Re: [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path

From: Tom Lendacky
Date: Wed Feb 10 2021 - 15:46:27 EST


On 2/10/21 10:47 AM, Dave Hansen wrote:
On 2/10/21 2:21 AM, Joerg Roedel wrote:
+ /* Store to memory and keep it in the registers */
+ movl %eax, rva(sev_check_data)(%ebp)
+ movl %ebx, rva(sev_check_data+4)(%ebp)
+
+ /* Enable paging to see if encryption is active */
+ movl %cr0, %edx /* Backup %cr0 in %edx */
+ movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
+ movl %ecx, %cr0
+
+ cmpl %eax, rva(sev_check_data)(%ebp)
+ jne 3f
+ cmpl %ebx, rva(sev_check_data+4)(%ebp)
+ jne 3f

Also, I know that turning paging on is a *BIG* barrier. But, I didn't
think it has any effect on the caches.

I would expect that the underlying physical address of 'sev_check_data'
would change when paging gets enabled because paging sets the C bit.
So, how does the write of 'sev_check_data' get out of the caches and
into memory where it can be read back with the new physical address?

I think there's some bit of the SEV architecture that I'm missing.

Non-paging memory accesses are always considered private (APM Volume 2, 15.34.4) and thus are cached with the C bit set.

Thanks,
Tom