On Mon, Oct 02, 2017 at 06:32:18AM -0500, Brijesh Singh wrote:
Because sev_enabled will always be 'false' when we are booting on bare
metal. Whereas when we are running under hypervisor then this variable
will be true for the SEV guest, please see [1].
Ok, then. This needs absolutely to be documented. Please add a comment
over sev_enabled's definition.
Both sev_active() and sme_active() make use of this variable
hence we will not be able to set the sev_enabled variable on bare
metal. Basically none of the SEV cases will be executed on bare
metal -- only thing which we need to take care of is clearing the
X86_FEATURE_SEV flag so that hypervisor will never launch SEV guest
when mem_encrypt=sme option is provided.
In that case, you want to disable SEV at the guest loading point,
i.e., sev_guest_init() AFAICT is the earliest time we start prepping
a SEV guest. You can add a __setup() early param which parses
"mem_encrypt=sme", to arch/x86/kernel/cpu/amd.c and which sets a
sev_host_enabled bool or so. sev_guest_init() can then check that
variable before going any further. No need for any of that early parsing
changes.