Re: [RFC PATCH v4 00/28] x86: Secure Memory Encryption (AMD)

On Tue, Feb 21, 2017 at 12:42:45PM -0500, Rik van Riel wrote: > Do we want that in kernel/ or in arch/x86/mm/ ? If you'd ask me, I don't have a strong preference. It is a pile of functionality which is part of the SME feature and as such, it is closer to the CPU. So arch/x86/cpu/sme.c or so. But

Re: [RFC PATCH v4 00/28] x86: Secure Memory Encryption (AMD)

On Sat, 2017-02-18 at 19:12 +0100, Borislav Petkov wrote: > On Thu, Feb 16, 2017 at 09:41:59AM -0600, Tom Lendacky wrote: > > > >  create mode 100644 Documentation/x86/amd-memory-encryption.txt > >  create mode 100644 arch/x86/include/asm/mem_encrypt.h > >  create mode 100644 arch/x86/kernel/mem_e

Re: [RFC PATCH v4 07/28] x86: Provide general kernel support for memory encryption

On 2/20/2017 9:21 AM, Borislav Petkov wrote: On Thu, Feb 16, 2017 at 09:43:32AM -0600, Tom Lendacky wrote: Adding general kernel support for memory encryption includes: - Modify and create some page table macros to include the Secure Memory Encryption (SME) memory encryption mask Let's not w

Re: [RFC PATCH v4 06/28] x86: Add support to enable SME during early boot processing

On Tue, Feb 21, 2017 at 08:55:30AM -0600, Tom Lendacky wrote: > Actually, %rbp will have the encryption bit set in it at the time of the > check so if SME is active we won't take the jump to .Lskip_fixup. Ha, I didn't think of that! Do you see now what I mean with being explicit in the asm boot co

Re: [RFC PATCH v4 00/28] x86: Secure Memory Encryption (AMD)

On 2/18/2017 12:12 PM, Borislav Petkov wrote: On Thu, Feb 16, 2017 at 09:41:59AM -0600, Tom Lendacky wrote: create mode 100644 Documentation/x86/amd-memory-encryption.txt create mode 100644 arch/x86/include/asm/mem_encrypt.h create mode 100644 arch/x86/kernel/mem_encrypt_boot.S create mode 1

Re: [RFC PATCH v4 14/28] Add support to access boot related data in the clear

On Thu, Feb 16, 2017 at 09:45:09AM -0600, Tom Lendacky wrote: > Boot data (such as EFI related data) is not encrypted when the system is > booted and needs to be mapped decrypted. Add support to apply the proper > attributes to the EFI page tables and to the early_memremap and memremap > APIs to i

Re: [RFC PATCH v4 06/28] x86: Add support to enable SME during early boot processing

On 2/20/2017 6:51 AM, Borislav Petkov wrote: On Thu, Feb 16, 2017 at 09:43:19AM -0600, Tom Lendacky wrote: This patch adds support to the early boot code to use Secure Memory Encryption (SME). Support is added to update the early pagetables with the memory encryption mask and to encrypt the ker

Re: [RFC PATCH v1] iommu/io-pgtable-arm-v7s: Check for leaf entry right after finding it

Hi, Robin. On Tue, Feb 21, 2017 at 2:00 PM, Robin Murphy wrote: > On 16/02/17 13:52, Oleksandr Tyshchenko wrote: >> From: Oleksandr Tyshchenko >> >> Do a check for already installed leaf entry at the current level before >> performing any actions when trying to map. >> >> This check is already p

Re: [RFC PATCH v4 13/28] efi: Update efi_mem_type() to return defined EFI mem types

On Thu, 16 Feb, at 09:44:57AM, Tom Lendacky wrote: > Update the efi_mem_type() to return EFI_RESERVED_TYPE instead of a > hardcoded 0. > > Signed-off-by: Tom Lendacky > --- > arch/x86/platform/efi/efi.c |4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/pla

Re: [RFC PATCH v1] iommu/io-pgtable-arm-v7s: Check for leaf entry right after finding it

On 16/02/17 13:52, Oleksandr Tyshchenko wrote: > From: Oleksandr Tyshchenko > > Do a check for already installed leaf entry at the current level before > performing any actions when trying to map. > > This check is already present in arm_v7s_init_pte(), i.e. before > installing new leaf entry at