[RFC,v2,16/20] x86: Check for memory encryption on the APs

Message ID	20160822223829.29880.10341.stgit@tlendack-t1.amdoffice.net (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: Tom Lendacky <thomas.lendacky@amd.com> Subject: [RFC PATCH v2 16/20] x86: Check for memory encryption on the APs To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>, <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>, <iommu@lists.linux-foundation.org> CC: Radim =?utf-8?b?S3LEjW3DocWZ?= <rkrcmar@redhat.com>, Arnd Bergmann <arnd@arndb.de>, Jonathan Corbet <corbet@lwn.net>, Matt Fleming <matt@codeblueprint.co.uk>, Joerg Roedel <joro@8bytes.org>, "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "Andy Lutomirski" <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, "Paolo Bonzini" <pbonzini@redhat.com>, Alexander Potapenko <glider@google.com>, Thomas Gleixner <tglx@linutronix.de>, Dmitry Vyukov <dvyukov@google.com> Date: Mon, 22 Aug 2016 17:38:29 -0500 Message-ID: <20160822223829.29880.10341.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ4OzIzOkJ5UjJDUys4ckI0L0RVcmsrdzlYbTBoVWdN?= =?utf-8?B?S29Bd0V1YzlHS1dmUityODRHb1QvU1RFYjI1WUpuQjAxWGE0QVRBUnBsMlFu?= =?utf-8?B?ZmNrbGpPRFc0ckVReUJXVGpETGRmN2RjMUExeG9PWnJPbnVkUnpwcVJnZmtR?= =?utf-8?B?T1hId0labWhXdWNIc2Z0SUpLVHpHaGpiNG1rcCtqczlXMmxPNGZkT2pLd2lr?= =?utf-8?B?TDRiQkZSOW1wTW5UTmd4OVpGeFViN3dOM00wVjZvNzBQMHNIcGdMVDNOSmdN?= =?utf-8?B?QUlFUkZ6MDZnMkVGc1FyRG1XaHkwcHBQZERpZ3NRRXBDeXdVK2R4RnV4ejVz?= =?utf-8?B?cytxYWxZNGppenNyblJJOUVybS9JSzJWbGthWVN6b09HVFlVTWRRTTJEM2VS?= =?utf-8?B?VWlqR2NwZlRMUHhUcC8zRUtsOXhpcjkwVHRZdXBxdXFCbVNRcW5TVG1pY0tF?= =?utf-8?B?NXEyam1rWUJnUUpoV2ZHbGxlc3JFSHVrSEFBYms4czlPUVM3b1RYY0JFN2pZ?= =?utf-8?B?RGtxWlBuQXh5THRUL2Z5SmRGL0dXVXBDRWx3d2JIZTlnbFptdDVxMFYvdjVF?= =?utf-8?B?bkVBWjdPZk9FaXBoQnVzU2xmMUQ0Mm9rS1plck1MQXlKSXZSWDBsajBGdU9T?= =?utf-8?B?ZkVNM2M5ZVhZNW5MeHFpS0lKVDFVeDJLcnVqNmU4Vkt0bDhybkhKRHJJQ1BR?= =?utf-8?B?RkVCUW8rem1LNTgxYTlQeHJYM1R5ZXhOZmVLTXEyVGVoNURkd29rQzM2VjFK?= =?utf-8?B?SVVXdEtDcmF2NzV4d1dlaTNrem1FUUY4ekNYd0hWcEZQM2hpZXJMcUxHRVY5?= =?utf-8?B?cDBtZ3hvY3pHYUlQRkhpWktmLzRvZEROTmY3eEdZd3laNzVRbTV1MUFDaEdF?= =?utf-8?B?enp0SFVyaE8wL21ZV3VoVFpLK0NGZWpJY1Zjd3JOMDhTbVk3L0tLeUxHQkE2?= =?utf-8?B?QmYrQ09LcmcvMVBmTVdGZk82S2MwNnRCY1UvRnYvL3czaDFZMzY2UmZpelRr?