Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1198541pxb; Wed, 10 Feb 2021 02:34:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJxyZkMoDaGarRKsv4lDkTTMhoreE1Y/z275q6FgAyyTIIeeR8dFFprz8lfwdsocAeFr/IqU X-Received: by 2002:a17:906:da0b:: with SMTP id fi11mr2336150ejb.392.1612953286637; Wed, 10 Feb 2021 02:34:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612953286; cv=none; d=google.com; s=arc-20160816; b=gxJy5n04S7pAe/97z1pCWKS8uqVD1buRABVDoYFPK25NdKLETPUT2niiBv8UKPpcIK YQ5oGMMA2AkNROgFUlilX+7BFFdW75dnULummts69xpX1OxOfwH6n1qdUXQGx2La0AAP E2D75Lp5rsHw2ASZk9sZyVi5yZFTi2McRW7/lJP1SMhxwSavcJcF1mLk41g4Ads3MxXi QlMOlt6p7vv9HBATZOFORS/347zEB27E8EUpM/a00YZUtJlvuwsDMk9++Or4mUY+DZ2N qvDF1SBBDF5uzg2j923HJxpeJyVUWwFRGDPWk3FsyMrCt1qbH72ImVoJu5RZnwNA2gKN 5yKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=P4TnOu7FDtLxI1sHUVKdZdpOQeet5u48wgRe7tNIvGc=; b=0UnvpwvoRBJWDkVFhqjpk7uHUaI/BWehJtbKhhgVwGOp/8WQ/V4hrrJZlD6fc/uh/S OEANBy0fPLwKRhQfrwb2aZW8IVcvq10V44IVASdSvwS92tgvd3ndbtIkfupL2UpeERNE Ix0J/0556xOnesPqQ9atvflgrGrCauGVZLNtcf0+fxUVAp0atznOKXloOA+PHMMkeamH K1Qb4S+LMfx3cpl6bJhhLlr4AxnbzEtJdNSvzgYj/wvE9VoLGFO5wtl09B4H+pm7lYYF iYk3GFe2HkULkCZtRQIfGmDX1q9XwKYGycPvCaFVweUU2YC86FBt5qTPJbACh7jP4zD4 Mr2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c67si1094868edf.523.2021.02.10.02.34.23; Wed, 10 Feb 2021 02:34:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230148AbhBJKdV (ORCPT + 99 others); Wed, 10 Feb 2021 05:33:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230362AbhBJKWj (ORCPT ); Wed, 10 Feb 2021 05:22:39 -0500 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 130B6C061574; Wed, 10 Feb 2021 02:21:59 -0800 (PST) Received: from cap.home.8bytes.org (p549adcf6.dip0.t-ipconnect.de [84.154.220.246]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id E7E49310; Wed, 10 Feb 2021 11:21:54 +0100 (CET) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , Arvind Sankar , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH 0/7] x86/seves: Support 32-bit boot path and other updates Date: Wed, 10 Feb 2021 11:21:28 +0100 Message-Id: <20210210102135.30667-1-joro@8bytes.org> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel Hi, these patches add support for the 32-bit boot in the decompressor code. This is needed to boot an SEV-ES guest on some firmware and grub versions. The patches also add the necessary CPUID sanity checks and a 32-bit version of the C-bit check. Other updates included here: 1. Add code to shut down exception handling in the decompressor code before jumping to the real kernel. Once in the real kernel it is not safe anymore to jump back to the decompressor code via exceptions. 2. Replace open-coded hlt loops with proper calls to sev_es_terminate(). Please review. Thanks, Joerg Joerg Roedel (7): x86/boot/compressed/64: Cleanup exception handling before booting kernel x86/boot/compressed/64: Reload CS in startup_32 x86/boot/compressed/64: Setup IDT in startup_32 boot path x86/boot/compressed/64: Add 32-bit boot #VC handler x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() arch/x86/boot/compressed/head_64.S | 168 ++++++++++++++++++++++++- arch/x86/boot/compressed/idt_64.c | 14 +++ arch/x86/boot/compressed/mem_encrypt.S | 114 ++++++++++++++++- arch/x86/boot/compressed/misc.c | 7 +- arch/x86/boot/compressed/misc.h | 6 + arch/x86/boot/compressed/sev-es.c | 12 +- arch/x86/kernel/sev-es-shared.c | 10 +- 7 files changed, 307 insertions(+), 24 deletions(-) -- 2.30.0