function is then used where a virtual
address of the PGD needs to be created/used from the cr3 register.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/special_insns.h |9 +
arch/x86/kernel/head64.c |2 +-
arch/x86/mm/fault.c | 10 +-
arch/x86
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head_64.S |1
arch/x86/mm/mem_encrypt.c | 93 +++--
2 files changed, 89 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 1fe944b..660bf8e 100644
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is encrypted by copying it through
a temporary buffer.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm
Add a cmdline_find_option() function to look for cmdline options that
take arguments. The argument is returned in a supplied buffer and the
argument length (regardless of whether it fits in the supplied buffer)
is returned, with -1 indicating not found.
Signed-off-by: Tom Lendacky
---
arch/x86
mapped encrypted then the VMA protection
value is updated to remove the encryption bit.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h |3 +++
arch/x86/mm/ioremap.c | 18 +-
arch/x86/mm/pat.c |3 +++
3 files changed, 15 insertions(+), 9 deletions
Since video memory needs to be accessed decrypted, be sure that the
memory encryption mask is not set for the video ranges.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/vga.h | 14 +-
arch/x86/mm/pageattr.c |2 ++
drivers/gpu/drm/drm_gem.c|2
tables.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h |2 +-
arch/x86/kvm/mmu.c | 12
arch/x86/kvm/mmu.h |2 +-
arch/x86/kvm/svm.c | 35 ++-
arch/x86/kvm/vmx.c |3
encryption bit. This
can cause random memory corruption when caches are flushed depending on
which cacheline is written last.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/init.h |1 +
arch/x86/include/asm/kexec.h |8
arch/x86/include/asm/pgtable_types.h
the
AP to continue start up.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/realmode.h | 12
arch/x86/realmode/init.c |4
arch/x86/realmode/rm/trampoline_64.S | 24
3 files changed, 40 insertions(+)
diff --git a/arch/x86
Add warnings to let the user know when bounce buffers are being used for
DMA when SME is active. Since the bounce buffers are not in encrypted
memory, these notifications are to allow the user to determine some
appropriate action - if necessary.
Signed-off-by: Tom Lendacky
---
arch/x86/include
included in these physical addresses during configuration.
The PTE entries created by the IOMMU should also include the encryption
mask so that when the device behind the IOMMU performs a DMA, the DMA
will be performed to encrypted memory.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm
-by: Tom Lendacky
---
arch/x86/include/asm/dma-mapping.h |5 ++-
arch/x86/include/asm/mem_encrypt.h |5 +++
arch/x86/kernel/pci-dma.c | 11 +--
arch/x86/kernel/pci-nommu.c|2 +
arch/x86/kernel/pci-swiotlb.c | 15 --
arch/x86/mm/mem_encrypt.c
Add a function that will determine if a supplied physical address matches
the address of an EFI table.
Signed-off-by: Tom Lendacky
---
drivers/firmware/efi/efi.c | 33 +
include/linux/efi.h|7 +++
2 files changed, 40 insertions(+)
diff --git a
remapping, ioremap_cache() will be used
instead, which will provide a decrypted mapping of the boot related data.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h |4 +
arch/x86/mm/ioremap.c | 179 +
include/linux/io.h|2
Add a function that will return the E820 type associated with an address
range.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/e820/api.h |2 ++
arch/x86/kernel/e820.c | 26 +++---
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/arch/x86
initrd, encrypt this data in place. Since the future mapping of the
initrd area will be mapped as encrypted the data will be accessed properly.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 11 +
arch/x86/include/asm/pgtable.h |3 +
arch/x86/kernel/head64.c
initrd will have been loaded by the boot loader and will not be
encrypted, but the memory that it resides in is marked as encrypted).
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 15 +++
arch/x86/mm/mem_encrypt.c | 76
s that the hardware will never give the core a
dirty line with this memtype.
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig |4 +++
arch/x86/include/asm/fixmap.h| 13 ++
arch/x86/include/asm/pgtable_types.h |8 ++
arch/x86/mm/ioremap.c
encryption mask so
that user-space allocations will automatically have the encryption mask
applied.
