From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: ACJfBotN9U0hDxqPXZ1kqGKk0tvGt+hgE6ZLkln7/Iz2XNT6r+uGBwaVMsT5RnCu1ZiozlLn3oU8 ARC-Seal: i=1; a=rsa-sha256; t=1516382115; cv=none; d=google.com; s=arc-20160816; b=GXqlejaKcwaWg7A3bFZOtUllxdUIZJmRFPk5UGXh320ypwrvvydwWHYIPcqyPI7I9O VtqcZNryLn9MjHAcN6Z9gYhiLZc9Z/VWbw504e92B10zexCuSx6HkzqjkIet/sTHZDnl 5xEazeHJNmvFl56BJji5ByjGFWIhwjx7pMcanydwqWD94YRs5faJBZtp80AqmU59X3h0 +2bbIZX0kmBYXN0ZxgbWls7gO/ykndYpUkIrQMey1RTEojgPzjz5h5j2WA71HW/tV/AI VSL+5c7rt5deD+eUjHuZSQLwt6vdfGpe/EiK6kBfUsz7ibl6GeuE7I6ExWNKZEGdhnIr pdJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=spamdiagnosticmetadata:spamdiagnosticoutput :content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject :dkim-signature:arc-authentication-results; bh=fwGkYyAzw2xNfcZQBn3k36g4AszEqwM8uPMrPbL0+YI=; b=YSacqpWcsJ9ESyQ+DKWWrLDcgfTRw/tdStbIu18gDjbo0yBjH6ZAlq5pds8bEpoTMD F1/boAKJ3Qe95B8OiBcqSKILlweQuE2SpvwrR3Jt+v/SIaK+jeskijj+rR/GnFt97zLQ NDSQ/gXkIZv8qi69P8Bq0LsboTO/pjCda9c4k/wxy4Wo6f1s0mMGqAX2vBXk54YoVM2g a5S3GpiHRG3wbajhZhghZSAz6awDWj2h1JfS3fo0U0/K1F37/JANkbWvkBjlPPqoT8/G 3C0tQjJ1QFWk2Pr6CzMfX0/QBMbvtXxjXSTuEuFyfjKirIFDJwsB77XJlagAM/d4Nb96 9vKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=SjzWC+wh; spf=neutral (google.com: 104.47.34.60 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com Authentication-Results: mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=SjzWC+wh; spf=neutral (google.com: 104.47.34.60 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [PATCH v3 0/5] x86: SME: BSP/SME microcode update fix To: Gabriel C Cc: Greg Kroah-Hartman , Borislav Petkov , x86@kernel.org, Brijesh Singh , LKML , Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner References: <20180110192544.6026.17285.stgit@tlendack-t1.amdoffice.net> <20180111183313.7ub2t3xkeko5yb3z@pd.tnic> <68544677-2cbc-b41e-2db0-5799ef84d592@gmail.com> <20180119151150.GB9033@kroah.com> <47ab23e7-c3e8-0edd-a7ac-019bd0e47a02@amd.com> <20180119153524.GB1214@kroah.com> <3f7c5d6e-3c22-4a7f-c38f-b34b7cd1b451@amd.com> From: Tom Lendacky Message-ID: <7ba356c7-1075-9148-8a75-e577fd193f31@amd.com> Date: Fri, 19 Jan 2018 11:15:07 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR03CA0089.namprd03.prod.outlook.com (10.171.242.158) To DM5PR12MB1145.namprd12.prod.outlook.com (10.168.236.140) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 684d40d9-51c6-46d9-baf5-08d55f6033e4 