Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2626286pxp; Mon, 14 Mar 2022 00:56:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz3CWDpl3+GLJytUPBKWrTMVr0w0Hj8FoKTY7lizCgqVNYzbbvl2AHGNC7cA7mygyQlbp4L X-Received: by 2002:a17:90a:4286:b0:1b8:8ba1:730c with SMTP id p6-20020a17090a428600b001b88ba1730cmr23738721pjg.181.1647244602935; Mon, 14 Mar 2022 00:56:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647244602; cv=none; d=google.com; s=arc-20160816; b=p/XyzpnyqPO9ReNjr+UUwpi4FzNvw++J/K8cEo0zLkeFwvgBGgPlo4M4vgj3aF0VKX vTTgQwGjuvSr9JkuUuBCIdow58NU1Ji9zLonWeBm2REK+HDQmXzCMfhDkYnCJC6hOXms 2dykEK/D4nTi6l6XFp8KL7ZhAj4wat+E6hMx0Uuo9YhZKRhtElQgygachBKmg4S/ZxKA iGz0HOnt1UCy0iHFYmBglWz1/rXiLtd1apYh9NbaYBdRJSI/EZvi80dziMeSFSIDAGkS PpJt3mQQ/tRUPML29TqijpCaUPdM98Lw39qLgUabYBalA6bUqnkGty+zMoWditOOlrYp nZjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WPJc/ShdXAFvfnZ3/qv9/36g0DohscM1lJ5vU0zySZs=; b=vLhZV2AcJ4ifOqdJyknYV8q9lDh1qRLvx3o0hlQf/lK+ZpEd3GJxa3m8Seio4ONH9g Y/CmAw5C2QBbNbCgQEqtfTCZFe2dXX9ftBaB2I2MURxWu3VKMfl8M/YRwueWW/2tnHsv MtAeMkO53L13fd3N6We8rVYCF6wye086/O40U8uwnVgIP+0nybJIJXnhBqsUxI9tN0UU ia5sNDHVjY7dAj4vvcotDJz9Cj7pYUNDaNyNmrxTwPfoBcnWzqD7s4D1neSlfWa7tJng 37j/0q934ARlA99ooBz77dF2rZaMqicQMU219yAmchm3Ptx3Cw3Su06MUCyZXAj9CiR+ mdvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E0RYgFQC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pg8-20020a17090b1e0800b001bd14e01f91si17435831pjb.127.2022.03.14.00.56.31; Mon, 14 Mar 2022 00:56:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E0RYgFQC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233117AbiCMKvb (ORCPT + 99 others); Sun, 13 Mar 2022 06:51:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40228 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232979AbiCMKvY (ORCPT ); Sun, 13 Mar 2022 06:51:24 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C74D24F04; Sun, 13 Mar 2022 03:50:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647168617; x=1678704617; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OZyHTx0S0kGdFboPSGYV7Hn0OiQxdH1V1xkIGkAhKNw=; b=E0RYgFQCkhhyfk7SMiOdENX3Cr06C9xspeGqIMNDFHY87PUSjwitfHMy QlsKlOjJPoUmvpL0ralMtfHg6HGnqqBrzxGrt98crejOCBbmOuHSnunSf pct7mTUpAqaEbr4vrG7dGpGfDWXWOeEQSARngJzTqOTaiYFBVgfyvuOFB 8mT+Btv//KzrzcdEAmH5V4WRS2dZ8pOH2b8Ewy6H0C8/ZgEw3laUKQLKh Gl4hWO3ZVlsHn6NeLriIYrUcPrvGVlAke1QGeQBBoGmbGPU9cESuDP5Sv FL/t4p8yhauBQXp7eHNqJASEwlmzvg27FTHHeblmQldxlu1tgmTawsLtk Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10284"; a="255810429" X-IronPort-AV: E=Sophos;i="5.90,178,1643702400"; d="scan'208";a="255810429" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Mar 2022 03:50:16 -0700 X-IronPort-AV: E=Sophos;i="5.90,178,1643702400"; d="scan'208";a="645448057" Received: from mvideche-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.251.130.249]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Mar 2022 03:50:13 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, peterz@infradead.org, tony.luck@intel.com, ak@linux.intel.com, dan.j.williams@intel.com, isaku.yamahata@intel.com, kai.huang@intel.com Subject: [PATCH v2 02/21] x86/virt/tdx: Detect TDX private KeyIDs Date: Sun, 13 Mar 2022 23:49:42 +1300 Message-Id: <6d640fdda25b8845cd6abb041885d60095731644.1647167475.git.kai.huang@intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Pre-TDX