Signed-off-by: Tom Lendacky
---
arch/x86/boot/compressed/pagetable.c |7 +
arch/x86/include/asm/fixmap.h|7 +
arch/x86/include/asm/mem_encrypt.h | 25
Create a pgd_pfn() macro similar to the p[um]d_pfn() macros and then
use the p[gum]d_pfn() macros in the p[gum]d_page() macros instead of
duplicating the code.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable.h | 16 +---
1 file changed, 9 insertions(+), 7 deletions
routines depending on CONFIG_AMD_MEM_ENCRYPT.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head_64.S | 61 -
arch/x86/mm/Makefile |4 +--
arch/x86/mm/mem_encrypt.c | 26 +++
3 files changed, 86 insertions(+), 5 deletions
.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cpufeatures.h |1 +
arch/x86/include/asm/msr-index.h |2 ++
arch/x86/kernel/cpu/amd.c | 13 +
arch/x86/kernel/cpu/scattered.c|1 +
4 files changed, 17 insertions(+)
diff --git a/arch/x86/include/asm
Add support for Secure Memory Encryption (SME). This initial support
provides a Kconfig entry to build the SME support into the kernel and
defines the memory encryption mask that will be used in subsequent
patches to mark pages as encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig
have the encryption bit set. So only use the
phys_to_virt() function if SME is not active
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c |7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index bbc558b..2a0fa89
being mapped
decrypted vs encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/dmi.h |8
arch/x86/kernel/acpi/boot.c |6 +++---
arch/x86/kernel/kdebugfs.c | 34 +++---
arch/x86/kernel/ksysfs.c | 28 ++--
arch
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/x86
For processors that support PAT, set the write-protect cache mode
(_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
Acked-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/pat.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch
Create a Documentation entry to describe the AMD Secure Memory
Encryption (SME) feature and add documentation for the mem_encrypt=
kernel parameter.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
Documentation/admin-guide/kernel-parameters.txt | 11
Documentation/x86/amd
reduction of physical address size
of the processor. It is possible that BIOS could have configured resources
resources into a range that will now not be addressable. To prevent this,
rely on BIOS to set the SYSCFG[MEME] bit and only then enable memory
encryption support in the ke
On 5/31/2017 3:49 AM, Borislav Petkov wrote:
On Tue, May 30, 2017 at 10:37:03AM -0500, Tom Lendacky wrote:
I can define the command line option and the "on" and "off" values as
character buffers in the function and initialize them on a per character
basis (using a static st
On 5/31/2017 4:51 AM, Borislav Petkov wrote:
On Tue, May 30, 2017 at 11:39:07AM -0500, Tom Lendacky wrote:
Yes, it's from objtool:
arch/x86/mm/mem_encrypt_boot.o: warning: objtool: .text+0xd2: return
instruction outside of a callable function
Oh, well, let's make it a global symbol
On 5/16/2017 12:35 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:20:56PM -0500, Tom Lendacky wrote:
Since video memory needs to be accessed decrypted, be sure that the
memory encryption mask is not set for the video ranges.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/vga.h
On 5/26/2017 11:35 AM, Borislav Petkov wrote:
On Fri, May 26, 2017 at 11:22:36AM -0500, Tom Lendacky wrote:
In addition to the same issue as efi.memmap.phys_map, efi_phys has
the __initdata attribute so it will be released/freed which will cause
problems in checks performed afterwards.
Sounds
On 5/25/2017 11:17 PM, Xunlei Pang wrote:
On 04/19/2017 at 05:21 AM, Tom Lendacky wrote:
Provide support so that kexec can be used to boot a kernel when SME is
enabled.
