On Wed, Jun 02, 2021 at 09:04:14AM -0500, Brijesh Singh wrote:
> While launching the encrypted guests, the hypervisor may need to provide
> some additional information that will used during the guest boot. In the
> case of AMD SEV-SNP the information includes the address of the secrets
> and CPUID pages. The secrets page contains information such as a VM to
> PSP communication key and CPUID page contain PSP filtered CPUID values.
>
> When booting under the EFI based BIOS, the EFI configuration table
> contains an entry for the confidential computing blob. In order to support
> booting encrypted guests on non EFI VM, the hypervisor to pass these
> additional information to the kernel with different method.
>
> For this purpose expand the struct setup_header to hold the physical
> address of the confidential computing blob location. Being zero means it
> isn't passed.
>
> Signed-off-by: Brijesh Singh <[email protected]>
> ---
> Documentation/x86/boot.rst | 27 +++++++++++++++++++++++++++
> arch/x86/boot/header.S | 7 ++++++-
> arch/x86/include/uapi/asm/bootparam.h | 1 +
> 3 files changed, 34 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/x86/boot.rst b/Documentation/x86/boot.rst
> index fc844913dece..9b32805617bb 100644
> --- a/Documentation/x86/boot.rst
> +++ b/Documentation/x86/boot.rst
> @@ -75,6 +75,8 @@ Protocol 2.14 BURNT BY INCORRECT COMMIT
> DO NOT USE!!! ASSUME SAME AS 2.13.
>
> Protocol 2.15 (Kernel 5.5) Added the kernel_info and kernel_info.setup_type_max.
> +
> +Protocol 2.16 (Kernel 5.14) Added the confidential computing blob address
> ============= ============================================================
>
> .. note::
> @@ -226,6 +228,7 @@ Offset/Size Proto Name Meaning
> 0260/4 2.10+ init_size Linear memory required during initialization
> 0264/4 2.11+ handover_offset Offset of handover entry point
> 0268/4 2.15+ kernel_info_offset Offset of the kernel_info
> +026C/4 2.16+ cc_blob_address Physical address of the confidential computing blob
Why is this a separate thing instead of being passed as setup_data?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On 6/18/2021 1:08 AM, Borislav Petkov wrote:
> On Wed, Jun 02, 2021 at 09:04:14AM -0500, Brijesh Singh wrote:
>> While launching the encrypted guests, the hypervisor may need to provide
>> some additional information that will used during the guest boot. In the
>> case of AMD SEV-SNP the information includes the address of the secrets
>> and CPUID pages. The secrets page contains information such as a VM to
>> PSP communication key and CPUID page contain PSP filtered CPUID values.
>>
>> When booting under the EFI based BIOS, the EFI configuration table
>> contains an entry for the confidential computing blob. In order to support
>> booting encrypted guests on non EFI VM, the hypervisor to pass these
>> additional information to the kernel with different method.
>>
>> For this purpose expand the struct setup_header to hold the physical
>> address of the confidential computing blob location. Being zero means it
>> isn't passed.
>>
>> Signed-off-by: Brijesh Singh <[email protected]>
>> ---
>> Documentation/x86/boot.rst | 27 +++++++++++++++++++++++++++
>> arch/x86/boot/header.S | 7 ++++++-
>> arch/x86/include/uapi/asm/bootparam.h | 1 +
>> 3 files changed, 34 insertions(+), 1 deletion(-)
>>
>> diff --git a/Documentation/x86/boot.rst b/Documentation/x86/boot.rst
>> index fc844913dece..9b32805617bb 100644
>> --- a/Documentation/x86/boot.rst
>> +++ b/Documentation/x86/boot.rst
>> @@ -75,6 +75,8 @@ Protocol 2.14 BURNT BY INCORRECT COMMIT
>> DO NOT USE!!! ASSUME SAME AS 2.13.
>>
>> Protocol 2.15 (Kernel 5.5) Added the kernel_info and kernel_info.setup_type_max.
>> +
>> +Protocol 2.16 (Kernel 5.14) Added the confidential computing blob address
>> ============= ============================================================
>>
>> .. note::
>> @@ -226,6 +228,7 @@ Offset/Size Proto Name Meaning
>> 0260/4 2.10+ init_size Linear memory required during initialization
>> 0264/4 2.11+ handover_offset Offset of handover entry point
>> 0268/4 2.15+ kernel_info_offset Offset of the kernel_info
>> +026C/4 2.16+ cc_blob_address Physical address of the confidential computing blob
>
> Why is this a separate thing instead of being passed as setup_data?
>
Don't have any strong reason to keep it separate, I can define a new type and use the
setup_data to pass this information.
-Brijesh
On Fri, Jun 18, 2021 at 08:57:12AM -0500, Brijesh Singh wrote:
> Don't have any strong reason to keep it separate, I can define a new
> type and use the setup_data to pass this information.
setup_data is exactly for use cases like that - pass a bunch of data
to the kernel. So there's no need for a separate thing. Also see that
kernel_info thing which got added recently for read_only data.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette