From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934956AbcKNRPs (ORCPT <rfc822;w@1wt.eu>);
        Mon, 14 Nov 2016 12:15:48 -0500
Received: from mail-bl2nam02on0083.outbound.protection.outlook.com ([104.47.38.83]:26304
        "EHLO NAM02-BL2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S934090AbcKNRPm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Nov 2016 12:15:42 -0500
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Thomas.Lendacky@amd.com; 
Subject: Re: [RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory
 Encryption (SME)
To: Borislav Petkov <bp@alien8.de>
References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
 <20161110003439.3280.82634.stgit@tlendack-t1.amdoffice.net>
 <20161110105114.oiwcgpb436dxrdpb@pd.tnic>
CC: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
        <kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>, <x86@kernel.org>,
        <linux-kernel@vger.kernel.org>, <kasan-dev@googlegroups.com>,
        <linux-mm@kvack.org>, <iommu@lists.linux-foundation.org>,
        Rik van Riel <riel@redhat.com>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Arnd Bergmann <arnd@arndb.de>, Jonathan Corbet <corbet@lwn.net>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Joerg Roedel <joro@8bytes.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Larry Woodman <lwoodman@redhat.com>, Ingo Molnar <mingo@redhat.com>,
        Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dmitry Vyukov <dvyukov@google.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Message-ID: <0a4fd80a-c3ec-5cb3-6996-bb1562c1bf58@amd.com>
Date: Mon, 14 Nov 2016 11:15:23 -0600
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <20161110105114.oiwcgpb436dxrdpb@pd.tnic>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: BY2PR1001CA0077.namprd10.prod.outlook.com (10.164.163.45)
 To CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149)
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;2:Mw7XIYKTCE7voj7Ks6DbrZx/E5Dok7kdN33RMr0fkJGBcGLEDLaT02iSN8K8yvYAWVuvrc0BxMZHcGXQSwxUuNyarlG/NnLyd5Phihq0u2/knXm3zdKnpd751WarUIOVpVQKLOU/KrbuD2ZwvOvoOHC+ZgL8mJbpb8I4k+o1f84=;3:2fftmUxcZzCKH9J6iP8j7KZ9YMKZok+Mgx5BedBA+N5FMWUFRGidujnKldiitr4bfAmXzfVVcqnukwuq0jpc8QpUzoVjkWtxSMBZoQFd4Pf64V3QiGaZjJKLQlO3AlWoOM/fPKY0tlQq+mtUMntutVkINNoMlQ4G+22ELa4G/2A=;25:RNeBmlXzhLn1NhOeFZgmF4YyqHJikZjbrp1HZECUU2jGhvMa/hCr0NKQx0DaQwkLMRz2jpZ7TIxWSGMS5Osah6B1idDyX8M1kjDdqJW6xP70Qz1CbJO49SrW/hJf/JgM3+Q9VVkvKv3DRFvdh+9mKxaTwNIAqTEEplSK7VHPNYci9U1ab0FFgqVnSvrLeOJCnUtaX7YBL0XciH/yVOKh1QeDtnx21PP3C41EtoGTxcUMgzSjjV66e7hWCow/GYa5rQ2c7ssZR2rJu5JQLdpHj/BcOzo28p4EZicRumbclm58xxHjgJbS7Kl+rROj0/nfmfM8uf9Sn9gUTw1Nd3udyaF/kiRnkFPGc2US4CccBm0N7kitgsvY9/lj//jjYCD51FyJ380waxruVqW5clITcDLz7Ys7QMoHGSbaBILLScsdANMtIngkdMNNkzsWtVYr
