Re: [PATCH v11 39/45] x86/sev: Use firmware-validated CPUID for SEV-SNP guests
From: Michael Roth
Date: Thu Mar 03 2022 - 19:33:07 EST
On Thu, Mar 03, 2022 at 12:51:20PM +0100, Borislav Petkov wrote:
> On Thu, Feb 24, 2022 at 10:56:19AM -0600, Brijesh Singh wrote:
> > Also add an "sev_debug" kernel command-line parameter that will be used
> > (initially) to dump the CPUID table for debugging/analysis.
>
> No, not "sev_debug" - "sev=debug".
>
> I'm pretty sure there will be need for other SEV-specific cmdline
> options so this thing should be a set, i.e.,
> "sev=(option1,option2?,option3?,...)"
>
> etc.
>
> See mcheck_enable() and the comment above it for an example.
If I do it the mce_check() way it ends up looking something like the
below, is that what you add in mind?
In that case it seems to expect "mce=option1 mce=option2" etc. I could
open-code a parser to handle multiple options like sev=option1,option2
etc., but wanted to check with you first.
Also, should I go ahead and introduce struct sev_options now, or
just use a regular bool until more options are added later?
Thanks!
struct sev_options {
bool debug;
};
static struct sev_options sev_cmdline_opts;
...
static int __init process_sev_options(char *str)
{
if ((*str) == '=')
str++;
if (!strcmp(str, "debug")) {
sev_cmdline_opts.debug = true;
} else {
pr_info("SEV command-line option '%s' was not ecognized\n", str);
return 1;
}
return 0;
}
__setup("sev", process_sev_options);
static int __init report_cpuid_table(void)
{
...
if (sev_cmdline_opts.debug)
dump_cpuid_table();
}
arch_initcall(report_cpuid_table)
>
> --
> Regards/Gruss,
> Boris.
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpeople.kernel.org%2Ftglx%2Fnotes-about-netiquette&data=04%7C01%7CMichael.Roth%40amd.com%7C98ed7057691e4faf205e08d9fd0c2768%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637819050942268665%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=SxTMowEey9CFaqlUHfWKVuEqThTEGktHAO3JgQIttRE%3D&reserved=0