Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1148378pxb; Wed, 6 Apr 2022 09:51:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy2aKvE01AEm3Q7Z5OSqUQKJ7qRMjIpTC8DEI8sPYn0QupOSZWT7VTB5YTsR/Ls3BmwsNfG X-Received: by 2002:a05:6a00:194a:b0:4fe:309f:d616 with SMTP id s10-20020a056a00194a00b004fe309fd616mr9476606pfk.77.1649263878611; Wed, 06 Apr 2022 09:51:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649263878; cv=none; d=google.com; s=arc-20160816; b=ORbj8D7DOoJmsqrivAcdhR0KJfuDtUEKUgRPydLpGV/npYZRgw7ncC7JcPfh0B5vp0 sf85wEqnFjm/lFqCcRWuEg6Pzqx2JMiaY0FWLAAQiS9h0B4TQ+s/m7qYh3N0zybY3/Aw akq7HqXUVdjif/a+260Iyu7gB+0+Z5U3MMEhEH6QIl8kZe2/OT1HfIoqhEZV6g5kCUsE hhbr6J/czmh2JFTKFY7WLZZqKZZl5NU0L0+SZxNXbuKAwYHUCjn4S1P+7UC5LsynGhc4 khBP0vprAUc1HnsF4Xds/UW6gqw4P29cf4XQf9ECAfdbG4GDfPr+TYy8xhI0q8QqE1UF Zofg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SuQJ/XjdKfsQ7l/ycjt2+S2BsfkNJsN0f3XsTTWZ7eA=; b=exjfAThRGL6OYZu+YwulHOXh8yFxx2kZ/elKprVuVQxoDBVPV2eJ09+QicOUxsQbdU K9NgWuno8QxREYE6TfDiF1sQBhWj95CAE+1gsyG/ac53H+NpEmCsGHD4UM3maE8aeYp0 hqXM/z2+iS5B6c0V6EvP8hDrMvVrm+ev+GMyjIdWptazJM93sZeNnhq4pY1WiyKlef2T HXl6qMdnTt5P10IeATAIXVAsoRZehazdkgf1HFe/YSlUBENeUuq6ZqQkfr/AyfPno8xe xp6oy8LlFjdbAYiyPRy9DLh/FCBQ+MMnARoOWDzUXsd8gSGEHm8jgSjDPUOBPQTRLY1Q 80FQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CcSPUB7o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id s4-20020a632144000000b003816043f12fsi16385338pgm.804.2022.04.06.09.51.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 09:51:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CcSPUB7o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 03487478A7E; Wed, 6 Apr 2022 09:04:42 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236947AbiDFQGY (ORCPT + 99 others); Wed, 6 Apr 2022 12:06:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236964AbiDFQFz (ORCPT ); Wed, 6 Apr 2022 12:05:55 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A04A16249C; Tue, 5 Apr 2022 21:50:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649220656; x=1680756656; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eHwghcfLHXsMY9IOJjx34UuVcdIv13Ep0z+VBduV9pk=; b=CcSPUB7o0AZNDulqHZugGTedxNwb4TTc4vrpSxTIrjti9z6bF4ldcjV0 sW8cfffmW0HiPgiMmphhuvn77CYyi1pDXNOj6ULgdGtzY2SwWlRVEUxVc uVolkxa5JFSrRFCv62lXMr0Uaf3x7cTUxqD23/DJH6gLMH7PnXxiKpf+z 6N6/opq5GRnHFHodzKKWeC5cOQx5z9mNIsTLP+bd9Vu+dsmXk5tUgszzo FLCSfWlR0kJAJvNhPMehIXZdCbsqCEV/LphgTOwD1fPlH71LuWUG9P5Fc bFMMIeQwXYD1BdoewVpzyqO7DnEBrlMBTQFuunBs1TH+eTSvTHIAEFSGk g==; X-IronPort-AV: E=McAfee;i="6200,9189,10308"; a="243089880" X-IronPort-AV: E=Sophos;i="5.90,239,1643702400"; d="scan'208";a="243089880" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2022 21:50:44 -0700 X-IronPort-AV: E=Sophos;i="5.90,239,1643702400"; d="scan'208";a="524302416" Received: from dchang1-mobl3.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.29.17]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2022 21:50:40 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com, kai.huang@intel.com Subject: [PATCH v3 15/21] x86/virt/tdx: Reserve TDX module global KeyID Date: Wed, 6 Apr 2022 16:49:27 +1200 Message-Id: <3e4929500a7b5bbaaf8ed23cde088172862acae0.1649219184.git.kai.huang@intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TDX module initialization requires to use one TDX private KeyID as the global KeyID to crypto protect TDX metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index bf0d13644898..ecd65f7014e2 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -112,6 +112,9 @@ static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMEN static int tdx_cmr_num; static struct tdsysinfo_struct tdx_sysinfo; +/* TDX global KeyID to protect TDX metadata */ +static u32 tdx_global_keyid; + static bool __seamrr_enabled(void) { return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS; @@ -1320,6 +1323,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EFAULT until all steps of TDX module * initialization are done. -- 2.35.1