Re: [PATCH v11 14/20] x86/sev: Add Secure TSC support for SNP guests

[Tom Lendacky]

On 7/31/24 10:08, Nikunj A Dadhania wrote:
> Add support for Secure TSC in SNP-enabled guests. Secure TSC allows guests
> to securely use RDTSC/RDTSCP instructions, ensuring that the parameters
> used cannot be altered by the hypervisor once the guest is launched.
> 
> Secure TSC-enabled guests need to query TSC information from the AMD
> Security Processor. This communication channel is encrypted between the AMD
> Security Processor and the guest, with the hypervisor acting merely as a
> conduit to deliver the guest messages to the AMD Security Processor. Each
> message is protected with AEAD (AES-256 GCM). Use a minimal AES GCM library
> to encrypt and decrypt SNP guest messages for communication with the PSP.
> 
> Use mem_encrypt_init() to fetch SNP TSC information from the AMD Security
> Processor and initialize snp_tsc_scale and snp_tsc_offset. During secondary
> CPU initialization, set the VMSA fields GUEST_TSC_SCALE (offset 2F0h) and
> GUEST_TSC_OFFSET (offset 2F8h) with snp_tsc_scale and snp_tsc_offset,
> respectively.
> 
> Since handle_guest_request() is common routine used by both the SEV guest
> driver and Secure TSC code, move it to the SEV header file.
> 
> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
> Tested-by: Peter Gonda <pgonda@xxxxxxxxxx>

Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

> ---
>  arch/x86/include/asm/sev-common.h       |  1 +
>  arch/x86/include/asm/sev.h              | 46 +++++++++++++
>  arch/x86/include/asm/svm.h              |  6 +-
>  arch/x86/coco/sev/core.c                | 91 +++++++++++++++++++++++++
>  arch/x86/mm/mem_encrypt.c               |  4 ++
>  drivers/virt/coco/sev-guest/sev-guest.c | 19 ------
>  6 files changed, 146 insertions(+), 21 deletions(-)
>