Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2469806pxb; Fri, 5 Feb 2021 20:28:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJwWaf3r1qbLjPvcDJenD5eAWEzg08fZd2L2QKTNaetGL/Zn5NNTMtvUk6uDT0QSPyW2AEh2 X-Received: by 2002:a17:906:f950:: with SMTP id ld16mr7213084ejb.553.1612585692595; Fri, 05 Feb 2021 20:28:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612585692; cv=none; d=google.com; s=arc-20160816; b=j4iFkW5OXJTsFZAFYf4so8dMl47K8D8jVXW9SeGnUky2nE+q99hNZjAdpgr3GEHcbv UILI/sCg4u7y+/rwLEOSrWMELpPG5rxRP1k0yjRGQKUBAFH20DvNARQwLX9LiLEyX3vI uH6+N73czDf2Oo7mivb2mr5pUI1YFMzQv8FtiUZ/LFMJY74B6QZjsyneCUA9PDcUJkZx TXATUFVoGXAQXrmMDgav7vb51mT91/u1bFSKelta/MFMDABCfUEsi+9wZ4/D8htCMzRy 3+XlSwlLV+N/cjLOJOaAp6RwNoOGKp3ieKQ+aJsnVSvQyNPGJYh27U1CaA85Qx91h158 sthQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=Af1lX+Sv1/GuAr3Nr+AdIKfMH60bnldnHkUsQyfgxk8=; b=NY+DEkNFzyE4I6T0nXUQr6b8/sXnp2prjI01lO6SjlW0OlRso6FzOHzGF+IELFcgiU 6agug0tyZOKmF315LQ86w2cLPYeuJnTuWAKKYgh5tyeeAg6FWX/wNwZBdnOU5mCalqgE CiSO/M3ED910AAoT66R4qMzthIk2lnJuI4FJteTDTaWotGT2iEbNMJSdrzaOyT1xmksn yxvlyVJ+7y6w4rPt4oCRLKTWn1jRafPnjKTA2P+fTz/izh6FIz+LHfJrCMF12UHzIXpO XRRH+kiQKMqlZH9jIi9+ut0f5pBqSfx4HcMq3U81UTAPzG8+qSDnnWoZtLHMKatz0QPZ N3DA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m1si6525563eja.95.2021.02.05.20.27.49; Fri, 05 Feb 2021 20:28:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230448AbhBFE1F (ORCPT + 99 others); Fri, 5 Feb 2021 23:27:05 -0500 Received: from mga09.intel.com ([134.134.136.24]:63384 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232011AbhBFDQL (ORCPT ); Fri, 5 Feb 2021 22:16:11 -0500 IronPort-SDR: 1iKi5vsJaYBGKEAXFHJRox9t6XgBfPezSDP8WLi0m5dicL0TV7EXQihBmb8CAHwj0pZmoDWbcV vJk22RG/cYoA== X-IronPort-AV: E=McAfee;i="6000,8403,9886"; a="181650707" X-IronPort-AV: E=Sophos;i="5.81,156,1610438400"; d="scan'208";a="181650707" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2021 15:39:04 -0800 IronPort-SDR: qOO98KPFTTF/301pJY+AqTo/k4NaXTegYjJicuoL+LxTg/PwcX0EFC2j/BX8qUqaPAwymtCnbh iTboy9MATEpQ== X-IronPort-AV: E=Sophos;i="5.81,156,1610438400"; d="scan'208";a="416183865" Received: from mdhake-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.209.53.25]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2021 15:39:03 -0800 From: Kuppuswamy Sathyanarayanan To: Peter Zijlstra , Andy Lutomirski , Dave Hansen Cc: Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org, Kuppuswamy Sathyanarayanan Subject: [RFC v1 02/26] x86/cpufeatures: Add TDX Guest CPU feature Date: Fri, 5 Feb 2021 15:38:19 -0800 Message-Id: <75826caecbb26d14ecefeaf2ec629f3391eb9fdb.1612563142.git.sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add CPU feature detection for Trusted Domain Extensions support. TDX feature adds capabilities to keep guest register state and memory isolated from hypervisor. For TDX guest platforms, executing CPUID(0x21, 0) will return following values in EAX, EBX, ECX and EDX. EAX: Maximum sub-leaf number: 0 EBX/EDX/ECX: Vendor string: EBX = “Inte” EDX = ”lTDX” ECX = “ “ So when above condition is true, set X86_FEATURE_TDX_GUEST feature cap bit Signed-off-by: Kuppuswamy Sathyanarayanan Reviewed-by: Andi Kleen --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/tdx.h | 18 +++++++++++++++++ arch/x86/kernel/Makefile | 1 + arch/x86/kernel/head64.c | 3 +++ arch/x86/kernel/tdx.c | 31 ++++++++++++++++++++++++++++++ 5 files changed, 54 insertions(+) create mode 100644 arch/x86/include/asm/tdx.h create mode 100644 arch/x86/kernel/tdx.c diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 84b887825f12..989e2b302880 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -238,6 +238,7 @@ #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ #define X86_FEATURE_SEV_ES ( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_VM_PAGE_FLUSH ( 8*32+21) /* "" VM Page Flush MSR is supported */ +#define X86_FEATURE_TDX_GUEST ( 8*32+22) /* Trusted Domain Extensions Guest */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h new file mode 100644 index 000000000000..2cc246c0cecf --- /dev/null +++ b/arch/x86/include/asm/tdx.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) 2020 Intel Corporation */ +#ifndef _ASM_X86_TDX_H +#define _ASM_X86_TDX_H + +#define TDX_CPUID_LEAF_ID 0x21 + +#ifdef CONFIG_INTEL_TDX_GUEST + +void __init tdx_early_init(void); + +#else // !CONFIG_INTEL_TDX_GUEST + +static inline void tdx_early_init(void) { }; + +#endif /* CONFIG_INTEL_TDX_GUEST */ + +#endif /* _ASM_X86_TDX_H */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 5eeb808eb024..ba8ee9300f23 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -128,6 +128,7 @@ obj-$(CONFIG_PARAVIRT_CLOCK) += pvclock.o obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o +obj-$(CONFIG_INTEL_TDX_GUEST) += tdx.o obj-$(CONFIG_EISA) += eisa.o obj-$(CONFIG_PCSPKR_PLATFORM) += pcspeaker.o diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 5e9beb77cafd..75f2401cb5db 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -40,6 +40,7 @@ #include #include #include +#include /* * Manage page tables very early on. @@ -491,6 +492,8 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data) kasan_early_init(); + tdx_early_init(); + idt_setup_early_handler(); copy_bootdata(__va(real_mode_data)); diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c new file mode 100644 index 000000000000..473b4c1c0920 --- /dev/null +++ b/arch/x86/kernel/tdx.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* Copyright (C) 2020 Intel Corporation */ + +#include +#include + +static inline bool cpuid_has_tdx_guest(void) +{ + u32 eax, signature[3]; + + if (cpuid_eax(0) < TDX_CPUID_LEAF_ID) + return false; + + cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &signature[0], + &signature[1], &signature[2]); + + if (memcmp("IntelTDX ", signature, 12)) + return false; + + return true; +} + +void __init tdx_early_init(void) +{ + if (!cpuid_has_tdx_guest()) + return; + + setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); + + pr_info("TDX guest is initialized\n"); +} -- 2.25.1