Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

From: Borislav Petkov
Date: Wed May 31 2017 - 04:49:39 EST


On Tue, May 30, 2017 at 10:37:03AM -0500, Tom Lendacky wrote:
> I can define the command line option and the "on" and "off" values as
> character buffers in the function and initialize them on a per character
> basis (using a static string causes the same issues as referencing a
> string constant), i.e.:
>
> char cmdline_arg[] = {'m', 'e', 'm', '_', 'e', 'n', 'c', 'r', 'y', 'p', 't', '\0'};
> char cmdline_off[] = {'o', 'f', 'f', '\0'};
> char cmdline_on[] = {'o', 'n', '\0'};
>
> It doesn't look the greatest, but it works and removes the need for the
> rip-relative addressing.

Well, I'm not thrilled about this one either. It's like being between a
rock and a hard place. :-\

On the one hand, we need the encryption mask before we do the fixups and
OTOH we need to do the fixups in order to access the strings properly.
Yuck.

Well, the only thing I can think of right now is maybe define
"mem_encrypt=" at the end of head_64.S and pass it in from asm to
sme_enable() and then do the "on"/"off" comparsion with local char
buffers. That could make it less ugly...

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.