Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7154936rwb; Wed, 23 Nov 2022 03:01:22 -0800 (PST) X-Google-Smtp-Source: AA0mqf4rYS0D7meYvI2Iy4aKzYsd5I62lgx/CfTpsNZh6ax4su2rdspjziP5Fm8ThUMbvbNzD+E7 X-Received: by 2002:a17:907:7e86:b0:7af:bc9:5e8d with SMTP id qb6-20020a1709077e8600b007af0bc95e8dmr23827584ejc.3.1669201282249; Wed, 23 Nov 2022 03:01:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669201282; cv=none; d=google.com; s=arc-20160816; b=z8KGtsDE9H2UPqr1Yc4JT6CTdGD0DeRkHXsDuThAxqa+n0+sAlU6DhaCOIlipfRyk5 MAGgoJzK0+zboSrzWAk7NjLLSQEW8B0zoSSKdaA/UBlTUODZAKZLAh0oFWp8CleVTNSa qwRenGSvyDRBW1QlMxPf3MLf2RPwexJFskYCL43c3FA2ohvsHhghCKgfz8kwp8+y7G2o iC6xvdVsE0TuP/8E54IhIi+sa0s4FAXaqgLIMA9o2uHlMhyy5ukGIoL8lgDx04XV+V12 rYgwxZjTwF7wkouUQCzlIDwe9ZkHRUuaVdnBnYcxLv1YlG9j4G48nLTh2NOg/Q1JvEDi XIfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BFjGMXlHg3TcPz+34w140e1Tv0t0lXT0KaNS3z4Fp7E=; b=gQnGfAN85G+tObkdKpwnRFAU3PIpoiJ3ZTMu/GlCCTYaWAdHHANCfzGeU72AYrho/V fkBy0Xg8ckZNSvgwaquQOBhtvN2s880TfzkQkG983tZTDLK7aIL+SWbEYKYgL0B9m52+ OdgF9MdF3TMnZiDsDAHvHntbR4sUGB42QbbiH3mAVJltatiACwCUSqZYwDTlsW4YDEUP E4bSEcaNuVRWADC4LjwloDgyV3mEr+dDmd21UVKrPCUFOl9HvdTBZQ3njAsSE1sCvAkF nvjy+ng0Ilfw0MZ6Oqb5l9RGaLy0VjScT8RGBSZwLrT6hrY9uk4GJoAAQvC75rgzjM8T 5+rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=P1omuEOF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qw11-20020a1709066a0b00b00787bacce740si3617159ejc.537.2022.11.23.03.00.57; Wed, 23 Nov 2022 03:01:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=P1omuEOF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236063AbiKWK5V (ORCPT + 89 others); Wed, 23 Nov 2022 05:57:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237270AbiKWK5B (ORCPT ); Wed, 23 Nov 2022 05:57:01 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7C86F242D; Wed, 23 Nov 2022 02:49:46 -0800 (PST) Received: from zn.tnic (p200300ea9733e747329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:9733:e747:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 2B2CC1EC064F; Wed, 23 Nov 2022 11:49:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1669200585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=BFjGMXlHg3TcPz+34w140e1Tv0t0lXT0KaNS3z4Fp7E=; b=P1omuEOFaA26NgokeFL5RB0ox+F6eVVDNOjA/cn4S1eYh+2O8Bbh+Y7WM6mKkqwnAJ3mjl Tiy0BNOhS3Xgu40yD6EmWHUOQonbzLVnh7+g7JFpS9wNrq50VB9/yJaEg848zcrnROWJkY FDMJJ3wiVyfauxwjiQj0yVWw+xm1+bw= Date: Wed, 23 Nov 2022 11:49:44 +0100 From: Borislav Petkov To: Tom Lendacky Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Dave Hansen , Michael Roth Subject: Re: [PATCH v3 00/17] x86: head_64.S spring cleaning Message-ID: References: <20221122161017.2426828-1-ardb@kernel.org> <5750d157-43dd-6f3d-1407-f41af3cff207@amd.com> <26c34f9e-3b09-7b10-09a2-993a50790447@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <26c34f9e-3b09-7b10-09a2-993a50790447@amd.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022 at 03:49:29PM -0600, Tom Lendacky wrote: > diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c > index cb5f0befee57..a0bfd31358ba 100644 > --- a/drivers/firmware/efi/libstub/x86-stub.c > +++ b/drivers/firmware/efi/libstub/x86-stub.c > @@ -23,7 +23,7 @@ > const efi_system_table_t *efi_system_table; > const efi_dxe_services_table_t *efi_dxe_table; > -u32 image_offset; > +u32 image_offset __section(".data"); > static efi_loaded_image_t *image = NULL; > static efi_status_t > > I assume it has to do with being in .data vs .bss and not being explicitly > cleared with the encryption bit set. With the change to put image_offset in > the .data section, it is read as zero, where as when it was in the .bss > section it was reading "ciphertext". Hmm, two points about this: 1. Can we do u32 image_offset __bss_decrypted; here instead? We have this special section just for that fun and it self-documents this way. 2. Also, why does my SEV-ES guest boot just fine without that change? [ 0.000000] Linux version 6.1.0-rc6+ (root@ml) (gcc (Debian 11.3.0-1) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP PREEMPT_DYNAMIC Wed Nov 23 11:27:17 CET 2022 ... [ 0.336132] Memory Encryption Features active: AMD SEV SEV-ES Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette