Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp217415pxw; Fri, 8 Apr 2022 05:57:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDqCvD6bo3Pexg10Ec7OJVQZf1/X7qvz364OdTgf/g09pWYsKiJ7lZoWP/m2kMv81lZQVa X-Received: by 2002:a17:906:c102:b0:6e0:73a0:c63e with SMTP id do2-20020a170906c10200b006e073a0c63emr18236617ejc.627.1649422631005; Fri, 08 Apr 2022 05:57:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649422630; cv=none; d=google.com; s=arc-20160816; b=ORPjFx0w3CY17cNCiKpN1PaWQXJ5cKJtwjznKpt2xr/DKNtounurUmTmKn7ahq1ZZC S2NVLR7E+6L/czNPvcKOKLtrS8ISfyHDOGl49blf2wM4cEAik/bIZboNHaZTPCEegFnp Gm1Nd9r6r4K8PJQLE9FgzkOAngLU/iGA57H2pnnY5Hlb8msjjw+uSoCodqWBOd7L+4VH TVCO/6RSFGkiN3NjtKVi3kM51TIy6qWYMwQIBnvzCij05lyBmeLWj2hX2necFiIx0Qil fCwezRc7YMOi5RmUOVV3BpstNyuOuT3Ret39CFOkwtO/5Cc7lnM/PdJnf9bc7Jbis+e1 HF2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=Zi5H0FmeD0rF/p1EdJXf8XquvVXnKcXj0MqXRf6skfY=; b=U9iUQVpRkjdJuOxC9wnC4bONSUim3GUom9+oLTh4rPhps5Xv9Q+3bpkNJhtuRkwhhL ExUggE9tsDdnzOmmlraSwnGtJrd4TtqY2XGqeUjg/YZ++6dL0B9hRHxBFX5xT1pF4uLf zMb7/ImXSLetlxTor0XJnCJvVGBNxzK1zRjgbncyhIs6jH5KU8d8BoHePWzCvxeCwa5A iGehV4ulG3orcv6ep/d4K1+Xb/KrImGboHn0zXJVBVtLHGoXLzA9+xUGZVWH3z+qyQHe mUw+IqHTVVcIyzwFX+b2snWGTWt9MEnm4QEjIcTO5teQbPhxc2LLT6nyqJ1uElCUkWm8 QHKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Mpu9JsJy; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=rmf6TOZX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y40-20020a50bb2b000000b00418c2b5bdf6si790541ede.216.2022.04.08.05.56.43; Fri, 08 Apr 2022 05:57:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Mpu9JsJy; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=rmf6TOZX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233919AbiDHJRu (ORCPT + 99 others); Fri, 8 Apr 2022 05:17:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233095AbiDHJMG (ORCPT ); Fri, 8 Apr 2022 05:12:06 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57FC61F7607; Fri, 8 Apr 2022 02:09:14 -0700 (PDT) Date: Fri, 08 Apr 2022 09:09:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1649408953; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Zi5H0FmeD0rF/p1EdJXf8XquvVXnKcXj0MqXRf6skfY=; b=Mpu9JsJyt8y7vbMZMwCo4e+X1AkVhhvSR3XtwkJVc3XcarYeEcd9YQ3mHbj6igVvj9x+Pt Nneo4Y84izVv4ILd6yj3q3dUFaoH01HLFfmLmpp4hGI3f/rKhtxf23hGb6tWTokLKanJht FmwVGbJZh+NCi5PnaBwl8qI0KwqzyeQT5C7zIsT8H6hY9EtBBNQe8cUjFtJ6UPqBlBvir/ u8Nh35kxt5byfPjtNjlSQhv55jRwfSIfIE1jETv4L60bLLsqaz48AXshXJGykqSCx9i+ES 6IwhbH+N3w5YyvnCYRPLBlmAjK7z1Vjn72NI4JpPXjxC/PjnYsu2xM0eHsQFCg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1649408953; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Zi5H0FmeD0rF/p1EdJXf8XquvVXnKcXj0MqXRf6skfY=; b=rmf6TOZXU5mxZ/FTWq8SNAq6hWhqgPQiB1t2LAIT4GO0XgQMXTO2M12wgoDE40O4eRGgiC icGrE+U4shGalCDg== From: "tip-bot2 for Michael Roth" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/sev] x86/sev: Detect/setup SEV/SME features earlier in boot Cc: Michael Roth , Brijesh Singh , Borislav Petkov , Venu Busireddy , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20220307213356.2797205-9-brijesh.singh@amd.com> References: <20220307213356.2797205-9-brijesh.singh@amd.com> MIME-Version: 1.0 Message-ID: <164940895248.389.16682272531971510638.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/sev branch of tip: Commit-ID: bcce829083339bf862d66df602cbb111943da8fb Gitweb: https://git.kernel.org/tip/bcce829083339bf862d66df602cbb111943da8fb Author: Michael Roth AuthorDate: Wed, 09 Feb 2022 12:10:02 -06:00 Committer: Borislav Petkov CommitterDate: Wed, 06 Apr 2022 13:02:26 +02:00 x86/sev: Detect/setup SEV/SME features earlier in boot sme_enable() handles feature detection for both SEV and SME. Future patches will also use it for SEV-SNP feature detection/setup, which will need to be done immediately after the first #VC handler is set up. Move it now in preparation. Signed-off-by: Michael Roth Signed-off-by: Brijesh Singh Signed-off-by: Borislav Petkov Reviewed-by: Venu Busireddy Link: https://lore.kernel.org/r/20220307213356.2797205-9-brijesh.singh@amd.com --- arch/x86/kernel/head64.c | 3 --- arch/x86/kernel/head_64.S | 13 +++++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 4f5ecbb..cbc285d 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -192,9 +192,6 @@ unsigned long __head __startup_64(unsigned long physaddr, if (load_delta & ~PMD_PAGE_MASK) for (;;); - /* Activate Secure Memory Encryption (SME) if supported and enabled */ - sme_enable(bp); - /* Include the SME encryption mask in the fixup value */ load_delta += sme_get_me_mask(); diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index b8e3019..6bf340c 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -69,6 +69,19 @@ SYM_CODE_START_NOALIGN(startup_64) call startup_64_setup_env popq %rsi +#ifdef CONFIG_AMD_MEM_ENCRYPT + /* + * Activate SEV/SME memory encryption if supported/enabled. This needs to + * be done now, since this also includes setup of the SEV-SNP CPUID table, + * which needs to be done before any CPUID instructions are executed in + * subsequent code. + */ + movq %rsi, %rdi + pushq %rsi + call sme_enable + popq %rsi +#endif + /* Now switch to __KERNEL_CS so IRET works reliably */ pushq $__KERNEL_CS leaq .Lon_kernel_cs(%rip), %rax