH7AHthX+9aDZAnB7osvjZH/pWHGQZj7Tn2fzmEyXNymxEW/Y9DL27V50/XGt9+/2JSvUjYy0zHGIGSmWg==;31:9R5JkxsjNfSzf543sJ5AA71n+VbWnLVpAbeUQh5UhyOvydA7zpYg6DvDnR2/ALizgek76SHAN/Aijl3Z+Hy8nchXNcGv3UbHCix5Jfbt0MvT2xuvM7qJGm650rdA93P6lZryatp6wagpPBS44GPOuX5mu/JVUejQOmyyQuBhVDClpMwy2hBMeK2EqZzk0094dKZ4KOWCnfCqBk8Qov3xupr9365fA84ZvlcT/i0N7dc= X-MS-TrafficTypeDiagnostic: CY4PR12MB1144: X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;20:O6PH3IjimLFbwiaDiYX7ZyOyuNerldJdDteNf+T7wBYzf+RMBZwfA3zBXG6cpiTfo+GDTFEHUSpCuH8tZBceOtzhpQY5ErZUoxQKJemsUUSD998XndkEN9EaJ9F18JqMoz34qeW6MK3fqyazkjzcyL5Fq02Gfd6Q0JEtW3o8Y91j3w3mJgCgiclzlCgLqrQunQq0lVZCC86YXZvm0s4ZpjaP0CjFxanmQL4Zvo7Y1laLXrdknqNcc5qAE1wt41gwUWpct1N7UzVRSHd88z8whOwN0mZ2mElOu8uKF4gFz7oOv8WgRBpP9R5vMTS2hPfI9NrofIVrU9lAhX5ESs3IF5ICoHh8JI5a0AQb9wb3ouSuqak49a0Hy2PxGYojeWYkaAeBY0NuZhWj4ezPk+rcs4qbPOxxCGGKNEypY9ihTBcbZFx2nzqF/fDe36uz2Zmx7Ys8L+/mafC0yz1YXJWPpmxiUcwtccYW9JLWVT3zC/roBH0lSMgK4cckK+at4rln;4:qEi7MGFZX6a3Eu6PVGJrZMmFisYpVylSlQlijeOke147bZQcldtpK4LPNbD1a2/2BXLaxsaDAptP0UT2OpDXLtrLqXfUAxYuWSGUes64hvwFp78HRYD1xzOL5r7gzdVVvX/lNpHaeS0zTV5SFa5FjJwmkDq4OlVeBxtQBrGlunz3qZG9t5s5dtQCTOnaim6E7cGuH68Yv5/n7GQ76DM9ZMzv2h7hU7A9hUNP/Hxmp4c7RCnnLjoPggJgkgJQHHu/f2me1h7iev0UxTa7tBfOWA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231023)(2400079)(944501161)(3002001)(6055026)(6041268)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011);SRVR:CY4PR12MB1144;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CY4PR12MB1144; X-Forefront-PRVS: 0557CBAD84 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(366004)(39380400002)(376002)(346002)(39860400002)(396003)(199004)(189003)(76176011)(50466002)(6486002)(106356001)(53546011)(3260700006)(93886005)(386003)(59450400001)(52146003)(66066001)(52116002)(25786009)(15650500001)(54906003)(31696002)(2486003)(65806001)(65956001)(58126008)(68736007)(7736002)(47776003)(16576012)(305945005)(53936002)(2906002)(90366009)(4326008)(316002)(2870700001)(64126003)(105586002)(6246003)(23676004)(3846002)(16526018)(97736004)(72206003)(31686004)(83506002)(229853002)(36756003)(86362001)(8676002)(6916009)(65826007)(478600001)(2950100002)(6666003)(81156014)(81166006)(5660300001)(39060400002)(8936002)(6116002)(26005)(77096007);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1144;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQ0OzIzOkVXS3V3RUx1c3pyWnBwREIrc0dUYkZsbDBq?= =?utf-8?B?YjVzL3EwdUovQ1dkZG81Wkt1S3NDUzNZdnJaWW9Sbk9XekY1VWlVZlVWZzUy?= =?utf-8?B?bHE4aXcrM2xvTTlKc1NqdUhobmhWNTZYbWtaNnRWQ1RadG5XU2tPV2lpVllI?= =?utf-8?B?anlRTDVESFdxT01FbENBOTFQNmpsaWpyY3kwVklMbS90dTlMWllMTnp0djBY?= =?utf-8?B?djc2TW9LVFNheDVGTHNLenYwTnRiSkhtdml5aTR5Qmt2VlA4cmhra21RVlox?