Intel hardware has support for a memory encryption architecture called MKTME. The memory encryption hardware underpinning MKTME is also used for Intel TDX. TDX ends up "stealing" some of the physical address space from the MKTME architecture for crypto protection to VMs. A new MSR (IA32_MKTME_KEYID_PARTITIONING) helps to enumerate how MKTME- enumerated "KeyID" space is distributed between TDX and legacy MKTME. KeyIDs reserved for TDX are called 'TDX private KeyIDs' or 'TDX KeyIDs' for short. The new MSR is per package and BIOS is responsible for partitioning MKTME KeyIDs and TDX KeyIDs consistently among all packages. Detect TDX private KeyIDs as a preparation to initialize TDX. Similar to detecting SEAMRR, detect on all cpus to detect any potential BIOS misconfiguration among packages. Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx.c | 72 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/arch/x86/virt/vmx/tdx.c b/arch/x86/virt/vmx/tdx.c index 03f35c75f439..ba2210001ea8 100644 --- a/arch/x86/virt/vmx/tdx.c +++ b/arch/x86/virt/vmx/tdx.c @@ -29,9 +29,28 @@ #define SEAMRR_ENABLED_BITS \ (SEAMRR_PHYS_MASK_ENABLED | SEAMRR_PHYS_MASK_LOCKED) +/* + * Intel Trusted Domain CPU Architecture Extension spec: + * + * IA32_MKTME_KEYID_PARTIONING: + * + * Bit [31:0]: number of MKTME KeyIDs. + * Bit [63:32]: number of TDX private KeyIDs. + * + * TDX private KeyIDs start after the last MKTME KeyID. + */ +#define MSR_IA32_MKTME_KEYID_PARTITIONING 0x00000087 + +#define TDX_KEYID_START(_keyid_part) \ + ((u32)(((_keyid_part) & 0xffffffffull) + 1)) +#define TDX_KEYID_NUM(_keyid_part) ((u32)((_keyid_part) >> 32)) + /* BIOS must configure SEAMRR registers for all cores consistently */ static u64 seamrr_base, seamrr_mask; +static u32 tdx_keyid_start; +static u32 tdx_keyid_num; + static bool __seamrr_enabled(void) { return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS; @@ -96,7 +115,60 @@ static void detect_seam(struct cpuinfo_x86 *c) detect_seam_ap(c); } +static void detect_tdx_keyids_bsp(struct cpuinfo_x86 *c) +{ + u64 keyid_part; + + /* TDX is built on MKTME, which is based on TME */ + if (!boot_cpu_has(X86_FEATURE_TME)) + return; + + if (rdmsrl_safe(MSR_IA32_MKTME_KEYID_PARTITIONING, &keyid_part)) + return; + + /* If MSR value is 0, TDX is not enabled by BIOS. */ + if (!keyid_part) + return; + + tdx_keyid_num = TDX_KEYID_NUM(keyid_part); + if (!tdx_keyid_num) + return; + + tdx_keyid_start = TDX_KEYID_START(keyid_part); +} + +static void detect_tdx_keyids_ap(struct cpuinfo_x86 *c) +{ + u64 keyid_part; + + /* + * Don't bother to detect this AP if TDX KeyIDs are + * not detected or cleared after earlier detections. + */ + if (!tdx_keyid_num) + return; + + rdmsrl(MSR_IA32_MKTME_KEYID_PARTITIONING, keyid_part); + + if ((tdx_keyid_start == TDX_KEYID_START(keyid_part)) && + (tdx_keyid_num == TDX_KEYID_NUM(keyid_part))) + return; + + pr_err("Inconsistent TDX KeyID configuration among packages by BIOS\n"); + tdx_keyid_start = 0; + tdx_keyid_num = 0; +} + +static void detect_tdx_keyids(struct cpuinfo_x86 *c) +{ + if (c == &boot_cpu_data) + detect_tdx_keyids_bsp(c); + else + detect_tdx_keyids_ap(c); +} + void tdx_detect_cpu(struct cpuinfo_x86 *c) { detect_seam(c); + detect_tdx_keyids(c); } -- 2.35.1