linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Brijesh Singh <brijesh.singh@amd.com>
To: Borislav Petkov <bp@suse.de>
Cc: brijesh.singh@amd.com, "Thomas Gleixner" <tglx@linutronix.de>,
	"Ingo Molnar" <mingo@redhat.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	kvm@vger.kernel.org, x86@kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option
Date: Mon, 2 Oct 2017 06:32:18 -0500	[thread overview]
Message-ID: <6de5cc08-0a0d-cb45-9518-e5b30fd7e276@amd.com> (raw)
In-Reply-To: <20171001220216.nhwc5momrn7wq3kj@pd.tnic>



On 10/1/17 5:02 PM, Borislav Petkov wrote:
> On Sun, Oct 01, 2017 at 02:45:09PM -0500, Brijesh Singh wrote:
>>> So I want to be able to disable SEV and the whole code that comes with
>>> it in the *host*.
>> We can add a new variable 'sme_only'. By default this variable should be set
>> to false. When mem_encrypt=sme is passed then set it to true and
>> based on sme_only state early_detect_mem_encrypt() can clear X86_FEATURE_SEV
>> flag.
> Why would you need yet another variable? We have sev_enabled already?!?


Because sev_enabled will always be 'false' when we are booting on bare
metal. Whereas when we are running under hypervisor then this variable
will be true for the SEV guest, please see [1]. Both sev_active() and
sme_active() make use of this variable hence we will not be able to set
the sev_enabled variable on bare metal. Basically none of the SEV cases
will be executed on bare metal -- only thing which we need to take care
of is clearing the X86_FEATURE_SEV flag so that hypervisor will never
launch SEV guest when mem_encrypt=sme option is provided.


[1] https://marc.info/?l=linux-kernel&m=150672050612826&w=2

>

  reply	other threads:[~2017-10-02 11:32 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-27 15:13 [Part1 PATCH v5 00/17] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support Brijesh Singh
2017-09-28  9:02   ` Borislav Petkov
2017-09-28 18:48     ` Brijesh Singh
2017-09-28 19:23       ` Borislav Petkov
2017-09-29 12:28         ` Brijesh Singh
2017-09-29 14:41           ` Borislav Petkov
2017-09-29 15:54             ` Brijesh Singh
2017-09-29 15:56               ` Borislav Petkov
2017-09-29 21:27     ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-30  8:49       ` Borislav Petkov
2017-09-29 23:06     ` [Part1 PATCH v5 18/18] x86/mm: add 'sme' argument in mem_encrypt= Brijesh Singh
2017-09-30 11:56       ` [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option Borislav Petkov
2017-09-30 21:17         ` Brijesh Singh
2017-09-30 21:41           ` Borislav Petkov
2017-10-01 17:00             ` Brijesh Singh
2017-10-01 17:16               ` Borislav Petkov
2017-10-01 19:45                 ` Brijesh Singh
2017-10-01 22:02                   ` Borislav Petkov
2017-10-02 11:32                     ` Brijesh Singh [this message]
2017-10-02 12:41                       ` Borislav Petkov
2017-10-02 15:07                         ` Brijesh Singh
2017-10-03 10:50                           ` Paolo Bonzini
2017-10-03 11:20                             ` Borislav Petkov
2017-10-02 13:44                 ` Tom Lendacky
2017-10-02 13:51                   ` Borislav Petkov
2017-10-02 16:35                     ` Tom Lendacky
2017-10-03 11:29                       ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 03/17] x86/mm: Don't attempt to encrypt initrd under SEV Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 04/17] x86/realmode: Don't decrypt trampoline area " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 05/17] x86/mm: Use encrypted access of boot related data with SEV Brijesh Singh
2017-09-28 11:13   ` Borislav Petkov
2017-09-28 16:20   ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 06/17] x86/mm: Include SEV for encryption memory attribute changes Brijesh Singh
2017-09-27 15:53   ` Brijesh Singh
2017-09-27 17:26     ` Borislav Petkov
2017-09-27 19:17   ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 07/17] x86/efi: Access EFI data as encrypted when SEV is active Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 08/17] resource: Consolidate resource walking code Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 09/17] resource: Provide resource struct in resource walk callback Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 10/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages Brijesh Singh
2017-09-28 16:23   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 11/17] x86/mm: Add DMA support for SEV memory encryption Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 12/17] x86/boot: Add early boot support when running with SEV active Brijesh Singh
2017-09-28 17:02   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 13/17] x86/io: Unroll string I/O when SEV is active Brijesh Singh
2017-09-28 17:51   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 14/17] x86: Add support for changing memory encryption attribute in early boot Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Brijesh Singh
2017-09-28 20:32   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 16/17] X86/KVM: Decrypt shared per-cpu variables when SEV is active Brijesh Singh
2017-09-29  5:51   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 17/17] X86/KVM: Clear encryption attribute " Brijesh Singh
2017-09-29  6:26 ` [Part1 PATCH v5 00/17] x86: Secure Encrypted Virtualization (AMD) Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6de5cc08-0a0d-cb45-9518-e5b30fd7e276@amd.com \
    --to=brijesh.singh@amd.com \
    --cc=bp@suse.de \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).