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(48565401081)(2017052603307)(7153060)(7193020);SRVR:DM5PR12MB1145; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;3:7zodgXO7jrNeUqozSLOJ1LNrIgMNOHd/n4KL/CQ9vi5qJSfiJdtPvialnt6rKXTB8QO6VVedmPu9MbFb1a4o+IMPV2DQaknGsR0ZSWG/lnpeytRmedL1vd1HwEBTImBA5s5RFmyUh3TPz3SRbLN2nheuK/5VfUydM2lE64NhTczuhfi1cnvONMlpx78l7d1hbbRzG9dTkKakuF67tyCH39Bm2GDpG++vi686+3YRQOzkG+FeTBlBT3Tbu0A7l3Qe;25:QqpzknjmrxwEN+5bFY8sUWeiYO5yS2SpXgwPjZoSlwTvnsZ+MvDgOMUHIIc4jk+/5hsgPgwo6dqL8ZKYlgl2+2Ee8AXRBRmJ+q/E89YWXGHvB7VOsMAFCVo6SKthYfSPK36CQ+zxu3rOnbsvol1xTPtu7ovYs4UGFwIiNf82NP5/uZzWA+J9RTq7ZH/0Hzj6/6aj67HDSb7Et/m9bNtOb/AlhaYCtt66h/5YFLfaNnJ32g5uGHDLNuVsH/y5Dgbq71YiTc5QyvwvLdqdO5wg9g4bY2j6+fbpqbTbiUU6/xFYeAXYAMPqhNdd2xxr6gIAszRxCnKlXGUBMpDf1gs75A==;31:LEUZ7tSvWFo/yPIPILqLJ+xpEpWA4Z025Ld5Nq/NAF3otRxd9Sa+rxnvXBYNDU8ctgHzvH9Rf6+fdrnKIbomw3aXZYSl5nAcYVXIFbAAODIXHpIrSKs/LBpW5pNEaj8J9XPdavWCTpSUG5CfSLF0DZ156FlKiNH+0jb3ROHCyJBEDeAhJQ1luJqlDkzE0Cnu/a2K9e/sXYRMSgUn09ri2mDC4XGrPKvBxOgnOdCvG8M= X-MS-TrafficTypeDiagnostic: DM5PR12MB1145: X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;20:njyw1Auce/tmcEsVRO1zICSD9S67alex06Mm9ZFagnFgQBd8BvanMSMpAETWppzhCXU1UdcoisYAiREsJmuGK2kRIMhac8+j7tSPKCbRCF0+ROrgOlPzeYisdPwvP5DX4Btmq8epRgJEncheyURtm7ip3yCMrqTjLu1QwyLQJNDZ96LByXHIUWmexiSgv+xlRKTTMXV2JHqCeiVcOlxi1kVtZsWiy6N5hPwn6kmtf8X4vPOHQArpYJQRApKt2uZNthhcPMUsopFxISnY8+uFVACuf+0SXo/3OAXwqavJyBD/Rc07/sIqm9kXPZIWi3f/b5bIKdWU4AVndpyiZff1e8OpX68fdPl4hBXZw8qR9Ofv1Vesq5MY+uBeGaEvuPfyo2GjCI5QQdl01ucASBfDQNjXp2ygcjooBygZLMJSIM2azcjzvqeMzkE16kTuufTFA/CZeZlGKaUzMwaQ4yo59Sn/S2U/SGeyTNhi2hSpm6iXKN7NLFQiREJLZW+KlIqX;4:l4Fe136e7RsSQwWr5X61mPWGyKyw2mB/3Pi8H1G+Vb4vsHcRSsNFpICYO4lbZiZIqMkQeYd99HpkEn12xEREbCVWng6cOzhe8ShDrC8MFbC7Bu1S3XCYWlQSOjLdricosVm2X0lqrC0VXOmfh/ggxbyeJZX+FCa8LkV8nLaZpoDMXLMGuZ1qWKvm+oEsoiKYYzFUKypxVMKvBSfSvku9mt6zyTi289IetT4Tb4bMf4Q8lmSxBPNnN5FUOBA3fLd0FJlGRHK8wGnQPxbTdDmKtmPXf6kS1dBhdz+rqT4Z+4Zmxwx9D57jWCtysptm+ilFbmlCvrq8Pt+WfA3ALmY18w== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231023)(2400080)(944501161)(10201501046)(6055026)(6041268)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:DM5PR12MB1145;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:DM5PR12MB1145; X-Forefront-PRVS: 0557CBAD84 