X-MS-Office365-Filtering-Correlation-Id: 14ff3e9e-58ed-4baf-57b7-08d40cb1d900
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY4PR12MB1141;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;31:AgXcKVONwmBRkqXQARRt8ydOApzhK/9cRtMiUqYhd9GUc1WlAidhl61L5fvH3TQJMvyPNybhPMTBC1YspAvtp80RehyP/nfxAgcvFtYF7RHdJHB+G7b/iuY7jrfS0cF1ddzR8qD248lNwyByJmV4Et0Qh04uoxGqJ0qi8lWvGHlrXiEapX80xT1blYU5V+0OlZmR54cV8mDMg8DUrs0ymH6M5XG1eRjYVlm+F7VGTnJWzTT17qFkEZDJe2wOpq/t;20:48vHBqUwvROVW8WyKNZl+cohiL0zPnJb3xCZpeu2GGeT1k5R3RjYp+ucBubj/eNCS9UHpgwu+CnkiONZzcyMwruG/D5aq+fBY3oAsee8TdjFmd74EDPAcm1KqaL9lbusqMmuibq5Xn6RGKpVno6y5tHoQlxAE8zrvtG+R2M5VJv1sTYZ/O+J4EYc/5/1iOZAgJqP0TBGxC2Sbpwx+4YFyaxxDTsOuel5RQPILkpkYvFnbHQZel1Hbf5kVgS+++tPuDt+939hn3COHa6oGLguzRVY7498d31G0Z5+TM5l71LG/EDEPrycRtj5a6NppvbXiR8rcjNKS1VzC071nfwEIpgKE76JRjg3h0yIrTRC3/n85AFpzCTGEB02WY6lWEs3esqdgqj62rkazXaA3XdojE+PSwis7wlrtl3YPslzRuZDZKfgq5L9hmMl1YH/auiMJHxfBcIwHxwc0sad1o7P7eIF5eCLfFDaGyI6+AD9YRuoMWWdU2GdqIxAZPxyglcS
X-Microsoft-Antispam-PRVS: <CY4PR12MB1141F51DB78C41414BF65199ECBC0@CY4PR12MB1141.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6060326)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6061323);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;4:a1xbPVyFyeyPzZRiLEqPX+Rbi+y0kvZpuWAiWnRVePI/6wxzQmdY5D7OlxRmbW0hbVaspdo91MNbmENbQrw9IGahtJ8dY+GykVX11tpHkfVfMr0BSovzXNn1E0WmtwHdIaiBLDJ0mIxeFoBdGViTDVQAFqFkuCs6rmPf17vuuM9gY4rIa+gk0tF1m+6+ej/KjUkA+R0OJfkpTBovaxRauEjygoZV4VBat0Cct/tcm/6/rlLC0KP8tF6+/65nri6XGLAG3K9EzIsaneXNXI29bRVPH0kVzOR53ZA0XIFsqfO1gsRLPqFKrf/RLayzCOI1LoAm0jObBl1/GQz0Ju8DcI2tpzetKBAzjXKlQ4CW2RP7fdObAoMjg6IbMDrN5oJnsmXbn9MmiSklONq7mwfToi/inY4fBuPcF+7fqUoJ2RPUQKD49awtj3rDCfhUdW47uoa9mJJj5LsrIrPaqF8HuiH8SZulWZkb/UQzxOmI9Dpm3HmMVdeY+JvBoFlEMotulQH6qv/PDa6EPgy3pyujnw==
X-Forefront-PRVS: 0126A32F74