= =?utf-8?B?QkkvSDBuajFldXVYNlplS1pwaS9LaUNsVlNyN2R5VE5sdGJvUVJXbVl3eVFV?= =?utf-8?B?QnNqMHAxWEZwUmp6ZFhUUFA0MUVYWUp5aVdQb05vMmFoam1sbFF3T2xyeEhK?= =?utf-8?B?M2gzNjBTQ0NyZkh0TUtPbVVvZVhXYnkrUHR3cjY0UndWZHBHLzRzYkozdlV1?= =?utf-8?B?NXVWdVNGNEtTSHlnNGdMUklhQ0VyZDQ4eEFkdDdvcGZIUzJXS0VmSFNXY1NM?= =?utf-8?B?MnpidkhTb21CMDVQZFpXSkh1UGNDTDFTQU1pOTlBUE95eHh1cllRRDExUmV0?= =?utf-8?B?TUxzd0t0RmxGeGRXUjliK0JRZmJtaTVmNFlSTWFkQmNTZlA1cXhsVDZxNEl3?= =?utf-8?B?eTIrWDJIMzJhcXluZjB2R3JWK1lLT1AxR1NlaWdmTmI0MXZhWjdqRE4xQ2pB?= =?utf-8?B?MThKekdKS1pPUkNTaytKYWJMck1QSkt0dmcyU1FPSkRwMSs0TW9xeE9NMmpF?= =?utf-8?B?cHdCU09ESzB6S0VTZ1UrQ1Nkd2NpN0wyT3hSNlErTVN5WFJJQVdBZDh1NVlU?= =?utf-8?B?UWNiVTZSQlZ3cGptK0lOSFQvZmg4SzZnYTZwMEZTUEhTQnNXcWdlVXByQkhV?= =?utf-8?B?dENsejhRTjVCMkxDVWRHVEhCOTh3Qk9pNEhzaE5hRmVHdGFOWTBFaDFNUWlH?= =?utf-8?B?aWZJalFySHppaTFrVGdSSHgxb1dKZ1JSZlNhY2YwbElxRDhvL3ZCZUY5T2ZE?= =?utf-8?B?SzIyYnlkb01lMXJSNU1lZXg5TEtpSXNpUnRnRDdhSlZ1bjUvdlRRRDh4dTVJ?= =?utf-8?B?UG5UNUVwZ2w2MlJHWk9zRkxOU05aNVZzMVJzVjZiVDBXR3ZobWQvOFFIRUpv?= =?utf-8?B?R2xtWWt3T2VSKzd1bmdkNGljZU9RQk4zeGNybVJnYXVFbVNaUFlacXJnNGUx?= =?utf-8?B?RVJyUlpZMkJXbGkybXBCR1FrZTdOYisySnV4QktNQlNtdFpYRHo2RGJUS052?= =?utf-8?B?TEluQnZvQjlpWTlERGhMMWQvUmJGQVlSZlFaU3RvZEpCVExZUGVEblRxc0d3?= =?utf-8?B?QWh1VmRTZkhkaXc1N0hnTk5zV0pKTkNDbitlaHJYVS9RK1BSM3dwaG1Bejc1?= =?utf-8?B?Y0IzdXFJVzU4ZERVejFwWGxPSldsSHhWbjZkVEpwNWN5eWhjbkpsV3NFamlE?= =?utf-8?B?R1VwdW9tYXV4TmJtVnNOUEZ6UUZka0loalF3T3A5aHFmL3FsSTRFY0NvbFBN?= =?utf-8?B?dXAvZzd3MXhLU0dsMWEvRlpOcmR6aU9IeG5KNkVjeDVhRnRSbzVibVh2MkZt?= =?utf-8?B?NWk0cS9jRWt6ZUIyUjJvTHJNZlM5Q1hFZm9zOHJsSHJSQlVsMHk3M3R3WldC?= =?utf-8?B?TGVCMlFRby90cjFJQ1ZrSUJ6OUQya3VWYitCUVZMMklXc3MzZVcyakZNUGxX?= =?utf-8?B?cnRzd2p0RzhnYncxR09ONFV5SkJRYndnbkZiWk9GeEl2MGM2TTduaG9iOWJz?= =?utf-8?B?a2tQRGp6VWlpR3ZjSGJnRTRub28yRWc3RGhJVWZHNlZ0Vnl3WkVPRGpWb2FH?= =?utf-8?B?QWE4eFAzZnRkaVV2Sk5uWFU4eSt0R2FlcTFFR0ZpdEVrc3dxY0tSSWhPV1Uw?= =?utf-8?B?Y25DZVJONVlyUkxoVkhzV0hZdW5lOC91cld4YUF4Z2MyWE9aY1YwOFFIdzhw?= =?utf-8?B?akMvYlZ1QnM0V01jNHVoWEVoR2Q5SFB6TmR3dnhXWW5Ka3Q3bDEvT3VMRFRo?= =?utf-8?B?NnJnSU5jSU54bmxRdU5HSE04TXBUNHk0Y25lMlFSZ1MvUllGSVRaQUJtRDho?= =?utf-8?Q?1y++Md9Jp/oJ/L0xTUt1Iy6KQ?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;6:09jDL2LZB4uM34YuEyuVngiRqiA1ORAM4KUEyJYR2u85CMEkAGlsHnNe6wIJodZa5E/XLNvyI8iB70AC55mo/JTkI1hviJqCQD4En+5OPz+eEmNGggX0ycD2D+/HmaH7YD3S4DXepVji32cqDYgFwuO9ZKnOzKNG5aT8CAoQnF/qcSDJVRMcEx+bUJghW/u+tBgZZVsyhfWUQGY2ar7zpdFRTiHudH15K5d85kFQMR+c5KZCIgfqyTM/+XYHEwtRJtWONR33hEDQ6NypCrFpaR3xaSgwG6wjgVo3kaNX+7+Vk+bv2dRp4tJPkaVE7vkbN735+zeWX6IrdnT7RUAh3QEyudeE7l0tBuXSkP24Kh8=;5:Ohnhnz7JMcH+YqQfG3ng1hFKV03ICycta+1p7RPE+DeODYrQxoyanRnPSvHva/szBzD6T5NGo5yVUiyHl78yTRf1IZUUXczmN3g8GTyUd1bLIpEDItnOIMLhNuet9ICGDztqvM5ujHJmuHHvt/OU4lmUu7nxtnV8hqvngxgyzCA=;24:lSYvFpBuOKPuFv6dO06biTtnmTLcX/va+Lm35EEoO4FLVPvxJAo5MoOGWAwNBlXYzsvyRZFb36SnSp5GebYzrnLucRKlCYDu2Yn4d5d9mgs=;7:XpQn+Vg5DCB5zJvRDFMkvg2c60PFQoB+75TCiwRNPNJj/KEvYS25noZ7ABdk8VTt6ZE76zVawfpPTvx+Cg4z/8mQE8cl/AZOChQcRWYLwSDgj+57SB4sFDiv4BcjaJu3eH6+YeiqJDJpSakcGLCbHsFoXiPEHoESnUewGT24zMfm0Lnn0VWUhGC+3JllbMc9VPPxUbnkYDb+PnCJqqPH4fbOpr+Kq7MnWBy12YXrQyjMQK3dNVePQgbJ+diTfehB SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;20:+bzWye8tivcgpNdYHGXVeao3I8CNPOqJGrimEBe+DtppJu3a8xW0WPCtA1eN+lw1//vOtphWh+RiC3BJAP0AFMHkEsKcju5+gV/U9FT1WYxoXrChsAygH5QrlhUaalfUY0FdvBf46ZyG2cQuDqyKczBL2EtVyyz4jtQkFCAk4Awe9nSwgVNWgt/trnggeCVG9F5sKE7scL6DWQRXftDRzp8VQKb/sTPnpIBcOtM8Dp5Wzzqfpz666+1Wdi1KGBBc X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jan 2018 15:27:54.5655 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a4f2f517-bc6b-46b3-a5a4-08d55f5136a0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1144 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcSW1wb3J0YW50Ig==?= X-GMAIL-THRID: =?utf-8?q?1590033643466464034?= X-GMAIL-MSGID: =?utf-8?q?1590035142446069325?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On 1/19/2018 9:11 AM, Greg Kroah-Hartman wrote: > On Fri, Jan 19, 2018 at 09:03:52AM -0600, Tom Lendacky wrote: >> On 1/15/2018 4:47 PM, Gabriel C wrote: >>> On 11.01.2018 19:33, Borislav Petkov wrote: >>>> On Wed, Jan 10, 2018 at 01:25:45PM -0600, Tom Lendacky wrote: >>>>> This patch series addresses an issue when SME is active and the BSP >>>>> is attempting to check for and load microcode during load_ucode_bsp(). >>>>> Since the initrd has not been decrypted (yet) and the virtual address >>>>> of the initrd treats the memory as encrypted, the CPIO archive parsing >>>>> fails to locate the microcode. >>>>> >>>>> This series moves the encryption of the initrd into the early boot code >>>>> and encrypts it at the same time that the kernel is encrypted.  Since >>>>> the initrd is now encrypted, the CPIO archive parsing succeeds in >>>>> properly locating the microcode. >>>>> >>>>> The following patches are included in this fix: >>>>> - Cleanup register saving in arch/x86/mm/mem_encrypt_boot.S >>>>> - Reduce parameters and complexity for creating the SME PGD mappings >>>>> - Centralize the use of the PMD flags used in sme_encrypt_kernel() in >>>>>    preparation for using PTE flags also. >>>>> - Prepare sme_encrypt_kernel() to handle PAGE aligned encryption, not >>>>>    just 2MB large page aligned encryption. >>>>> - Encrypt the initrd in sme_encrypt_kernel() when the kernel is being >>>>>    encrypted. >>>>> >>>>> This patch series is based on tip/master. >>>>> >>>>> --- >>>>> >>>>> Changes