Re: [PATCH v7 01/45] x86/compressed/64: detect/setup SEV/SME features earlier in boot
From: Borislav Petkov
Date: Fri Nov 12 2021 - 11:53:04 EST
On Wed, Nov 10, 2021 at 04:06:47PM -0600, Brijesh Singh wrote:
> +void sev_enable(struct boot_params *bp)
> +{
> + unsigned int eax, ebx, ecx, edx;
> +
> + /* Check for the SME/SEV support leaf */
> + eax = 0x80000000;
> + ecx = 0;
> + native_cpuid(&eax, &ebx, &ecx, &edx);
> + if (eax < 0x8000001f)
> + return;
> +
> + /*
> + * Check for the SME/SEV feature:
> + * CPUID Fn8000_001F[EAX]
> + * - Bit 0 - Secure Memory Encryption support
> + * - Bit 1 - Secure Encrypted Virtualization support
> + * CPUID Fn8000_001F[EBX]
> + * - Bits 5:0 - Pagetable bit position used to indicate encryption
> + */
> + eax = 0x8000001f;
> + ecx = 0;
> + native_cpuid(&eax, &ebx, &ecx, &edx);
> + /* Check whether SEV is supported */
> + if (!(eax & BIT(1)))
> + return;
> +
> + /* Check the SEV MSR whether SEV or SME is enabled */
> + sev_status = rd_sev_status_msr();
> +
> + if (!(sev_status & MSR_AMD64_SEV_ENABLED))
> + error("SEV support indicated by CPUID, but not SEV status MSR.");
What is the practical purpose of this test?
> + sme_me_mask = 1UL << (ebx & 0x3f);
sme_me_mask = BIT_ULL(ebx & 0x3f);
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette