On 23 June 2017 at 20:42, Kees Cook wrote:
> On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo wrote:
>> Change Log v3->v4:
>> - Add comment 'the number of config tables' for 'nr_config_table' in efi
>> structure
>> - Initialize 'efi.nr_config_table' to
On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo wrote:
> Change Log v3->v4:
> - Add comment 'the number of config tables' for 'nr_config_table' in efi
> structure
> - Initialize 'efi.nr_config_table' to 0 in default
> - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in
On 6/23/2017 5:00 AM, Borislav Petkov wrote:
On Fri, Jun 16, 2017 at 01:56:19PM -0500, Tom Lendacky wrote:
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is
On Fri, Jun 16, 2017 at 01:56:39PM -0500, Tom Lendacky wrote:
> Add support to check if SME has been enabled and if memory encryption
> should be activated (checking of command line option based on the
> configuration of the default state). If memory encryption is to be
> activated, then the
On Fri, Jun 16, 2017 at 01:56:07PM -0500, Tom Lendacky wrote:
> When accessing memory using /dev/mem (or /dev/kmem) use the proper
> encryption attributes when mapping the memory.
>
> To insure the proper attributes are applied when reading or writing
> /dev/mem, update the xlate_dev_mem_ptr()
On Fri, Jun 16, 2017 at 01:55:54PM -0500, Tom Lendacky wrote:
> Xen does not currently support SME for PV guests. Clear the SME cpu
nitpick: s/cpu/CPU/
> capability in order to avoid any ambiguity.
>
> Signed-off-by: Tom Lendacky
> ---
> arch/x86/xen/enlighten_pv.c |
On Fri, Jun 16, 2017 at 01:55:45PM -0500, Tom Lendacky wrote:
> Provide support so that kexec can be used to boot a kernel when SME is
> enabled.
>
> Support is needed to allocate pages for kexec without encryption. This
> is needed in order to be able to reboot in the kernel in the same manner
The EFI capsule mechanism allows data blobs to be passed to the EFI
firmware. By setting the EFI_CAPSULE_POPULATE_SYSTEM_TABLE and the
EFI_CAPSULE_PERSIST_ACROSS_REBOOT flags, the firmware will place a
pointer to our data blob in the EFI System Table on the next boot.
We can utilise this facility
The 'nr_config_table' and 'config_table' (alreay in efi structure)
in efi structure provide a way for some driver(e.g. capsule-pstore
goes through the configuration table to extract crash capsules to
aid in debugging) to iterate over the EFI configuration table array.
Signed-off-by: Qiuxu Zhuo
Change Log v3->v4:
- Add comment 'the number of config tables' for 'nr_config_table' in efi
structure
- Initialize 'efi.nr_config_table' to 0 in default
- Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in
drivers/firmware/efi/arm-init.c -> uefi_init()
- Mark
10 matches
Mail list logo