from v2: >>>>> - General code cleanup based on feedback. >>>>> >>>>> Changes from v1: >>>>> - Additional patch to cleanup the register saving performed in >>>>>    arch/x86/mm/mem_encrypt_boot.S in prep for changes made in the >>>>>    remainder of the patchset. >>>>> - Additional patch to reduce parameters and complexity for creating the >>>>>    SME PGD mappings by introducing and using a structure for referencing >>>>>    the PGD to populate, the pagetable allocation area, the >>>>> virtual/physical >>>>>    addresses being mapped and the pagetable flags to be used. >>>>> - Consolidate PMD/PTE mapping code to reduce duplication. >>>>> >>>>> Tom Lendacky (5): >>>>>        x86/mm: Cleanup register saving in mem_encrypt_boot.S >>>>>        x86/mm: Use a struct to reduce parameters for SME PGD mapping >>>>>        x86/mm: Centralize PMD flags in sme_encrypt_kernel() >>>>>        x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption >>>>>        x86/mm: Encrypt the initrd earlier for BSP microcode update >>>>> >>>>> >>>>>   arch/x86/include/asm/mem_encrypt.h |    4 >>>>>   arch/x86/kernel/head64.c           |    4 >>>>>   arch/x86/kernel/setup.c            |   10 - >>>>>   arch/x86/mm/mem_encrypt.c          |  356 >>>>> ++++++++++++++++++++++++++---------- >>>>>   arch/x86/mm/mem_encrypt_boot.S     |   80 ++++---- >>>>>   5 files changed, 308 insertions(+), 146 deletions(-) >>>> >>>> All 5: >>>> >>>> Reviewed-by: Borislav Petkov >>>> >>> >>> Guys , are these patches going to be part of 4.15 ? >>> >>> With mem_encrypt=on without these patches microcode loading doesn't >>> work right. Also @stable 4.14 would need the fixes too. >> >> It looks like these patches have been pulled into 4.15. I did forget >> to cc stable, so I'll follow-up with a separate email to have these >> back-ported to the 4.14 stable tree. > > What are the git commit ids? That's all I need :) Hi Greg, Here are the commit ids: 1303880179e6 (“x86/mm: Clean up register saving in the __enc_copy() assembly code”) bacf6b499e11 (“x86/mm: Use a struct to reduce parameters for SME PGD mapping”) 2b5d00b6c2cd (“x86/mm: Centralize PMD flags in sme_encrypt_kernel()”) cc5f01e28d6c (“x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption”) 107cd2532181 (“x86/mm: Encrypt the initrd earlier for BSP microcode update”) The last commit won't apply cleanly on 4.14. There was a change in arch/x86/kernel/setup.c for SEV support. The actual patch to that file is very small it just removes the call to sme_early_encrypt() and the associated comment. I can submit a new version of that patch if you want, just let me know. Thanks Greg! Tom > > thanks, > > greg k-h >