= =?utf-8?B?RjZnemxjZnpCTUpWcjlicVU0VlZHL2JHMUw0dXFUNFBQanZyaWxYOSsyZktT?= =?utf-8?B?a3c1dnlQZ1BYMGNQd0duQUVmNThjK0lpdGFYR1A4Uk5GbU11RHVscEVlOG1l?= =?utf-8?B?aW1QNnBQdGsrQmI4VElRcCtDU2V2UWhZSDFRcTdqNm9NUlNLa2loZ2xPend0?= =?utf-8?B?cnJlWnJVeHpsOEpndWdUVVgyRmdITmRSTG04QUJYMS9tdW5uTHgrRXRhTGtW?= =?utf-8?B?MkJRMXJYNC8zUUpLUTQ3M1FBOTVIVUpTMDdiOXdxNllmeDg5YU1EUjFUTEpw?= =?utf-8?B?cnVLeUpxM2llZTltMjBleFpOZ21xZFJiVDNyTkRhaU1zMzljeDBaaHltUEEx?= =?utf-8?B?UGVxUGlvdUJyVWpTb1BxVUxTM2x1dUVJYzE0dlhabTY3RGN4YTRxNlF3eGln?= =?utf-8?B?ZEl3VG5QTlFOWmo3ZzZSaXcwY01CUHB5YXh0dGdLa3FEZGphTmttcTNvR1B6?= =?utf-8?B?ZURZck94R0xaaXhmY3F3Z1FMT2lXbGlQS1ZDZVo3b0NtcWhsdURmKy9xOUZv?= =?utf-8?B?RGlxMWtrZzJDR1Nhemw5dVdoeVN3RWVoNTRYWHNLUkUwaHY0V0laU25mVllP?= =?utf-8?B?cjYwcDNjS0xEN1Y1R2hhNUNGRnFqSXF2cXV0VVRIMWM4RVJ3SUcvRHlEUE5t?= =?utf-8?B?Q0lIS3FvcjZ1dFdUaTZLSlRJTzlXcThsRUdPeDBCZkFpZlNSbnhlY29id09r?= =?utf-8?Q?UShcXR+Ivsudlu+hQKsJUEcQpjU4zfQBh6lFU=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 6:RatQ0LL+WhkLu5eFwmoIb9wHJ9l2qF4l0LcKfVLT/zpF9qpjk8pnOKJ4HiesOEXFjOLllgSOolyAyGGx7OdgFViKErnP6eMnd1qV/tyyq0nQ1F9Y2L0a1qXUB/G0dbQFIpqCrX58ra9itIErAJVX0AZWF2A68O2w1fmPvAkiBSzSeL45lqDrichizReDKEpsJ1mwhsQKzm/Q5iiQ4nzmbbmT6Heo3bhxOKQX60zL7Uf5xS1TBG70rx+7IszlV5WUqkoiC2mIijkB4W2sN3SqqDvq88lhf2NJCOHnSi60BsxIqz+GBHgrDxgXSiFgcOKDHPbVB+rAQQwhTEEYhYO7yg==; 5:2Wd78hPO3kIGxKOZ7tOB0yK7zT+CoBIvPVz23lXmz6aEjisqUZpXPkbh1Lp7CNhrpPAwIB8fdEarEqNsHUQbQqos72VefdAKneYh9XQ7UmxxykmBhAhrkCr1OzchXELdSUYlDvzBZifLNIppDxN9FA==; 24:uqTSKuFGODp7mejrRT0kwiZLN6KCq8lH+/XSDQqckv3yEVf573odAd709aydYTLpvNMceXVZoCCggngtTBrDGi0r6ARbxk1oO60MY2Ng0bw=; 7:OwnSKZbKdOHBHVNKaonurVi7RCKB0LLuTWjZ5PJfEWkGbS8bhGD/keF2IlP8982JtnF/FExT+cG5cXpzxJSuGCMzV8L6zipCrV5U+gwa/0NdsVbCUVi/KwSpuyG1D9LTb3DbjOc0oljdCip0YAwNCsI65dT/5oMEhoLWg5KP4yF7zin31UMn79dc6hfEMJdYh+PQoPjtui7Q6/J5nNqELeJrz3s2d+q573JwuP8A4GFsUpt5Z4DBxZudtfkjm/95 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 20:/yCU2YOfUHE0SMrl8QzR0rfxJ7slx7rshMk6Wb3z/Bl/LryxQUujNV3hfGJpCkXANCX7ep0XwaZ5SwJLb2NirYEmm/RgEmIJ8RwngqQ0Eyo+5zQAuGjss/eAEPKCxOHEM1+Oo9zamNJ5hpfDKjNjJzfIObZtiC4aZqkRBrH5MoXN4RW3c8Ag0sH85qpuNuWfwP9eciOhq/2mWdlvkwS1aCZH7vs9FeoTeqmAAIMS3XlHvigE9HsnMF1wWTeiIp+C Sender: kvm-owner@vger.kernel.org Precedence: bulk

Message ID

20160822223829.29880.10341.stgit@tlendack-t1.amdoffice.net (mailing list archive)

State

New, archived

Headers

From: Tom Lendacky <thomas.lendacky@amd.com>
Subject: [RFC PATCH v2 16/20] x86: Check for memory encryption on the APs
To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
	<kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>,
	<x86@kernel.org>, <linux-kernel@vger.kernel.org>,
	<kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
	<iommu@lists.linux-foundation.org>
CC: Radim =?utf-8?b?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
	Arnd Bergmann <arnd@arndb.de>, Jonathan Corbet <corbet@lwn.net>,
	Matt Fleming <matt@codeblueprint.co.uk>, Joerg Roedel <joro@8bytes.org>,
	"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"Andy Lutomirski" <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	Alexander Potapenko <glider@google.com>,
	Thomas Gleixner <tglx@linutronix.de>, Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 22 Aug 2016 17:38:29 -0500
Message-ID: <20160822223829.29880.10341.stgit@tlendack-t1.amdoffice.net>
In-Reply-To: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net>
References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 22:38:33.3631
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1148
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Commit Message

Tom Lendacky Aug. 22, 2016, 10:38 p.m. UTC

Add support to check if memory encryption is active in the kernel and that
it has been enabled on the AP. If memory encryption is active in the kernel
but has not been enabled on the AP then do not allow the AP to continue
start up.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/include/asm/msr-index.h     |    2 ++
 arch/x86/include/asm/realmode.h      |   12 ++++++++++++
 arch/x86/realmode/init.c             |    4 ++++
 arch/x86/realmode/rm/trampoline_64.S |   19 +++++++++++++++++++
 4 files changed, 37 insertions(+)


--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Borislav Petkov Sept. 12, 2016, 12:17 p.m. UTC | #1

On Mon, Aug 22, 2016 at 05:38:29PM -0500, Tom Lendacky wrote:
> Add support to check if memory encryption is active in the kernel and that
> it has been enabled on the AP. If memory encryption is active in the kernel
> but has not been enabled on the AP then do not allow the AP to continue
> start up.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  arch/x86/include/asm/msr-index.h     |    2 ++
>  arch/x86/include/asm/realmode.h      |   12 ++++++++++++
>  arch/x86/realmode/init.c             |    4 ++++
>  arch/x86/realmode/rm/trampoline_64.S |   19 +++++++++++++++++++
>  4 files changed, 37 insertions(+)

...

> diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
> index dac7b20..94e29f4 100644
> --- a/arch/x86/realmode/rm/trampoline_64.S
> +++ b/arch/x86/realmode/rm/trampoline_64.S
> @@ -30,6 +30,7 @@
>  #include <asm/msr.h>
>  #include <asm/segment.h>
>  #include <asm/processor-flags.h>
> +#include <asm/realmode.h>
>  #include "realmode.h"
>  
>  	.text
> @@ -92,6 +93,23 @@ ENTRY(startup_32)
>  	movl	%edx, %fs
>  	movl	%edx, %gs
>  
> +	/* Check for memory encryption support */
> +	bt	$TH_FLAGS_SME_ENABLE_BIT, pa_tr_flags
> +	jnc	.Ldone
> +	movl	$MSR_K8_SYSCFG, %ecx
> +	rdmsr
> +	bt	$MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax
> +	jc	.Ldone
> +
> +	/*
> +	 * Memory encryption is enabled but the MSR has not been set on this
> +	 * CPU so we can't continue

Hmm, let me try to parse this correctly: BSP has SME enabled but the
BIOS might not've set this on the AP? Really? Is that even possible?

Because if SME is enabled, that means that MSR_K8_SYSCFG[23] on the BSP
is set, right?

Also, I want to rule out here simple BIOS idiocy: if the only problem
with the bit not being set in the AP is because some BIOS monkey forgot
to do so, then we should try to set it ourselves and not die for no real
reason.

Or is there another issue?

Borislav Petkov Sept. 12, 2016, 4:43 p.m. UTC | #2

On Mon, Aug 22, 2016 at 05:38:29PM -0500, Tom Lendacky wrote:
> Add support to check if memory encryption is active in the kernel and that
> it has been enabled on the AP. If memory encryption is active in the kernel

A small nit: let's write out "AP" the first time at least: "... on the
Application Processors (AP)." for more clarity.

Tom Lendacky Sept. 14, 2016, 1:50 p.m. UTC | #3

On 09/12/2016 07:17 AM, Borislav Petkov wrote:
> On Mon, Aug 22, 2016 at 05:38:29PM -0500, Tom Lendacky wrote:
>> Add support to check if memory encryption is active in the kernel and that
>> it has been enabled on the AP. If memory encryption is active in the kernel
>> but has not been enabled on the AP then do not allow the AP to continue
>> start up.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>>  arch/x86/include/asm/msr-index.h     |    2 ++
>>  arch/x86/include/asm/realmode.h      |   12 ++++++++++++
>>  arch/x86/realmode/init.c             |    4 ++++
>>  arch/x86/realmode/rm/trampoline_64.S |   19 +++++++++++++++++++
>>  4 files changed, 37 insertions(+)
> 
> ...
> 
>> diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
>> index dac7b20..94e29f4 100644
>> --- a/arch/x86/realmode/rm/trampoline_64.S
>> +++ b/arch/x86/realmode/rm/trampoline_64.S
>> @@ -30,6 +30,7 @@
>>  #include <asm/msr.h>
>>  #include <asm/segment.h>
>>  #include <asm/processor-flags.h>
>> +#include <asm/realmode.h>
>>  #include "realmode.h"
>>  
>>  	.text
>> @@ -92,6 +93,23 @@ ENTRY(startup_32)
>>  	movl	%edx, %fs
>>  	movl	%edx, %gs
>>  
>> +	/* Check for memory encryption support */
>> +	bt	$TH_FLAGS_SME_ENABLE_BIT, pa_tr_flags
>> +	jnc	.Ldone
>> +	movl	$MSR_K8_SYSCFG, %ecx
>> +	rdmsr
>> +	bt	$MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax
>> +	jc	.Ldone
>> +
>> +	/*
>> +	 * Memory encryption is enabled but the MSR has not been set on this
>> +	 * CPU so we can't continue
> 
> Hmm, let me try to parse this correctly: BSP has SME enabled but the
> BIOS might not've set this on the AP? Really? Is that even possible?

Anything is possible, although it's highly unlikely.

