Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1148378pxb;
        Wed, 6 Apr 2022 09:51:18 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy2aKvE01AEm3Q7Z5OSqUQKJ7qRMjIpTC8DEI8sPYn0QupOSZWT7VTB5YTsR/Ls3BmwsNfG
X-Received: by 2002:a05:6a00:194a:b0:4fe:309f:d616 with SMTP id s10-20020a056a00194a00b004fe309fd616mr9476606pfk.77.1649263878611;
        Wed, 06 Apr 2022 09:51:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649263878; cv=none;
        d=google.com; s=arc-20160816;
        b=ORbj8D7DOoJmsqrivAcdhR0KJfuDtUEKUgRPydLpGV/npYZRgw7ncC7JcPfh0B5vp0
         sf85wEqnFjm/lFqCcRWuEg6Pzqx2JMiaY0FWLAAQiS9h0B4TQ+s/m7qYh3N0zybY3/Aw
         akq7HqXUVdjif/a+260Iyu7gB+0+Z5U3MMEhEH6QIl8kZe2/OT1HfIoqhEZV6g5kCUsE
         hhbr6J/czmh2JFTKFY7WLZZqKZZl5NU0L0+SZxNXbuKAwYHUCjn4S1P+7UC5LsynGhc4
         khBP0vprAUc1HnsF4Xds/UW6gqw4P29cf4XQf9ECAfdbG4GDfPr+TYy8xhI0q8QqE1UF
         Zofg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=SuQJ/XjdKfsQ7l/ycjt2+S2BsfkNJsN0f3XsTTWZ7eA=;
        b=exjfAThRGL6OYZu+YwulHOXh8yFxx2kZ/elKprVuVQxoDBVPV2eJ09+QicOUxsQbdU
         K9NgWuno8QxREYE6TfDiF1sQBhWj95CAE+1gsyG/ac53H+NpEmCsGHD4UM3maE8aeYp0
         hqXM/z2+iS5B6c0V6EvP8hDrMvVrm+ev+GMyjIdWptazJM93sZeNnhq4pY1WiyKlef2T
         HXl6qMdnTt5P10IeATAIXVAsoRZehazdkgf1HFe/YSlUBENeUuq6ZqQkfr/AyfPno8xe
         xp6oy8LlFjdbAYiyPRy9DLh/FCBQ+MMnARoOWDzUXsd8gSGEHm8jgSjDPUOBPQTRLY1Q
         80FQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=CcSPUB7o;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id s4-20020a632144000000b003816043f12fsi16385338pgm.804.2022.04.06.09.51.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 09:51:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=CcSPUB7o;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 03487478A7E;
	Wed,  6 Apr 2022 09:04:42 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236947AbiDFQGY (ORCPT <rfc822;02joepater06@gmail.com>
        + 99 others); Wed, 6 Apr 2022 12:06:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51562 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236964AbiDFQFz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Apr 2022 12:05:55 -0400
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A04A16249C;
        Tue,  5 Apr 2022 21:50:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1649220656; x=1680756656;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=eHwghcfLHXsMY9IOJjx34UuVcdIv13Ep0z+VBduV9pk=;
  b=CcSPUB7o0AZNDulqHZugGTedxNwb4TTc4vrpSxTIrjti9z6bF4ldcjV0
   sW8cfffmW0HiPgiMmphhuvn77CYyi1pDXNOj6ULgdGtzY2SwWlRVEUxVc
   uVolkxa5JFSrRFCv62lXMr0Uaf3x7cTUxqD23/DJH6gLMH7PnXxiKpf+z
   6N6/opq5GRnHFHodzKKWeC5cOQx5z9mNIsTLP+bd9Vu+dsmXk5tUgszzo
   FLCSfWlR0kJAJvNhPMehIXZdCbsqCEV/LphgTOwD1fPlH71LuWUG9P5Fc
   bFMMIeQwXYD1BdoewVpzyqO7DnEBrlMBTQFuunBs1TH+eTSvTHIAEFSGk
   g==;
X-IronPort-AV: E=McAfee;i="6200,9189,10308"; a="243089880"
X-IronPort-AV: E=Sophos;i="5.90,239,1643702400"; 
   d="scan'208";a="243089880"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2022 21:50:44 -0700
X-IronPort-AV: E=Sophos;i="5.90,239,1643702400"; 
   d="scan'208";a="524302416"
Received: from dchang1-mobl3.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.29.17])
  by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2022 21:50:40 -0700
From:   Kai Huang <kai.huang@intel.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com,
        len.brown@intel.com, tony.luck@intel.com,
        rafael.j.wysocki@intel.com, reinette.chatre@intel.com,
        dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com,
        kirill.shutemov@linux.intel.com,
        sathyanarayanan.kuppuswamy@linux.intel.com,
        isaku.yamahata@intel.com, kai.huang@intel.com
Subject: [PATCH v3 15/21] x86/virt/tdx: Reserve TDX module global KeyID
Date:   Wed,  6 Apr 2022 16:49:27 +1200
Message-Id: <3e4929500a7b5bbaaf8ed23cde088172862acae0.1649219184.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <cover.1649219184.git.kai.huang@intel.com>
References: <cover.1649219184.git.kai.huang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

TDX module initialization requires to use one TDX private KeyID as the
global KeyID to crypto protect TDX metadata.  The global KeyID is
configured to the TDX module along with TDMRs.

Just reserve the first TDX private KeyID as the global KeyID.

Signed-off-by: Kai Huang <kai.huang@intel.com>
---
 arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index bf0d13644898..ecd65f7014e2 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -112,6 +112,9 @@ static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMEN
 static int tdx_cmr_num;
 static struct tdsysinfo_struct tdx_sysinfo;
 
+/* TDX global KeyID to protect TDX metadata */
+static u32 tdx_global_keyid;
+
 static bool __seamrr_enabled(void)
 {
 	return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS;
@@ -1320,6 +1323,12 @@ static int init_tdx_module(void)
 	if (ret)
 		goto out_free_tdmrs;
 
+	/*
+	 * Reserve the first TDX KeyID as global KeyID to protect
+	 * TDX module metadata.
+	 */
+	tdx_global_keyid = tdx_keyid_start;
+
 	/*
 	 * Return -EFAULT until all steps of TDX module
 	 * initialization are done.
-- 
2.35.1