Support is needed to allocate pages for kexec without encryption. This
is needed in order to be able to reboot in the kernel
On 5/21/2017 2:16 AM, Borislav Petkov wrote:
On Fri, May 19, 2017 at 03:50:32PM -0500, Tom Lendacky wrote:
The "worker" function would be doing the loop through the setup data,
but since the setup data is mapped inside the loop I can't do the __init
calling the non-init function
On 5/26/2017 11:25 AM, Borislav Petkov wrote:
On Thu, May 25, 2017 at 05:24:27PM -0500, Tom Lendacky wrote:
I guess I could do that, but this will probably only end up clearing a
single PGD entry anyway since it's highly doubtful the address range
would cross a 512GB boundary.
Or yo
On 5/19/2017 3:16 PM, Josh Poimboeuf wrote:
On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote:
it is called so early. I can get past it by adding:
CFLAGS_mem_encrypt.o := $(nostackp)
in the arch/x86/mm/Makefile, but that obviously eliminates the support
for the whole file. Would
On 5/19/2017 6:30 AM, Borislav Petkov wrote:
On Fri, Apr 21, 2017 at 01:56:13PM -0500, Tom Lendacky wrote:
On 4/18/2017 4:22 PM, Tom Lendacky wrote:
Add support to check if SME has been enabled and if memory encryption
should be activated (checking of command line option based on the
On 5/30/2017 9:55 AM, Borislav Petkov wrote:
> On Tue, May 30, 2017 at 09:38:36AM -0500, Tom Lendacky wrote:
>> In this case we're running identity mapped and the "on" constant ends up
>> as kernel address (0x81...) which results in a segfault.
>
>
On 5/19/2017 6:27 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:22:23PM -0500, Tom Lendacky wrote:
Add support to check if SME has been enabled and if memory encryption
should be activated (checking of command line option based on the
configuration of the default state). If memory
On 5/18/2017 2:50 PM, Matt Fleming wrote:
On Mon, 15 May, at 08:35:17PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:21PM -0500, Tom Lendacky wrote:
+ paddr = boot_params.efi_info.efi_memmap_hi;
+ paddr <<= 32;
+
, 2017 at 04:22:12PM -0500, Tom Lendacky wrote:
Add sysfs support for SME so that user-space utilities (kdump, etc.) can
determine if SME is active.
But why do user-space tools need to know that?
I mean, when we load the kdump kernel, we do it with the first kernel,
with the kexec_load() syscall
On 5/18/2017 7:46 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:21:49PM -0500, Tom Lendacky wrote:
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is
On 5/19/2017 4:28 PM, Borislav Petkov wrote:
On Fri, May 19, 2017 at 04:07:24PM -0500, Tom Lendacky wrote:
As long as those never change from static inline everything will be
fine. I can change it, but I really like how it explicitly indicates
I know what you want to do. But you&#x
On 5/19/2017 3:58 PM, Borislav Petkov wrote:
On Fri, May 19, 2017 at 03:45:28PM -0500, Tom Lendacky wrote:
Actually there is. The above will result in data in the cache because
halt() turns into a function call if CONFIG_PARAVIRT is defined (refer
to the comment above where do_wbinvd_halt is
On 5/18/2017 4:02 AM, Borislav Petkov wrote:
On Wed, May 17, 2017 at 01:54:39PM -0500, Tom Lendacky wrote:
I was worried what the compiler might do when CONFIG_EFI is not set,
but it appears to take care of it. I'll double check though.
There's a efi_enabled() !CONFIG_EFI versi
On 5/17/2017 2:17 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:21:21PM -0500, Tom Lendacky wrote:
Provide support so that kexec can be used to boot a kernel when SME is
enabled.
