On 5/2/24 09:34, Alexey Kardashevskiy wrote:
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
A recent APM has defined a few more and has slightly different naming
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual
On 5/2/24 09:34, Alexey Kardashevskiy wrote:
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Cc: Liming
On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote:
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.
In this case rather than continuing to the next boot
option, the blob verifier should halt.
For non-confidential guests, the error should be non-fatal.
On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote:
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
There are some changes to messages from ERROR to WARN
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
#VC for #DB or DB7 read/write occurs as
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.
Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.
Since the actual
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
Reviewed-by: Tom Lendacky
---
Changes:
v4:
* added more from
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Michael Roth
Cc: Min Xu
Cc: Tom Lendacky
Signed-off-by:
301 - 310 of 310 matches
Mail list logo