Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3930376pxu; Tue, 20 Oct 2020 04:26:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBZMaXwCZKTDSEU97K1M2rlvijuJVYiZRYJhoWICIHNSDBqGMtvppg4ge5Fl+vdADYafHi X-Received: by 2002:a17:906:fcae:: with SMTP id qw14mr2702073ejb.537.1603193206859; Tue, 20 Oct 2020 04:26:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603193206; cv=none; d=google.com; s=arc-20160816; b=dkFXu8gZdpgg60WDzUMCvDlQmSK4n2xqJJQk0iqwLl1NsA9ZGl+YfoJ1cQ4iIyicle j3rPYb4q3pRL5dcm+cS9mJDL0XWlmUOip39W7dvnFVsWz+PI3HFfDy5htx3h8iiBkwSY q2jVIEw7R9vNpkUOJcEFvDxWxwCLEPZ7XAvU5ePU2M+u7gBq/xrgztpDTSNbykiBKmkN eqfCxcXV8VCGQsHRkTcImu0Kzg9Tud7zOmC2LDZTGaTz/gIz6H5K8QgIRS6hznMqA8EP cgRCZ/mrS7CciZzB4YOZiwn+YQEJ9pC22AXyomoQkp1cwqhDInRWCefiJo7om3oD4eo2 Y/Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=G2vZ98vmhDcuKBkj5m69cFMI5sD6Ti22taiLfr4FOig=; b=xzNmif5cK4VRc7cFPO6nFShx+cW3CQcOiCO2ZFEzja4+aIWkAd8qWzZJUrcHZeZ8jk 0xxuuN8aMsjzKMrXxrIfc4cW/DPbhkosA6TuGtSiZ/m6egXJC55WqX/FNhYOMdzmXFnF H+anFtRqf6tqlFjN1+eb6lGSeLaj011s6hPhtcg0LcV3QPDJdPsc2QpbNVV97GQLn5A2 6GSR1W3Rrx034ezQ+RIgbJLuHD9QGgm4Zxd2O3Cwnh971N0T6KyrWlAB/Ol5UXjRmrHN rpuuKL3eah4iMO9yqN1XJxtr+CKXxZAainLS32HjkPZujmpp7Ogd3H6eClNKyweL8Tyk /YRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t19si1007026ejd.359.2020.10.20.04.26.24; Tue, 20 Oct 2020 04:26:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2393059AbgJTJlN (ORCPT + 99 others); Tue, 20 Oct 2020 05:41:13 -0400 Received: from mx2.suse.de ([195.135.220.15]:50444 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728462AbgJTJlM (ORCPT ); Tue, 20 Oct 2020 05:41:12 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E5225AC1D; Tue, 20 Oct 2020 09:41:11 +0000 (UTC) Date: Tue, 20 Oct 2020 11:41:10 +0200 From: Joerg Roedel To: Arvind Sankar Cc: Joerg Roedel , x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Kees Cook , Martin Radev , Tom Lendacky , linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Message-ID: <20201020094110.GG9328@suse.de> References: <20201019151121.826-1-joro@8bytes.org> <20201019151121.826-4-joro@8bytes.org> <20201019170008.GA2701355@rani.riverdale.lan> <20201019203345.GF3635@8bytes.org> <20201019212247.GA2815942@rani.riverdale.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201019212247.GA2815942@rani.riverdale.lan> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 05:22:47PM -0400, Arvind Sankar wrote: > The boot cpu also enables CR4.PGE -- that code is shared between boot > and secondary cpus. The boot cpu jumps to the first "1" label below, > just before the call to sev_verify_cbit you're adding. You are right, in the real kernel image PGE gets enabled early. I added code to save and restore CR4 in sev_verify_cbit() and disable PGE during the test. Thanks, Joerg