Support is needed to allocate pages for kexec without encryption. This
is needed in order to be able to
On 5/16/2017 9:52 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:20:19PM -0500, Tom Lendacky wrote:
Add warnings to let the user know when bounce buffers are being used for
DMA when SME is active. Since the bounce buffers are not in encrypted
memory, these notifications are to allow the
On 5/16/2017 9:27 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:20:10PM -0500, Tom Lendacky wrote:
Since DMA addresses will effectively look like 48-bit addresses when the
memory encryption mask is set, SWIOTLB is needed if the DMA mask of the
device performing the DMA does not support
On 5/16/2017 9:04 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:42PM -0500, Tom Lendacky wrote:
Persistent memory is expected to persist across reboots. The encryption
key used by SME will change across reboots which will result in corrupted
persistent memory. Persistent memory is
On 5/16/2017 3:36 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:30PM -0500, Tom Lendacky wrote:
The SMP MP-table is built by UEFI and placed in memory in a decrypted
state. These tables are accessed using a mix of early_memremap(),
early_memunmap(), phys_to_virt() and virt_to_phys
On 5/15/2017 1:35 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:21PM -0500, Tom Lendacky wrote:
Boot data (such as EFI related data) is not encrypted when the system is
booted because UEFI/BIOS does not run with SME active. In order to access
this data properly it needs to be mapped
On 5/15/2017 1:09 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:18:48PM -0500, Tom Lendacky wrote:
Add a function that will determine if a supplied physical address matches
the address of an EFI table.
Signed-off-by: Tom Lendacky
---
drivers/firmware/efi/efi.c | 33
On 5/4/2017 9:36 AM, Borislav Petkov wrote:
On Thu, May 04, 2017 at 09:24:11AM -0500, Tom Lendacky wrote:
I did this so that an the include order wouldn't cause issues (including
asm/mem_encrypt.h followed by later by a linux/mem_encrypt.h include).
I can make this a bit clearer by h
On 5/7/2017 12:18 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:00PM -0500, Tom Lendacky wrote:
The efi_mem_type() function currently returns a 0, which maps to
EFI_RESERVED_TYPE, if the function is unable to find a memmap entry for
the supplied physical address. Returning
On 5/4/2017 5:16 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:18:22PM -0500, Tom Lendacky wrote:
The boot data and command line data are present in memory in a decrypted
state and are copied early in the boot process. The early page fault
support will map these areas as encrypted, so
On 4/27/2017 11:12 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:17:54PM -0500, Tom Lendacky wrote:
Changes to the existing page table macros will allow the SME support to
be enabled in a simple fashion with minimal changes to files that use these
macros. Since the memory encryption
On 4/27/2017 10:46 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:17:27PM -0500, Tom Lendacky wrote:
Add support for Secure Memory Encryption (SME). This initial support
provides a Kconfig entry to build the SME support into the kernel and
defines the memory encryption mask that will be
On 4/27/2017 10:52 AM, Dave Hansen wrote:
On 04/27/2017 12:25 AM, Dave Young wrote:
On 04/21/17 at 02:55pm, Dave Hansen wrote:
On 04/18/2017 02:22 PM, Tom Lendacky wrote:
Add sysfs support for SME so that user-space utilities (kdump, etc.) can
determine if SME is active.
A new directory will
On 4/27/2017 2:25 AM, Dave Young wrote:
On 04/21/17 at 02:55pm, Dave Hansen wrote:
On 04/18/2017 02:22 PM, Tom Lendacky wrote:
Add sysfs support for SME so that user-space utilities (kdump, etc.) can
determine if SME is active.
A new directory will be created:
/sys/kernel/mm/sme/
And two
On 4/24/2017 10:57 AM, Dave Hansen wrote:
On 04/24/2017 08:53 AM, Tom Lendacky wrote:
On 4/21/2017 4:52 PM, Dave Hansen wrote:
On 04/18/2017 02:17 PM, Tom Lendacky wrote:
@@ -55,7 +57,7 @@ static inline void copy_user_page(void *to, void
*from, unsigned long vaddr,
__phys_addr_symbol
On 4/21/2017 4:52 PM, Dave Hansen wrote:
On 04/18/2017 02:17 PM, Tom Lendacky wrote:
@@ -55,7 +57,7 @@ static inline void copy_user_page(void *to, void *from,
unsigned long vaddr,
__phys_addr_symbol(__phys_reloc_hide((unsigned long)(x)))
#ifndef __va
-#define __va(x
On 4/20/2017 11:59 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:17:11PM -0500, Tom Lendacky wrote:
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Signed-off-by: Tom Lendacky
---
arch
On 4/18/2017 4:22 PM, Tom Lendacky wrote:
Add support to check if SME has been enabled and if memory encryption
should be activated (checking of command line option based on the
configuration of the default state). If memory encryption is to be
activated, then the encryption mask is set and the
On 4/21/2017 9:55 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:17:35PM -0500, Tom Lendacky wrote:
Add support to the early boot code to use Secure Memory Encryption (SME).
