Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS

From: Tom Lendacky
Date: Wed Mar 12 2025 - 10:47:08 EST

Next message: John Garry: "Re: [PATCH v5 09/10] xfs: Allow block allocator to take an alignment hint"
Previous message: David Woodhouse: "[PATCH v7 3/8] x86/kexec: Debugging support: Dump registers on exception"
In reply to: Joerg Roedel: "[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS"
Next in thread: Joerg Roedel: "Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/12/25 09:41, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@xxxxxxx>
>
> Current user-space tooling which needs access to the SEV_STATUS MSR is
> using the MSR module. The use of this module poses a security risk in
> any trusted execution environment and is generally discouraged.
>
> Instead, provide an file in SYSFS in the /sys/hypervisor/sev/
> directory to provide the value of the SEV_STATUS MSR to user-space.
>
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
> ---
> Documentation/ABI/testing/sysfs-hypervisor | 5 +++++
> arch/x86/coco/sev/core.c | 9 +++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-hypervisor b/Documentation/ABI/testing/sysfs-hypervisor
> index aca8b02c878c..54c80899c19c 100644
> --- a/Documentation/ABI/testing/sysfs-hypervisor
> +++ b/Documentation/ABI/testing/sysfs-hypervisor
> @@ -1,5 +1,6 @@
> What: /sys/devices/system/cpu/sev
> /sys/devices/system/cpu/sev/vmpl
> + /sys/devices/system/cpu/sev/sev_status
> Date: May 2024
> Contact: Linux kernel mailing list <linux-kernel@xxxxxxxxxxxxxxx>
> Description: Secure Encrypted Virtualization (SEV) information
> @@ -8,3 +9,7 @@ Description: Secure Encrypted Virtualization (SEV) information
>
> vmpl: Reports the Virtual Machine Privilege Level (VMPL) at which
> the SEV-SNP guest is running.
> +
> + sev_status: Reports the value of the SEV_STATUS MSR which
> + enumerates the enabled features of an SEV-SNP
> + environment.
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index 51a04a19449b..3e834ce9badc 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -2678,10 +2678,19 @@ static ssize_t vmpl_show(struct kobject *kobj,
> return sysfs_emit(buf, "%d\n", snp_vmpl);
> }
>
> +static ssize_t sev_status_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + return sysfs_emit(buf, "%llx\n", sev_status);

Should it be prefixed with '0x'? That would make use of functions like
atoi() and strtol() easier.

Thanks,
Tom

> +}
> +
> static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
> +static struct kobj_attribute sev_status_attr = __ATTR_RO(sev_status);
> +
>
> static struct attribute *vmpl_attrs[] = {
> &vmpl_attr.attr,
> + &sev_status_attr.attr,
> NULL
> };
>

Next message: John Garry: "Re: [PATCH v5 09/10] xfs: Allow block allocator to take an alignment hint"
Previous message: David Woodhouse: "[PATCH v7 3/8] x86/kexec: Debugging support: Dump registers on exception"
In reply to: Joerg Roedel: "[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS"
Next in thread: Joerg Roedel: "Re: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]