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(199003)(377454003)(24454002)(5660300001)(50986999)(7846002)(97736004)(230700001)(31696002)(2906002)(7736002)(54356999)(101416001)(106356001)(305945005)(81156014)(4001350100001)(76176999)(6666003)(64126003)(77096005)(50466002)(36756003)(4326007)(229853002)(86362001)(586003)(7416002)(8676002)(92566002)(110136003)(105586002)(31686004)(83506001)(68736007)(23676002)(6916009)(81166006)(65826007)(65956001)(2950100002)(65806001)(47776003)(33646002)(42186005)(66066001)(6116002)(3846002)(189998001)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.64.222];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOnA4MXM0L1FwdThUQlVPVU1nVjFFWkdlWmlz?=
 =?utf-8?B?UDdySVVIaTRJMkR6c3NiMDlaenlUekdzVHkvUG83aFZWMGdkdk9RcSsyMS9n?=
 =?utf-8?B?amt3Z0RyZEMybkM5UFppUnFUR2s4cTdGOFlQaW5EdUF0NnNJWDN4eHZaWjhv?=
 =?utf-8?B?bTFwUktEZW9qakYwTE5wa2IxOWRTWHMrdXRtMGVlKzd2aWNSRzZlcXF2Mmpz?=
 =?utf-8?B?V0U1enJiVC9YY3JYa20yWUQ2UkY2VUorL1NaNGloMmozdUlqK0tzZWdMUWUz?=
 =?utf-8?B?d2dicEd6MGFmQ0hpdFB1bGp6amd0MHptcTZBclEzNjI2bURiZTNVZEVURklh?=
 =?utf-8?B?cGwyZFlISk9wbGtrSGlHcnhPTUlNT1ZPV3dhTThGWmd4bWhLaWtKMDc3dDQy?=
 =?utf-8?B?Z3JvMlN2cWhLcWpkRUpJeGx1VW04V2JMbk4yM0JrYStOY1IrKzU5NFNUQmRO?=
 =?utf-8?B?L0Z0elFkN2dERW5rMXZKdm9KU0hTWXhsamwwRWFlalhZTUZnaUEvOEZCdVZI?=
 =?utf-8?B?Y0FHcm95REtJVzV3RG9XVUl0S2dzSWM3Q1AyVVZCM2VvRjk3VUYwWit4K0Q5?=
 =?utf-8?B?TGl5TkRlNWdGQVl5Wk8ycW4vdlNBTUdicTkzellvOHFNeFBFeEFXTC81dXhk?=
 =?utf-8?B?QjR6MlNUc0tQZTA3SVBVUzhITGRTNUtnYjlHbGs2L1R3N0lKVjZFWDFWV21u?=
 =?utf-8?B?UnJLMmtVT2xtOFRUcE1zYmhSVHZXL1U2djdwTy9Ub3BuY0U3WGdqVGZ0dGV5?=
 =?utf-8?B?VnlhakVLajJHWTdlK2doUjRCd0xiSGltRndmQmFLWTRNY1NaMXBsZmRZdmdm?=
 =?utf-8?B?V296SXBGeEtRT1dlTE04Z2tDSUw2cjBQNytjbWxRbmJ0d1ZncWkxeHVQVVUr?=
 =?utf-8?B?VnVQYmRnM3JJd3RoV1hlRTkydDJpSWZleDVUYmUvU24zYTFDVzIvV1p2QVJZ?=
 =?utf-8?B?eklia2NlVnIzRWRMSW9LVHJZbDVQQzVMNm9LVnVRY3dSR1V4RW5sd25tbjhP?=
 =?utf-8?B?TWo5RjdOWFA3ZUpLTHRsMmtwNW14V1ErajUvSTZJWmNzMGswT1BSY1dackJS?=
 =?utf-8?B?VW05b2hpaWR3MDFiOHBmRXFzZC9sZjk4R1NRTTFMbFRZOXNWVHdINXlwZi9z?=
 =?utf-8?B?QjNpZGRWVEM0TnpnZENCdWl6d0thb0M4TnNDaUhkcW15TDRnRTNxS25jblRm?=
 =?utf-8?B?UmdUb3RKRllxKzAyMTBUcFlmNVNMMlZ1UUcrZGNVdTZGdXlrY3lTWWRCWmla?=
 =?utf-8?B?ZUlMWHJxTC8wRDhQb0xubzhpN0NPS1VabnFrZE0wK1lIOGs2aktybUNlZFpy?=
 =?utf-8?B?c1ZMSVNYbkFRSUdHWnlqeGM4TnVBU2dvUFhlSmxnVVhjdjRlalpyWWFZK0hu?=
 =?utf-8?B?cWtWSXE4NVB2WGJYaXdocDJsSDlkYWVYNWhkRTdqZENCbkNiUk5WajVYbUNN?=
 =?utf-8?B?Z0s1Nm9YNVJLSGtZK2dxaWIvd3FLSHVocGlyRFlkZTZuNzh0dEU4SnB1OFIy?=
 =?utf-8?B?WkRZbWN6MnB5RTBCc1QzVG1qcERaeVpIUlRCekNJcHhnckNkcmZSS1lXLy8z?=
 =?utf-8?B?cU4xOWQ4TnhPdVpVUit3R25HZHdEelE3NEI4bVBKN0dNaEpYQkNZb0JqL0Ri?=
 =?utf-8?B?VTEvZlprOGRmTVFSR01FbjBnRCtwUzRRTlJjRWJ1Wm1FK0I5L3MveVU1TGhN?=
 =?utf-8?B?VWloYXJIelZzcVZSUi9maWFmTkd3aG1SQkJ0bmpXZG15c2FyYVVreVBHMG1S?=