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(376002)(346002)(366004)(396003)(39860400002)(39380400002)(189003)(199004)(377424004)(3260700006)(31686004)(316002)(83506002)(36756003)(54906003)(16526018)(31696002)(16576012)(90366009)(52116002)(58126008)(23676004)(2486003)(52146003)(478600001)(93886005)(59450400001)(386003)(53546011)(8936002)(81156014)(81166006)(6916009)(5660300001)(6246003)(65826007)(39060400002)(229853002)(6666003)(8676002)(2950100002)(25786009)(4326008)(76176011)(15650500001)(72206003)(6486002)(2906002)(6116002)(3846002)(2870700001)(53936002)(97736004)(106356001)(105586002)(68736007)(50466002)(305945005)(86362001)(47776003)(77096007)(7736002)(64126003)(26005)(66066001)(65806001)(65956001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM5PR12MB1145;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ1OzIzOlVNQ1pNR0lpb29FbG13N1dZRnhzL1dmSEN1?= =?utf-8?B?dHdXbHR5OXl6S0NFZW5hUWxjSWUxVXZFVFNHdVJRM2JoM1hsaGhzeG1Va0Jx?= =?utf-8?B?Ynd2T2h3YUR6N1ZWSW5Ra2F2emNPTW12dVJQSVp0TldPZDZZUWVsSVorbGhP?= =?utf-8?B?aU5Oak1BYWI5NE1WRElGVmhBUEN2V3dwYUMyYnZobVBibnBkMkpwaHY1QURa?= =?utf-8?B?Y2FMVFV1NktmbDNCL3RyYkxPTkJLaUU3SUhKV3FodGhOOUVDdEQ5ZmxjM2la?= =?utf-8?B?dnk2NjRKZHM4Rm5VSTA4WllKMG5LVW1NbmFsM3krbWRSbHE2bHRDQlVMaUdr?= =?utf-8?B?Wjcvd24yOURKSmNzVHl6Y3dTV3J4SHNoNis3R1p0ajBxbjlyeXFvN0ZTRVY2?= =?utf-8?B?MVAyaFgzTnhCSlJkemRyMi81Z2JVSUpEcU4wRDNwNnJZaXZaWmVhSXV6WXJs?= =?utf-8?B?OVVOUGM4SHRYWGk3N3lVZjRWei9sRGNZcU93VjBubnQ2RWNjT2l0MERRV1Ex?= =?utf-8?B?MjhDSzUxVjhpR01NVTBPUlJJeUFlUVk1cTI2Q2gxVXp3c0hGVTEweEtTQzNN?= =?utf-8?B?YXJhdWFxWE51RkEyOTMzL1ZXMjNUSVdZNE5zM0NUNlVXOEJQaERZcjFHdGlO?= =?utf-8?B?cWhXUU9tbHh6S1h4Sy9rNzVENGkyK3pBWC9YNTVQL0xPY3NOSFJpL2JpTmFL?= =?utf-8?B?QTlyNHBvMlJmS0podzBncCtBbVYvRlh3ekxaSzBueUN2eWRRUysxbjA1RlVn?= =?utf-8?B?TTNpYmo4M3E1ZkhnUmxqb2VPK3Q4anBCK2tiY3p6WCtoeEVHL0Y3MjJBOFBM?= =?utf-8?B?UHNCUlJGSHI0akY4V3JGaVFkc1B3bGVndXdvc0ZiejE5ZWViVzUvWDJJN1Jn?= =?utf-8?B?UEdqRjdPY25FeEczMVhzTUxYc1dxQTUzZ0JjOGFGOUU0MEhQamJWMzNPNWN4?= =?utf-8?B?RkNLWnFOZFhGanBhUTRvOTBaZDNsS0djdFYrME1SQnBjT3VlOWMyTVFHb1ZJ?= =?utf-8?B?Umc2MExTckh2bk84SWlOZWk2a0YyMUU2UGlKTWxocTh5Z2NYNVBrQ3lFV0Vp?= =?utf-8?B?UitrK29GMjVvb2pLY1pvZmhncGRMSnJpeGxhRkdKMnlyaEpWTEsxb0luQitE?= =?utf-8?B?K1hCeU1HODc3TW1kSGxwc2I1QVlYNzNlZVQrbEk3TE82djVZNGduVTcxVnVi?= =?utf-8?B?b0poQnBxaUNhMFdRQXhGaTAxYXVIRDlsQTV2cHlxRE9zaWxSMnBCOGJXMWZM?= =?utf-8?B?UFkweEhnWC9MeFJ5Y2l5aEEwSkVTL2pVU1FNUnlUN3d1MGhZRjVMSTRzVWVN?= =?utf-8?B?RUpvVkttNEdqMnhrQ2lYVkNtWDNkVm5FWFRPVWtkdS9lVExIVXBkTm1DeEFO?= =?utf-8?B?RHVGdGgwZHhjamh2bFpJNlA0RnVzOXg0L0pJbHlRZ0VKRTcrT3J6azViaFRO?= =?utf-8?B?eS9KOUZzVkdDN0FFVlI0TEoyQ3VIR0dkSjRnNnc1TGJsdkpvU2JmTHBZS3U5?= =?utf-8?B?bldzSDVwN2xsQkIvV0ZFbnNPakV5ZGcrUFV0b0xKV1Zad25ieXBqdkZqVEVi?= =?utf-8?B?Ky96OTVmcTd1bGgra1ZnekE1QTlMSk1BNXg5ZDJEdy9SNENqbXVxQktHNDdp?= =?utf-8?B?bVJoREUrOTNVZ3lpVXg5dVZrVzlCZUpwQmlwNE1uQ1N0RFpMTGpqUndCa2ls?