On Tue, Apr 18, 2017 at 04:22:23PM -0500, Tom Lendacky wrote:
> Add support to check if SME has been enabled and if memory encryption
> should be activated (checking of command line option based on the
> configuration of the default state). If memory encryption is to be
> activated, then the
On 05/17/17 at 07:51am, Eric DeVolder wrote:
> > > diff --git a/kexec/firmware_memmap.c b/kexec/firmware_memmap.c
> > > index 4d84f00..1ee214a 100644
> > > --- a/kexec/firmware_memmap.c
> > > +++ b/kexec/firmware_memmap.c
> > > @@ -164,6 +164,10 @@ static int parse_memmap_entry(const char *entry,
On Fri, Apr 21, 2017 at 01:56:13PM -0500, Tom Lendacky wrote:
> On 4/18/2017 4:22 PM, Tom Lendacky wrote:
> > Add support to check if SME has been enabled and if memory encryption
> > should be activated (checking of command line option based on the
> > configuration of the default state). If
On 5/17/2017 2:17 PM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:21:21PM -0500, Tom Lendacky wrote:
Provide support so that kexec can be used to boot a kernel when SME is
enabled.
Support is needed to allocate pages for kexec without encryption. This
is needed in order to be able to
On 5/18/2017 4:02 AM, Borislav Petkov wrote:
On Wed, May 17, 2017 at 01:54:39PM -0500, Tom Lendacky wrote:
I was worried what the compiler might do when CONFIG_EFI is not set,
but it appears to take care of it. I'll double check though.
There's a efi_enabled() !CONFIG_EFI version too, so
On Fri, May 19, 2017 at 03:45:28PM -0500, Tom Lendacky wrote:
> Actually there is. The above will result in data in the cache because
> halt() turns into a function call if CONFIG_PARAVIRT is defined (refer
> to the comment above where do_wbinvd_halt is set to true). I could make
> this a
On 5/19/2017 3:58 PM, Borislav Petkov wrote:
On Fri, May 19, 2017 at 03:45:28PM -0500, Tom Lendacky wrote:
Actually there is. The above will result in data in the cache because
halt() turns into a function call if CONFIG_PARAVIRT is defined (refer
to the comment above where do_wbinvd_halt is
On Fri, May 19, 2017 at 04:07:24PM -0500, Tom Lendacky wrote:
> As long as those never change from static inline everything will be
> fine. I can change it, but I really like how it explicitly indicates
I know what you want to do. But you're practically defining a helper
which contains two
On 5/19/2017 4:28 PM, Borislav Petkov wrote:
On Fri, May 19, 2017 at 04:07:24PM -0500, Tom Lendacky wrote:
As long as those never change from static inline everything will be
fine. I can change it, but I really like how it explicitly indicates
I know what you want to do. But you're
On 5/16/2017 9:27 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:20:10PM -0500, Tom Lendacky wrote:
Since DMA addresses will effectively look like 48-bit addresses when the
memory encryption mask is set, SWIOTLB is needed if the DMA mask of the
device performing the DMA does not support
On 5/16/2017 9:04 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:19:42PM -0500, Tom Lendacky wrote:
Persistent memory is expected to persist across reboots. The encryption
key used by SME will change across reboots which will result in corrupted
persistent memory. Persistent memory is
On 5/16/2017 9:52 AM, Borislav Petkov wrote:
On Tue, Apr 18, 2017 at 04:20:19PM -0500, Tom Lendacky wrote:
Add warnings to let the user know when bounce buffers are being used for
DMA when SME is active. Since the bounce buffers are not in encrypted
memory, these notifications are to allow the
On Fri, May 19, 2017 at 03:16:51PM -0500, Josh Poimboeuf wrote:
> I'm the stack validation guy, not the stack protection guy :-)
LOL. I thought you were *the* stacks guy. :-)))
But once you've validated it, you could protect it then too. :-)
--
Regards/Gruss,
Boris.
Good mailing practices
On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote:
> > it is called so early. I can get past it by adding:
> >
> > CFLAGS_mem_encrypt.o := $(nostackp)
> >
> > in the arch/x86/mm/Makefile, but that obviously eliminates the support
> > for the whole file. Would it be better to split
14 matches
Mail list logo