Since the kernel has been loaded into memory in a decrypted state, support
is added to encrypt the kernel in place
Btw, I tried to update all the subjects and descriptions to be
more descriptive but I'm sure there is still room for improvement
so keep the comments on them coming.
On Tue, Apr 18, 2017 at 04:16:25PM -0500, Tom Lendacky wrote:
Create a Documentation entry to describe the AMD Secure Memo
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head_64.S |1 +
arch/x86/mm/mem_encrypt.c | 83 +++--
2 files changed, 80 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index abfe5ee..77d7495 100644
Add sysfs support for SME so that user-space utilities (kdump, etc.) can
determine if SME is active.
A new directory will be created:
/sys/kernel/mm/sme/
And two entries within the new directory:
/sys/kernel/mm/sme/active
/sys/kernel/mm/sme/encryption_mask
Signed-off-by: Tom Lendacky
-by: Tom Lendacky
---
arch/x86/include/asm/dma-mapping.h |5 ++-
arch/x86/include/asm/mem_encrypt.h |5 +++
arch/x86/kernel/pci-dma.c | 11 +--
arch/x86/kernel/pci-nommu.c|2 +
arch/x86/kernel/pci-swiotlb.c |8 -
arch/x86/mm/mem_encrypt.c
encryption bit. This
can cause random memory corruption when caches are flushed depending on
which cacheline is written last.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/init.h |1 +
arch/x86/include/asm/irqflags.h |5 +
arch/x86/include/asm/kexec.h
Add a cmdline_find_option() function to look for cmdline options that
take arguments. The argument is returned in a supplied buffer and the
argument length (regardless of whether it fits in the supplied buffer)
is returned, with -1 indicating not found.
Signed-off-by: Tom Lendacky
---
arch/x86
Since video memory needs to be accessed decrypted, be sure that the
memory encryption mask is not set for the video ranges.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/vga.h | 13 +
arch/x86/mm/pageattr.c |2 ++
drivers/gpu/drm/drm_gem.c|2
tables.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h |2 +-
arch/x86/kvm/mmu.c | 12
arch/x86/kvm/mmu.h |2 +-
arch/x86/kvm/svm.c | 35 ++-
arch/x86/kvm/vmx.c |3
.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c | 31 ++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index bce0604..55317ba 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is encrypted by copying it through
a temporary buffer.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm
generated. By preventing RAM remapping,
ioremap_cache() will be used instead, which will provide a decrypted
mapping of the boot related data.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h |4 +
arch/x86/mm/ioremap.c | 182
For now, disable the AMD IOMMU if memory encryption is active. A future
patch will re-enable the function with full memory encryption support.
Signed-off-by: Tom Lendacky
---
drivers/iommu/amd_iommu_init.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/drivers/iommu
Add warnings to let the user know when bounce buffers are being used for
DMA when SME is active. Since the bounce buffers are not in encrypted
memory, these notifications are to allow the user to determine some
appropriate action - if necessary.
Signed-off-by: Tom Lendacky
---
arch/x86/include
the
AP to continue start up.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/realmode.h | 12
arch/x86/realmode/init.c |4
arch/x86/realmode/rm/trampoline_64.S | 24
3 files changed, 40 insertions(+)
diff --git a/arch/x86
When Secure Memory Encryption is enabled, the trampoline area must not
be encrypted. A CPU running in real mode will not be able to decrypt
memory that has been encrypted because it will not be able to use addresses
with the memory encryption mask.