= =?utf-8?B?OHFLeVVWUmF4YmtuQjZxR1QrY0p4TXBjQk1vOHBqQi9SdWRQR0t1N1IxTDdD?= =?utf-8?B?NGdtT0FXejdUR2dSbjdKeWF1VWwwZGVWRHNSTlN6OWxOVTZZSmxuc0tjUWw4?= =?utf-8?B?UVlaVjUzVWVRRFRXQ1htY0R0ME1ZdERNR0NwUmNtdk53c0FuZStVWHl2VGh5?= =?utf-8?B?MUF5d0VSQzJ2amJ0MkN1ZWxIeFkvRFQ4eUNBOGIrL1FWbFdOMUhWVGdwdnBE?= =?utf-8?B?dERseEU2WFNFUUZLUlBBc1E0M3ZyQk04K0pqT012TUFXaEV1MVBZYThiY3Nm?= =?utf-8?B?Rkk0bjlhVko1OWJBOWdqNVlmbmNnQUovTVJUTUo5Y2hrWmdtNjZhbldpTDBZ?= =?utf-8?B?emZpd0RaR3IwekZUYS96RisvNXA0VUVVMHh4MW1tbzQrdlFJRFdIVEhSbUpU?= =?utf-8?B?SWc9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;6:p71Hj6nPjsrpYpDms6RdeM93MP4ilkkGv7gI9gbN+1r+u8awAygJ+13i27ZNIEkYkrRg0LUiF6OW9TFdY4qFKgMnq01I7SKUfm9clxvKg2th8VV2dkiHsZyERECj1mCqIQjawCimpoPA6+s+sGoDohMxpMYf71wLP23gnESgutoL5/DpDx/jR64hWNaOD5BBcSvqO6Wa5LMB9q6EJk0zv0jDaqHWccMd7KVUbg0MH99jwITIaGStdiNqeXl2umH44Ll6jeKKXoXVqcust4guSF52XLfIu3w16zXjoAvt+o9QYQ6vPw9JwBKXpfwhUY+fIXZZ8izahQPp/yQnmY7jnjhAtHI1fz/Gkefp+arf5HM=;5:bjsJmSajbFFTBTko/cYrlSA+uBQfjMd0Bx+Bxd+vPAK4o+AOhw8cmzPXhOyRAO3W0bLA8Ce4WzUA/tPlwlIvnjRg76+h689S93CGv0h/H3yc4+C7MXsiJTbpXRlgbnyT0YEXkOSY3/3WnUdVqYL8nbnaqXUQkllvNlv29qSJD/Q=;24:hVHpbJm5kdcwUB18v4lggYXU/U4LFLjiQdiK4yiGuT7/s51aTg/V3tWPI/hPs78D7+wCF0GCjOQDkjK0A41clzupXT6zIAMx8QZHcWdJiGU=;7:cTEW4JB1dQhyTFKlCFhsk+6rX5hN4ywckvsIRTPSAJchC3CVEGknS+wL/vxBBl7celJA8mvEaXhRkZQXLwjtD++ODrpWZnXAwdJmQ3MRvp3zMcI3s/NGVfC9Yt1aU5PrE8yWmvv0Y6n7xi+lQHkpgtWrzTmMQwKKJvSO2aslXP61vhor+e6cioBG0lQIPf/ndEPaKVD0f72Ia2vq32rmJsEfCTtaGE3CmIiU5cz9OrmWZeFGzjpIkhkI/KZ8madf SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;20:JWBN9KayX0iwqYhUqdTmsnTO9Z58zFL/xJoM/8zbxBwtrq3WhAZRBb4dyOjoCtKPUVD66Y8E3GpcoeJGvKu6kNCNGEyBtyy2qpt7sVWeyZu+W1wey36+ShFWa6dmZL9V4GMIK/mno6VhRsReSNTSH+cxtUbmrrL8fYRcmlz60iEsB/1MxXKhzalTh7QMktwqf3vmRm1tYo/mu49iFR6FtbV+A053f6xbRKtC96WpFJcUikxrcoq+Im5t7Y1SWv/F X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jan 2018 17:15:11.1638 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 684d40d9-51c6-46d9-baf5-08d55f6033e4 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1145 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcSW1wb3J0YW50Ig==?= X-GMAIL-THRID: =?utf-8?q?1590033643466464034?= X-GMAIL-MSGID: =?utf-8?q?1590041893417778375?