 =?utf-8?B?V2l3RmRQZ2x1VUo0VmlMZG9JMVBCakMzK2lNckpFYlRvZkpzWUc4VnBJZE9E?=
 =?utf-8?Q?U7CunvvEs9Lpw?=
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:Aswrbc3twRH1XElVKXl7ZcPeqS3Fh0ErxDkCz3/8DMZIMaqm4l02m2pEmizVbUBBj4X5/7GasBsWphbpNRwNI8R8o6FkrOQrTHXBmWuPcmeVLcykTKkE2WKuF2TWcJlQjJQkcwLALXI3Ku/CaoeRPqUke5avSIIXIUqhTb++jMT/aMCLChw//VPsnSr2jJNbGKgtVnoXz20lEuSROHSdDfQa21Hj63JCtYzEV2SVOmM+H7tAbywlxX6tElSYxMls8pN9Y5Z0hDaf1j+Z5SxvKAUoX1kMLKsBUq5dldMANyaJORX27MNEhczQK9D2+cKECbUB6n81s3fXKnmjYV4qeyKfYaU9sM3cgcZ6/c5mxKSRnspPYDoYbxT/up1HqUi+;5:R+3ZYALayxCUBAF6CtklBqyUoCKiUDZXG0hqj+6tvcRWydvoUO9NC0ur/VDl7NG5ufUcUg5hvPhz9kzqQPcSc2WhvAqq57XZoCQSPILCWFhGq17FUKoEHLI+uZNefOKlPyM9o9oZcJiIY+i46STcMNZyPCzFctHdPzh5pyIEdLo=;24:pXBI117gKMfJwq6VpD29iGRdSIa8vNVlHh/QYbrw2zEIx0Em8OO8U2Eurt7aXmhmnrK42c3VF18SiKjmcNNmx/ZvbdxmFJZ+JsmgyYyFMXs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;7:lJWy3FpXMD5uBrSvrvKMX0/1q9nDlGdKnMjtpN4xxAAFKZCuopLRqxqS61LCTS+o/LZntO2MD/oqApFjB2ELBChnU8Z8ro7XLoy6xpBxNtNjfPliGMFJa1mNOKIUbgKVXSfcmDT5mq3/TpHD2PtC54WsHAkJ9ky+sDCUl6NmokeT0o71OibYVucwgRSamvsFKuQuGgaJvOCa262J4C/jiiXg2XjF2GtkUTPxejb1wSiXiJXj0LC2We4o6shGI+VV9QFL2vwoQTpsLdenyi8GWpHukdm+BuLYLQVecTIFeSScHgRnulE5lpBlmcagFAw45tyT6d0egsIIEIwcJUrhXOpV2Nge2MKUwgv2kCyoOz8=;20:LTHVwbkWUh3mQFMp+5M36bT7rmMbOOnViBQjQIiMFt3SDWFVKa683ymZNxPlNcR5Iqk9ZO+BuGL3D0X2uCwwuucy3H1UDsVKklieTxbnbC3HA+bZZitb6iCZPlFxiXdSPPtNHA4pcG6KCEI1aXYy7CGRM+NpacdluwkKIu5YcciO7kss7TCT42qNJFl04aF++1Dv8+uh8El6+d6WAeSPXwvTPFDeXHVcjz/VrVV6YsXQ/jNRXXVWVD3XPASjCE2e
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Nov 2016 17:15:32.8693 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/10/2016 4:51 AM, Borislav Petkov wrote:
> On Wed, Nov 09, 2016 at 06:34:39PM -0600, Tom Lendacky wrote:
>> This patch adds a Documenation entry to decribe the AMD Secure Memory
>> Encryption (SME) feature.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>>  Documentation/kernel-parameters.txt         |    5 +++
>>  Documentation/x86/amd-memory-encryption.txt |   40 +++++++++++++++++++++++++++
>>  2 files changed, 45 insertions(+)
>>  create mode 100644 Documentation/x86/amd-memory-encryption.txt
>>
>> diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
>> index 030e9e9..4c730b0 100644
>> --- a/Documentation/kernel-parameters.txt
>> +++ b/Documentation/kernel-parameters.txt
>> @@ -2282,6 +2282,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
>>  			memory contents and reserves bad memory
>>  			regions that are detected.
>>  
>> +	mem_encrypt=	[X86-64] Enable AMD Secure Memory Encryption (SME)
>> +			Memory encryption is disabled by default, using this
>> +			switch, memory encryption can be enabled.
> 
> I'd say here:
> 
> 			"Force-enable memory encryption if it is disabled in the
> 			BIOS."

Good suggestion, that will make this clearer.

> 
>> +			on: enable memory encryption
>> +
>>  	meye.*=		[HW] Set MotionEye Camera parameters
>>  			See Documentation/video4linux/meye.txt.
>>  
>> diff --git a/Documentation/x86/amd-memory-encryption.txt b/Documentation/x86/amd-memory-encryption.txt
>> new file mode 100644
>> index 0000000..788d871
>> --- /dev/null
>> +++ b/Documentation/x86/amd-memory-encryption.txt
>> @@ -0,0 +1,40 @@
>> +Secure Memory Encryption (SME) is a feature found on AMD processors.
>> +
>> +SME provides the ability to mark individual pages of memory as encrypted using
>> +the standard x86 page tables.  A page that is marked encrypted will be
>> +automatically decrypted when read from DRAM and encrypted when written to
>> +DRAM.  SME can therefore be used to protect the contents of DRAM from physical
>> +attacks on the system.
>> +
>> +A page is encrypted when a page table entry has the encryption bit set (see
>> +below how to determine the position of the bit).  The encryption bit can be
>> +specified in the cr3 register, allowing the PGD table to be encrypted. Each
>> +successive level of page tables can also be encrypted.
>> +
>> +Support for SME can be determined through the CPUID instruction. The CPUID
>> +function 0x8000001f reports information related to SME:
>> +
>> +	0x8000001f[eax]:
>> +		Bit[0] indicates support for SME
>> +	0x8000001f[ebx]:
>> +		Bit[5:0]  pagetable bit number used to enable memory encryption
>> +		Bit[11:6] reduction in physical address space, in bits, when
>> +			  memory encryption is enabled (this only affects system
>> +			  physical addresses, not guest physical addresses)
>> +
>> +If support for SME is present, MSR 0xc00100010 (SYS_CFG) can be used to
>> +determine if SME is enabled and/or to enable memory encryption:
>> +
>> +	0xc0010010:
>> +		Bit[23]   0 = memory encryption features are disabled
>> +			  1 = memory encryption features are enabled
>> +
>> +Linux relies on BIOS to set this bit if BIOS has determined that the reduction
>> +in the physical address space as a result of enabling memory encryption (see
>> +CPUID information above) will not conflict with the address space resource
>> +requirements for the system.  If this bit is not set upon Linux startup then
>> +Linux itself will not set it and memory encryption will not be possible.
>> +
>> +SME support is configurable through the AMD_MEM_ENCRYPT config option.
>> +Additionally, the mem_encrypt=on command line parameter is required to activate
>> +memory encryption.
> 
> So how am I to understand this? We won't have TSME or we will but it
> will be off by default and users will have to enable it in the BIOS or
> will have to boot with mem_encrypt=on...?
> 
> Can you please expand on all the possible options there would be
> available to users?

Yup, I'll try to expand on the documentation to include all the
possibilities for this.

Thanks,
Tom

>