Signed-off-by: Tom Lendacky
---
arch/x86
mask range.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cacheflush.h |3 ++
arch/x86/mm/pageattr.c| 62 +
2 files changed, 65 insertions(+)
diff --git a/arch/x86/include/asm/cacheflush.h
b/arch/x86/include/asm/cacheflush.h
index e7
functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head_64.S | 61 -
arch/x86/mm/Makefile |4 +--
arch/x86/mm/mem_encrypt.c | 26 +++
3 files changed, 86
encryption mask so that the data can be successfully accessed when
SME is active.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/mpparse.c | 102 +++--
1 file changed, 71 insertions(+), 31 deletions(-)
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel
Add a function that will determine if a supplied physical address matches
the address of an EFI table.
Signed-off-by: Tom Lendacky
---
drivers/firmware/efi/efi.c | 33 +
include/linux/efi.h|7 +++
2 files changed, 40 insertions(+)
diff --git a
successfully. The pagetable mapping
as well as the kernel are also added to the pagetable mapping as encrypted.
All other EFI mappings are mapped decrypted (tables, etc.).
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 15 +++
1 file changed, 11 insertions(+), 4
initrd, encrypt this data in place. Since the future mapping of the
initrd area will be mapped as encrypted the data will be accessed properly.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 11 +
arch/x86/include/asm/pgtable.h |3 +
arch/x86/kernel/head64.c
encryption mask so
that user-space allocations will automatically have the encryption mask
applied.
Signed-off-by: Tom Lendacky
---
arch/x86/boot/compressed/pagetable.c |7 +
arch/x86/include/asm/fixmap.h|7 +
arch/x86/include/asm/mem_encrypt.h | 25
Add a function that will return the E820 type associated with an address
range.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/e820/api.h |2 ++
arch/x86/kernel/e820.c | 26 +++---
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/arch/x86
initrd will have been loaded by the boot loader and will not be
encrypted, but the memory that it resides in is marked as encrypted).
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 15 +++
arch/x86/mm/mem_encrypt.c | 76
Create a Documentation entry to describe the AMD Secure Memory
Encryption (SME) feature and add documentation for the mem_encrypt=
kernel parameter.
Signed-off-by: Tom Lendacky
---
Documentation/admin-guide/kernel-parameters.txt | 11
Documentation/x86/amd-memory-encryption.txt
on to return a negative error value when no memmap entry is
found.
Signed-off-by: Tom Lendacky
---
arch/ia64/kernel/efi.c |4 ++--
arch/x86/platform/efi/efi.c |6 +++---
include/linux/efi.h |2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/ia64/k
s that the hardware will never give the core a
dirty line with this memtype.
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig |4 +++
arch/x86/include/asm/fixmap.h| 13 ++
arch/x86/include/asm/pgtable_types.h |8 ++
arch/x86/mm/ioremap.c
For processors that support PAT, set the write-protect cache mode
(_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
Acked-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/pat.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch
s,
rely on BIOS to set the SYSCFG[MEME] bit and only then enable memory
encryption support in the kernel.
Tom Lendacky (32):
x86: Documentation for AMD Secure Memory Encryption (SME)
x86/mm/pat: Set write-protect cache mode for full PAT support
x86, mpparse, x86/acpi, x86/PCI,
Add support for Secure Memory Encryption (SME). This initial support
provides a Kconfig entry to build the SME support into the kernel and
defines the memory encryption mask that will be used in subsequent
patches to mark pages as encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig
Add support for Secure Memory Encryption (SME). This initial support
provides a Kconfig entry to build the SME support into the kernel and
defines the memory encryption mask that will be used in subsequent
patches to mark pages as encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/arch
.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cpufeatures.h |1 +
arch/x86/include/asm/msr-index.h |2 ++
arch/x86/kernel/cpu/amd.c | 15 +++
arch/x86/kernel/cpu/scattered.c|1 +
4 files changed, 19 insertions(+)
diff --git a/arch/x86/include/asm
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/arch
Create a pgd_pfn() and p4d_pfn() macro similar to the p[um]d_pfn() macros
and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros
instead of duplicating the code.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable.h | 16 +---
1 file changed, 9 insertions
301 - 400 of 409 matches
Mail list logo