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On 1/19/2018 10:02 AM, Gabriel C wrote: > 2018-01-19 16:56 GMT+01:00 Tom Lendacky : >> On 1/19/2018 9:35 AM, Greg Kroah-Hartman wrote: >>> On Fri, Jan 19, 2018 at 09:27:47AM -0600, Tom Lendacky wrote: >>>> On 1/19/2018 9:11 AM, Greg Kroah-Hartman wrote: >>>>> On Fri, Jan 19, 2018 at 09:03:52AM -0600, Tom Lendacky wrote: >>>>>> On 1/15/2018 4:47 PM, Gabriel C wrote: >>>>>>> On 11.01.2018 19:33, Borislav Petkov wrote: >>>>>>>> On Wed, Jan 10, 2018 at 01:25:45PM -0600, Tom Lendacky wrote: >>>>>>>>> This patch series addresses an issue when SME is active and the BSP >>>>>>>>> is attempting to check for and load microcode during load_ucode_bsp(). >>>>>>>>> Since the initrd has not been decrypted (yet) and the virtual address >>>>>>>>> of the initrd treats the memory as encrypted, the CPIO archive parsing >>>>>>>>> fails to locate the microcode. >>>>>>>>> >>>>>>>>> This series moves the encryption of the initrd into the early boot code >>>>>>>>> and encrypts it at the same time that the kernel is encrypted. Since >>>>>>>>> the initrd is now encrypted, the CPIO archive parsing succeeds in >>>>>>>>> properly locating the microcode. >>>>>>>>> >>>>>>>>> The following patches are included in this fix: >>>>>>>>> - Cleanup register saving in arch/x86/mm/mem_encrypt_boot.S >>>>>>>>> - Reduce parameters and complexity for creating the SME PGD mappings >>>>>>>>> - Centralize the use of the PMD flags used in sme_encrypt_kernel() in >>>>>>>>> preparation for using PTE flags also. >>>>>>>>> - Prepare sme_encrypt_kernel() to handle PAGE aligned encryption, not >>>>>>>>> just 2MB large page aligned encryption. >>>>>>>>> - Encrypt the initrd in sme_encrypt_kernel() when the kernel is being >>>>>>>>> encrypted. >>>>>>>>> >>>>>>>>> This patch series is based on tip/master. >>>>>>>>> >>>>>>>>> --- >>>>>>>>> >>>>>>>>> Changes from v2: >>>>>>>>> - General code cleanup based on feedback. >>>>>>>>> >>>>>>>>> Changes from v1: >>>>>>>>> - Additional patch to cleanup the register saving performed in >>>>>>>>> arch/x86/mm/mem_encrypt_boot.S in prep for changes made in the >>>>>>>>> remainder of the patchset. >>>>>>>>> - Additional patch to reduce parameters and complexity for creating the >>>>>>>>> SME PGD mappings by introducing and using a structure for referencing >>>>>>>>> the PGD to populate, the pagetable allocation area, the >>>>>>>>> virtual/physical >>>>>>>>> addresses being mapped and the pagetable flags to be used. >>>>>>>>> - Consolidate PMD/PTE mapping code to reduce duplication. >>>>>>>>> >>>>>>>>> Tom Lendacky (5): >>>>>>>>> x86/mm: Cleanup register saving in mem_encrypt_boot.S >>>>>>>>> x86/mm: Use a struct to reduce parameters for SME PGD mapping >>>>>>>>> x86/mm: Centralize PMD flags in