From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1764453AbdDSOYC (ORCPT ); Wed, 19 Apr 2017 10:24:02 -0400 Received: from mail-bl2nam02on0073.outbound.protection.outlook.com ([104.47.38.73]:37888 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1762713AbdDSOX4 (ORCPT ); Wed, 19 Apr 2017 10:23:56 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=amd.com; Subject: Re: [PATCH v5 01/32] x86: Documentation for AMD Secure Memory Encryption (SME) To: Borislav Petkov References: <20170418211612.10190.82788.stgit@tlendack-t1.amdoffice.net> <20170418211625.10190.52568.stgit@tlendack-t1.amdoffice.net> <20170419090224.frmv2jhwfwoxvdie@pd.tnic> CC: , , , , , , , , , , Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Dave Young , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: Date: Wed, 19 Apr 2017 09:23:47 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170419090224.frmv2jhwfwoxvdie@pd.tnic> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0052.namprd12.prod.outlook.com (10.161.151.20) To CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7614cb89-204c-4bb7-275a-08d4872fb3b9 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;3:1vECPm12Wf/dmqJnWEywme5nQ9tNXHZQ7iyYF7SavRny+h3QDs5nOoj6JpO8T2QWoUDMD0JpSIb9Umb5XXysCrjE0N38yy7igrGi2viNb7OzTp+/TTJF0iu/PwtKTJWg3NwbcZjlY5iuJrDRh+wd0eUhtWMU3NOsprYAl+PXzPKnDGJa82SVw8o1ZlTlxeXOrV12CWPX10PKtbSU57W8+09Ev+Az/PbQCJ0EUgy8WAxaePbyDBESfNl7RiQquYm2o4judbU83GgKOMhNSoMiUFK6WwGJZr6nVgvMT/sAqNxpvn5Tor02RkcttIQaMQNZ7N38w4hMGLkYgLqYNf4FkjzXH1VU26Yh0sj7phAM2pw=;25:YcQZD3KfeM8hm8Nc7DPAfOP2G55gNXMgLCnrXZpXAJwuzi56OzrkV34MTRcP+aONhA1tA2YSrNRNR371djmdWhjRx1NCPbTVbgcH0ehxCBxmhkRQlEJL5ODolZ1ryRG+ZX71QIEZXaY+eXNxvgUDUvIzHPV0EI5QTsG8GcRUNWm1hi+Nk1AWS3TI+I/NzCfRLoTXvUVhKopvjaTYCB3Dhy8jaFzCsjn3IQ1231WIpjCviNuMgfP/oWn75RtbdgD4IIJHSblazzSD8y13zujxLcD1Jgexk+6VdIc6vJnGMJuqXceX78OnXquqpoihN1Dvt9NDAfx6FgPRtdygcwnK0LN4cod17HJaQKSY2DWq+NtD5nbEDRalJxOGPbI58XZt/+PJSob+PZfnuuNWz1HM+PXJS9VWQpiHfUnmsJtveXD4Vq2qYTCrxwZyN7Kmdb3h7GVgkw55QUvtagyNIhyorg== X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;31:mo5t2YIYsiVYxc2gNOhACiUJqiV4WmZRtUNiEF9HteWI0Mj/Q0jAKx4hZdnCk75Q53f+hEhyBUz+luJUEM3JVbb6Y7GdY696VdHIpaxa16LrKioUDAIaTvBnoYN7F7rlIZBO2uzzkIOlPTulksCT4YFDDogKsjUnjzj3zK2i1wThR/eR0pSyWv6HbUZqzwHeGaM6GccE+veKEVCAAG7+pmzzmmDGUHFUdKp/8+VJ2oOi1LE60IPd4WKXR/MD5WN5;20:pBwNO4yRmukjszVTc60wFqYlK2X2o38AK4Zyk1pn7+0BF+dNA9HuH2wds1Mlnp0RU+Jsk19vLpM0vFDXaiTrjvLb6xt1K/YHEt4whazg9OHOEDTSwzRohO73eyFV+Gmlk5VkRb/eN0i2wR3dDab4PbVTNB4wgjqUAOvVAiRD1hm5jfi9Qr2i2XAts7kKpNwZUSD+X8s/p5+M/wqFfudycoTNweq7V8dtiVeICX0fkOFBgdDQelGZS5o8Kd0l3SF8sqg75Qga8hHYuFjaXZrS58ntUr2MZcnmavC3UodTRkHXkbQmCLuYo2SeDaj6pV0kc598rArp6w1h14wAb17RNLBusTyKGjY7joSo92QuZHNSESN9YOkjwRK+aSrsajGkQ/lDdmOIhTJyeF+g7Xe0IGbYBZVxX0wsljH06rGhJABmiNaN2uDrZsAkgDpayo+pRWzdB1904oOXNqmcFnGOx9HOfKXROZLifFMFBBIJU5pOtUrZDRQhqSS2Z3C2y5g2 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(20161123562025)(6072148);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;4:ICT3VxbY6dM1pvlULvUrSRek4uH1F/QAFpZwTxcyVOM3f166obTW03mVbzNqQzN2DOwtaFqodIsoGiGefR6yHt2OlQM3PqGRdYLCgcJXqh1ECfd6xw7exNRKEo/bWtfnDj/xydvaQfGgYu2IZcLmpqlDcLF1C60TPhIw+ddvul8ruAJewNobkMloe4RBNzgoyr9qXSIpvvbnG4jfxO0w3Pj+cFHX3J70w9v0sDDDPQi7rnOaHkaczF2PZZcLzIaKNkDs/sx5AziPhrxjIhCV4U32TRZYLWwkZr7nE4vyGMWAgqgIhV7B1xCAbmxLxg2AaxUs2oGITTzbenLp91ykVoyhl+/JqfxZBU9Qye2Y9r7zlwQkGOM9qhhDRyAztFPuTAGQxvH3xSL59vd/bdW+Ut9pZHHKkNxe+fQmQzquduOZm0M9W310s8QRF8XhYOUrce2Sed2M0d2QITyvO6vXkRKinamjuesk0+8diXAoyHKJjc/MVWx3TOfU+btkG6H+kLqxnbhvj5JR2SJH/+sWJVx6hu9LgBvg7ZJPI53CixKN6jtNLKgjMlS60jLGt6keoUtiJCq9RSJ7a4ZlFVqY5k8hCiFuWymXtD7pcfTq2JuwRXZNGY2qIXA2obSGN3pnKNjJYtr6sP7ZpbL0XBhci1zSB2YnBH5fFbxl8clck7ePGXzcpCQkHzk0p9DX45ctz3myN8Go3H9nZGguLIqqrGycfZRcV3D8K1/tX8pD6oYPpLdDDybZ+ERqTUjLCf3c4K+m1aP9yegpTS+6ucJg3Q== X-Forefront-PRVS: 028256169F X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(39450400003)(39860400002)(39850400002)(39840400002)(39410400002)(39400400002)(24454002)(377454003)(6486002)(42186005)(36756003)(77096006)(3846002)(25786009)(305945005)(7406005)(7736002)(50466002)(110136004)(38730400002)(2906002)(229853002)(3260700006)(4001350100001)(31686004)(86362001)(230700001)(5660300001)(6916009)(2950100002)(33646002)(64126003)(6116002)(23676002)(7416002)(54356999)(50986999)(81166006)(76176999)(83506001)(189998001)(53546009)(66066001)(4326008)(47776003)(53936002)(90366009)(54906002)(8676002)(31696002);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.64.250];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOlhoUGpmQ2Z6RytKeHE0T1NSWDl0ZlpWVVVL?= =?utf-8?B?VlhvalY3VzI4cWZCUTFQOVZid0JidGNVb3ZhRXVCcVFBU3JxdlptWnZGakdw?= =?utf-8?B?RWRWNGl6eFJmK2hJSE9kdXo1NDIwOUtNejJCc3pLSWU3bFhSR09RNWFsY0lS?= =?utf-8?B?ME1iWUJZSHlBVGQ2V1BSN1FxeXZjbFBLWjFXMm0rOXVnTHM4dWRhUmkxQ0Nw?= =?utf-8?B?SWUzTE1IMkpvdHJINFhybDlwKzlsVnN0SUh2MVBaWDJpU1ZyRlozN3JONWN4?= =?utf-8?B?NGZwLzBZOWVYUTdZNEtaRzk4cm9IbEZTa0kybnd3NDdDMk5IYS9GcXhPOXE2?= =?utf-8?B?NTVtUnlKazlrZmR5TTc4cUF0dG9EeFR4SDh3WEtzT0NwNzdYcitvTVhlN1JM?= =?utf-8?B?L0xsajdic1RROHU1QWt2VmlSbTB3dWdBVzJLMHMrU0ppeDgrcW5rTldtaVpr?= =?utf-8?B?Mm1oQjBSaGlZWXJqTHpUT3RDYlFRdnhMZDd0SGhpbzlndGtkb3JYV3o0MW0v?= =?utf-8?B?VFVLT2wvSG8rNFZ2d2hEQVIzTGsxSm5oSGUrbHdibmU2M082T3hQM21TQXds?= =?utf-8?B?ZzM2NEY3Z2JBb09xUDQ1QkdGS2ZzWXlDUlVVbXM2djM1ZWVnaTJHdC9GQ09J?= =?utf-8?B?cmZsNFFDVHJ2ZzdMOHJhcnBWSGREa3M0bkdFbVRsT0RYTUs2NElqZUJURllo?= =?utf-8?B?OFViWlNnYkIzNjUyNmdYSytVVWlJQ0lkZ2RpUjVQZ3V1QWIweTZXM3F3bE93?= =?utf-8?B?RStXQjlBRUJUWmNDRUEwMVoyQW82T3Jicm9CSmVJNUcwdE5ETS9BbldWblJN?= =?utf-8?B?WGdpRW5UTjUvNGdmNDlhRkZvSm1Ga2pvRkRVdUEzakt5eE8zWUJIY0ltZFh5?= =?utf-8?B?SGhKUzV1QmdGdUVNOWFyeGluUHhLd0xCZ0tRQVVOeHpMMTZjeTE2UXhTcnpm?= =?utf-8?B?eHdobnpsN3RhR0ZxNDJyWjN3UFUvSnM5OVp3R3c0MFZKak1mbkViZUEvZXB5?= =?utf-8?B?aVpVTU4xbTU1RFFtZzlJVHMweW9VZXFHRjlTcFdUYXBhbXU3ZkRKN0pJMDBI?= =?utf-8?B?ejBabEVxbGREQm0yS2JWN3JnNkErcW1TaURrMnFCa0piWW1tRXc3aU1qUVdG?= =?utf-8?B?TW1Ja0hWbmt3QVQzNWFHVHp0NDQ2WWFickdQVWZrZlhEWTJ6OHBuQWZqc0hQ?= =?utf-8?B?bm9INnRoMjNNNTlINXdjRlJnS1l0clRDbVNoVzdoR0lEUnlYOWprb2MybEc5?= =?utf-8?B?WGRHa1ZONko5MldKaWVyZFpaSlhYSEx3T2xpTjAyZUZZVTRuSzMxbXdYNjdn?= =?utf-8?B?cFVOUzViTVpjRWNkMDVCUGs4Z1JUVjFRdFNoaWxreDhzZHlUSUZKaVhrcGxq?= =?utf-8?B?QWg2ZTFTVTF3Um5CTURKUURYQU9PVjUzemxxWVF5U2R2WE0xaTZNYkhiOEtn?= =?utf-8?B?RURqYnoxRllrUi9STWx6L1V0Y3p6Z2dkNjMrOEhrWUJFcnBaOUM2WERPSlRl?= =?utf-8?B?clFyNFB4WjlBVCtpNWlRTThFcEJoV3NZVWlTQUUwYW1jTkpNcXNTd3pyUllk?= =?utf-8?B?d05kUWZxWm5UY2hDbDJqTHhyQzBTT0ZjYUxwdk53L1ROb3A5TXE1RmVUeW9w?= =?utf-8?B?N0tlWmRNdUJSdWlJaHFjUVZ3RzFkNDR3dG5PYllQMGE1czhCS0FUL21vd25k?= =?utf-8?B?YThIRXBua1pkaTczeGtxMmFIVGRvSXcySXhoUk45c2hXd1hZWmR4aHJMeWZ4?= =?utf-8?Q?jMNuj5wCvkdCuns/2bS9fihRhPutJuIr5vrGs=3D?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:A+yeMlMAAM2UxVYy9jeoXx4S5HBg4DaH6NgGgFD+bHYbHo7636TZ4wRgRnY+cYW8vf7gi0g2pC3gWUeEs+8hHN93r1g1C9Fc4Nb66jJRSteujPKF9NpbUHfYYvoa9QtBEnL5lh6ea92ocja9zcvNqp8/VyfpxgqLpc4TQTxtqQfp5DFIia527nRVkeJB65o0wEilI5m7h6iucdD2GlNZLyX6tAiOg+/+rrnwIQnhzOBRFR8zYYqEUCvWgi6q/Il5ySds7YQcz7gGnsoMc74S4ocW6RWsXCA9pUGtFrY2F4CN4iHzrLpyBvGQXEqOXEam3OKzYZ4qgiJ2CxdNKY5mBp3lyeO7l+YQWSkgZ0ZnqIhAB2oooRWUBtcG2CNTDfc7/6hdoYhyZcTXW3wHThhIrREjwEVKMuMvCnDnwG5GpXlyT/