Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

From: Tom Lendacky
Date: Thu Mar 16 2017 - 12:12:42 EST

Next message: Andre Przywara: "Re: [PATCH v1 5/7] arm64: dts: rockchip: add core dtsi file for RK3328 SoCs"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/6] tools headers: Sync {tools/,}arch/x86/include/asm/cpufeatures.h"
In reply to: Borislav Petkov: "Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active"
Next in thread: Borislav Petkov: "Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/16/2017 10:09 AM, Borislav Petkov wrote:

On Thu, Mar 16, 2017 at 09:28:58AM -0500, Tom Lendacky wrote:

Because there are differences between how SME and SEV behave
(instruction fetches are always decrypted under SEV, DMA to an
encrypted location is not supported under SEV, etc.) we need to
determine which mode we are in so that things can be setup properly
during boot. For example, if SEV is active the kernel will already
be encrypted and so we don't perform that step or the trampoline area
for bringing up an AP must be decrypted for SME but encrypted for SEV.

So with SEV enabled, it seems to me a guest doesn't know anything about
encryption and can run as if SME is disabled. So sme_active() will be
false. And then the kernel can bypass all that code dealing with SME.

So a guest should simply run like on baremetal with no SME, IMHO.

Not quite. The guest still needs to understand about the encryption mask
so that it can protect memory by setting the encryption mask in the
pagetable entries. It can also decide when to share memory with the
hypervisor by not setting the encryption mask in the pagetable entries.

But then there's that part: "instruction fetches are always decrypted
under SEV". What does that mean exactly? And how much of that code can

"Instruction fetches are always decrypted under SEV" means that,
regardless of how a virtual address is mapped, encrypted or decrypted,
if an instruction fetch is performed by the CPU from that address it
will always be decrypted. This is to prevent the hypervisor from
injecting executable code into the guest since it would have to be
valid encrypted instructions.

be reused so that

* SME on baremetal
* SEV on guest

use the same logic?

There are many areas that use the same logic, but there are certain
situations where we need to check between SME vs SEV (e.g. DMA operation
setup or decrypting the trampoline area) and act accordingly.

Thanks,
Tom

Having the larger SEV preparation part on the kvm host side is perfectly
fine. But I'd like to keep kernel initialization paths clean.

Thanks.

Next message: Andre Przywara: "Re: [PATCH v1 5/7] arm64: dts: rockchip: add core dtsi file for RK3328 SoCs"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/6] tools headers: Sync {tools/,}arch/x86/include/asm/cpufeatures.h"
In reply to: Borislav Petkov: "Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active"
Next in thread: Borislav Petkov: "Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]