sme_encrypt_kernel() >>>>>>>>> x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption >>>>>>>>> x86/mm: Encrypt the initrd earlier for BSP microcode update >>>>>>>>> >>>>>>>>> >>>>>>>>> arch/x86/include/asm/mem_encrypt.h | 4 >>>>>>>>> arch/x86/kernel/head64.c | 4 >>>>>>>>> arch/x86/kernel/setup.c | 10 - >>>>>>>>> arch/x86/mm/mem_encrypt.c | 356 >>>>>>>>> ++++++++++++++++++++++++++---------- >>>>>>>>> arch/x86/mm/mem_encrypt_boot.S | 80 ++++---- >>>>>>>>> 5 files changed, 308 insertions(+), 146 deletions(-) >>>>>>>> >>>>>>>> All 5: >>>>>>>> >>>>>>>> Reviewed-by: Borislav Petkov >>>>>>>> >>>>>>> >>>>>>> Guys , are these patches going to be part of 4.15 ? >>>>>>> >>>>>>> With mem_encrypt=on without these patches microcode loading doesn't >>>>>>> work right. Also @stable 4.14 would need the fixes too. >>>>>> >>>>>> It looks like these patches have been pulled into 4.15. I did forget >>>>>> to cc stable, so I'll follow-up with a separate email to have these >>>>>> back-ported to the 4.14 stable tree. >>>>> >>>>> What are the git commit ids? That's all I need :) >>>> >>>> Hi Greg, >>>> >>>> Here are the commit ids: >>>> 1303880179e6 (“x86/mm: Clean up register saving in the __enc_copy() assembly code”) >>>> bacf6b499e11 (“x86/mm: Use a struct to reduce parameters for SME PGD mapping”) >>>> 2b5d00b6c2cd (“x86/mm: Centralize PMD flags in sme_encrypt_kernel()”) >>>> cc5f01e28d6c (“x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption”) >>>> 107cd2532181 (“x86/mm: Encrypt the initrd earlier for BSP microcode update”) >>>> >>>> The last commit won't apply cleanly on 4.14. There was a change in >>>> arch/x86/kernel/setup.c for SEV support. The actual patch to that file >>>> is very small it just removes the call to sme_early_encrypt() and the >>>> associated comment. I can submit a new version of that patch if you >>>> want, just let me know. >>> >>> A backported version of that would be great, thanks. >> >> Ok, I'll send that out as soon as possible. Since it is a changed patch >> I was planning to remove the Tested-by, Signed-off-by (except for my sign >> off), etc. or would you prefer I leave them in this case? >> > > I tested the series on top 4.14.13/.14 already , the conflict is > trivial and easy to fix. > > If you wish you can keep my Tested-by. Ok, a backported patch for 4.14 has been sent to stable@vger.kernel.org (with everyone on this thread cc'd). Look for the subject: [PATCH] x86/mm: Encrypt the initrd earlier for BSP microcode update Thanks, Tom > > Regards, > > Gabriel C >