Re: [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path

From: Dave Hansen
Date: Wed Feb 10 2021 - 11:26:22 EST


On 2/10/21 2:21 AM, Joerg Roedel wrote:
> +1: rdrand %eax
> + jnc 1b
> +2: rdrand %ebx
> + jnc 2b
> +
> + /* Store to memory and keep it in the registers */
> + movl %eax, rva(sev_check_data)(%ebp)
> + movl %ebx, rva(sev_check_data+4)(%ebp)
> +
> + /* Enable paging to see if encryption is active */
> + movl %cr0, %edx /* Backup %cr0 in %edx */
> + movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
> + movl %ecx, %cr0
> +
> + cmpl %eax, rva(sev_check_data)(%ebp)
> + jne 3f
> + cmpl %ebx, rva(sev_check_data+4)(%ebp)
> + jne 3f
> +
> + movl %edx, %cr0 /* Restore previous %cr0 */
> +
> + jmp 4f

This is all very cute. But, if this fails, it means that the .data
section is now garbage, right?. I guess failing here is less
entertaining than trying to run the kernel with random garbage in .data,
but it doesn't make it very far either way, right?

Why bother with rdrand, though? Couldn't you just pick any old piece of
.data and compare before and after?