kusj/bhQmA3Kgpthge5gq4dIIgaUp3x9/USroX4oUa22yLP394x08JHTGYQLw=;5:oQOjNw7P1Zm4UJ0WjQCPbfAnL6XwGp4Xv7/i4nz6b/9J/NzGT64kAxneTQ3Oqze1D+aAQ5olVPEzjGfu5zHrhSxGWHkEYz7q0Nby22bZ9xeJgqY5mACpxEeC07D5X6q8LrEVMPd09UeqKpVvxlXJDg==;24:S4nXJuKT3y62+Pv3zNcph89HYovuWYUILKttDKJt8G2EdxXicmk5+mC5nAgLW0+in7JuvqnK7s3MlXyZahSJ35Zd2M01kBXcbcebsu6le8o= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;7:TYciyblHgEyYBwn7ZI5JP8rtWxoO35b/7r9LWuwkGaHLUbWRpAjt0AkxLwZmkFm4EugzYGprZ2GP1/YZ96P7W/zjKdEWsQCExobnVs+RDGl9CYc1rnyhXDjUgZxatnm1L8PCeh6tpmltyFM/XAi0PHb+HTHWoH5KAlBKAXIbvVuuoqpx0WulX1DipTHncBPzgwAWUqKE5h6jyV9XtrOIbJkq3xh4kzgb3X70M+mB6Z57xIl+uAQk6L6zw6Ipm/bgM+NCPQzoiP8hU1Ot40wozH/IO/e8Ep8HI2jt1mesleBgOgCCR3LxjhbI7ezjnstvZ/tDBPV6z9wjpldqeQyNuA==;20:2cA+SsZTzkH8cgovxBCP+Dg6+Ww+rGQ6D8f3bzFlBDOaSGO9dGgenelGbW/CwFeVbjaBWVgE12xeBc/rPc7aX0MJROAjIUNZ5/KzJ0ajDf5yS9nLHEJAiXmacVTxS6XhA1Nfsz1aDm1z4W6Y6MCxZI/uYeMf8zu/KxoQF5cXsSPJUTBeq5l9puvDjFtHrBYqT+YFmAM3caYuuMQ6CEIfEJl+4X8Skk6Ez50iTvavLTfFJTmpDeEBCu6DPnAgdmyY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2017 14:23:49.9788 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/19/2017 4:02 AM, Borislav Petkov wrote: > Always have a verb in the Subject to form a "do this" or "do that" > sentence to better explain what the patch does: > > "Subject: [PATCH v5 01/32] x86: Add documentation for AMD Secure Memory Encryption (SME)" Will do. Btw, I tried to update all the subjects and descriptions to be more descriptive but I'm sure there is still room for improvement so keep the comments on them coming. > > On Tue, Apr 18, 2017 at 04:16:25PM -0500, Tom Lendacky wrote: >> Create a Documentation entry to describe the AMD Secure Memory >> Encryption (SME) feature and add documentation for the mem_encrypt= >> kernel parameter. >> >> Signed-off-by: Tom Lendacky >> --- >> Documentation/admin-guide/kernel-parameters.txt | 11 ++++ >> Documentation/x86/amd-memory-encryption.txt | 60 +++++++++++++++++++++++ >> 2 files changed, 71 insertions(+) >> create mode 100644 Documentation/x86/amd-memory-encryption.txt >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt >> index 3dd6d5d..84c5787 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -2165,6 +2165,17 @@ >> memory contents and reserves bad memory >> regions that are detected. >> >> + mem_encrypt= [X86-64] AMD Secure Memory Encryption (SME) control >> + Valid arguments: on, off >> + Default (depends on kernel configuration option): >> + on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) >> + off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n) >> + mem_encrypt=on: Activate SME >> + mem_encrypt=off: Do not activate SME >> + >> + Refer to Documentation/x86/amd-memory-encryption.txt >> + for details on when memory encryption can be activated. >> + >> mem_sleep_default= [SUSPEND] Default system suspend mode: >> s2idle - Suspend-To-Idle >> shallow - Power-On Suspend or equivalent (if supported) >> diff --git a/Documentation/x86/amd-memory-encryption.txt b/Documentation/x86/amd-memory-encryption.txt >> new file mode 100644 >> index 0000000..0b72ff2 >> --- /dev/null >> +++ b/Documentation/x86/amd-memory-encryption.txt >> @@ -0,0 +1,60 @@ >> +Secure Memory Encryption (SME) is a feature found on AMD processors. >> + >> +SME provides the ability to mark individual pages of memory as encrypted using >> +the standard x86 page tables. A page that is marked encrypted will be >> +automatically decrypted when read from DRAM and encrypted when written to >> +DRAM. SME can therefore be used to protect the contents of DRAM from physical >> +attacks on the system. >> + >> +A page is encrypted when a page table entry has the encryption bit set (see >> +below on how to determine its position). The encryption bit can be specified >> +in the cr3 register, allowing the PGD table to be encrypted. Each successive > > I missed that the last time: do you mean here, "The encryption bit can > be specified in the %cr3 register allowing for the page table hierarchy > itself to be encrypted."? > >> +level of page tables can also be encrypted. > > Right, judging by the next sentence, it looks like it. Correct. I like the hierarchy term so I'll add that to the text. Note, just because the bit is set in %cr3 doesn't mean the full hierarchy is encrypted. Each level in the hierarchy needs to have the encryption bit set. So, theoretically, you could have the encryption bit set in %cr3 so that the PGD is encrypted, but not set the encryption bit in the PGD entry for a PUD and so the PUD pointed to by that entry would not be encrypted. Thanks, Tom > > The rest looks and reads really nice to me, so feel free to add: > > Reviewed-by: Borislav Petkov > > after addressing those minor nitpicks on your next submission. > > Thanks. >