Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

On 23 June 2017 at 20:42, Kees Cook wrote: > On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo wrote: >> Change Log v3->v4: >> - Add comment 'the number of config tables' for 'nr_config_table' in efi >> structure >> - Initialize 'efi.nr_config_table' to

Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo wrote: > Change Log v3->v4: > - Add comment 'the number of config tables' for 'nr_config_table' in efi > structure > - Initialize 'efi.nr_config_table' to 0 in default > - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in

Re: [PATCH v7 34/36] x86/mm: Add support to encrypt the kernel in-place

On 6/23/2017 5:00 AM, Borislav Petkov wrote: On Fri, Jun 16, 2017 at 01:56:19PM -0500, Tom Lendacky wrote: Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is

Re: [PATCH v7 36/36] x86/mm: Add support to make use of Secure Memory Encryption

On Fri, Jun 16, 2017 at 01:56:39PM -0500, Tom Lendacky wrote: > Add support to check if SME has been enabled and if memory encryption > should be activated (checking of command line option based on the > configuration of the default state). If memory encryption is to be > activated, then the

Re: [PATCH v7 33/36] x86/mm: Use proper encryption attributes with /dev/mem

On Fri, Jun 16, 2017 at 01:56:07PM -0500, Tom Lendacky wrote: > When accessing memory using /dev/mem (or /dev/kmem) use the proper > encryption attributes when mapping the memory. > > To insure the proper attributes are applied when reading or writing > /dev/mem, update the xlate_dev_mem_ptr()

Re: [PATCH v7 32/36] xen/x86: Remove SME feature in PV guests

On Fri, Jun 16, 2017 at 01:55:54PM -0500, Tom Lendacky wrote: > Xen does not currently support SME for PV guests. Clear the SME cpu nitpick: s/cpu/CPU/ > capability in order to avoid any ambiguity. > > Signed-off-by: Tom Lendacky > --- > arch/x86/xen/enlighten_pv.c |

Re: [PATCH v7 31/36] x86/mm, kexec: Allow kexec to be used with SME

On Fri, Jun 16, 2017 at 01:55:45PM -0500, Tom Lendacky wrote: > Provide support so that kexec can be used to boot a kernel when SME is > enabled. > > Support is needed to allocate pages for kexec without encryption. This > is needed in order to be able to reboot in the kernel in the same manner

[PATCH v4 2/2] eif/capsule-pstore: Add capsule pstore backend

The EFI capsule mechanism allows data blobs to be passed to the EFI firmware. By setting the EFI_CAPSULE_POPULATE_SYSTEM_TABLE and the EFI_CAPSULE_PERSIST_ACROSS_REBOOT flags, the firmware will place a pointer to our data blob in the EFI System Table on the next boot. We can utilise this facility

[PATCH v4 1/2] efi: Add 'nr_config_table' variable in efi structure

The 'nr_config_table' and 'config_table' (alreay in efi structure) in efi structure provide a way for some driver(e.g. capsule-pstore goes through the configuration table to extract crash capsules to aid in debugging) to iterate over the EFI configuration table array. Signed-off-by: Qiuxu Zhuo

[PATCH v4 0/2] Add EFI capsule pstore backend support

Change Log v3->v4: - Add comment 'the number of config tables' for 'nr_config_table' in efi structure - Initialize 'efi.nr_config_table' to 0 in default - Set 'efi.nr_config_table' to 'efi.systab->nr_tables' in drivers/firmware/efi/arm-init.c -> uefi_init() - Mark