> 
> Because if SME is enabled, that means that MSR_K8_SYSCFG[23] on the BSP
> is set, right?

Correct.

> 
> Also, I want to rule out here simple BIOS idiocy: if the only problem
> with the bit not being set in the AP is because some BIOS monkey forgot
> to do so, then we should try to set it ourselves and not die for no real
> reason.

Yes, we can do that.  I was debating on which way to go with this. Most
likely this would never happen, but if it did...  I can change this to
set the MSR bit and continue.

Thanks,
Tom

> 
> Or is there another issue?
> 
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Tom Lendacky Sept. 14, 2016, 2:12 p.m. UTC | #4

On 09/12/2016 11:43 AM, Borislav Petkov wrote:
> On Mon, Aug 22, 2016 at 05:38:29PM -0500, Tom Lendacky wrote:
>> Add support to check if memory encryption is active in the kernel and that
>> it has been enabled on the AP. If memory encryption is active in the kernel
> 
> A small nit: let's write out "AP" the first time at least: "... on the
> Application Processors (AP)." for more clarity.

Will do.

Thanks,
Tom

> 
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 56f4c66..797d228 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -336,6 +336,8 @@ 
 #define MSR_K8_TOP_MEM1			0xc001001a
 #define MSR_K8_TOP_MEM2			0xc001001d
 #define MSR_K8_SYSCFG			0xc0010010
+#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT	23
+#define MSR_K8_SYSCFG_MEM_ENCRYPT	(1ULL << MSR_K8_SYSCFG_MEM_ENCRYPT_BIT)
 #define MSR_K8_INT_PENDING_MSG		0xc0010055
 /* C1E active bits in int pending message */
 #define K8_INTP_C1E_ACTIVE_MASK		0x18000000
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 230e190..c89e326 100644
--- a/arch/x86/include/asm/realmode.h
+++ b/arch/x86/include/asm/realmode.h
@@ -1,6 +1,15 @@ 
 #ifndef _ARCH_X86_REALMODE_H
 #define _ARCH_X86_REALMODE_H
 
+/*
+ * Flag bit definitions for use with the flags field of the trampoline header
+ * when configured for X86_64
+ */
+#define TH_FLAGS_SME_ENABLE_BIT		0
+#define TH_FLAGS_SME_ENABLE		(1ULL << TH_FLAGS_SME_ENABLE_BIT)
+
+#ifndef __ASSEMBLY__
+
 #include <linux/types.h>
 #include <asm/io.h>
 
@@ -38,6 +47,7 @@  struct trampoline_header {
 	u64 start;
 	u64 efer;
 	u32 cr4;
+	u32 flags;
 #endif
 };
 
@@ -69,4 +79,6 @@  static inline size_t real_mode_size_needed(void)
 void set_real_mode_mem(phys_addr_t mem, size_t size);
 void reserve_real_mode(void);
 
+#endif /* __ASSEMBLY__ */
+
 #endif /* _ARCH_X86_REALMODE_H */
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
index f74925f..c3edb49 100644
--- a/arch/x86/realmode/init.c
+++ b/arch/x86/realmode/init.c
@@ -101,6 +101,10 @@  static void __init setup_real_mode(void)
 	trampoline_cr4_features = &trampoline_header->cr4;
 	*trampoline_cr4_features = mmu_cr4_features;
 
+	trampoline_header->flags = 0;
+	if (sme_me_mask)
+		trampoline_header->flags |= TH_FLAGS_SME_ENABLE;
+
 	trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd);
 	trampoline_pgd[0] = trampoline_pgd_entry.pgd;
 	trampoline_pgd[511] = init_level4_pgt[511].pgd;
diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
index dac7b20..94e29f4 100644
--- a/arch/x86/realmode/rm/trampoline_64.S
+++ b/arch/x86/realmode/rm/trampoline_64.S
@@ -30,6 +30,7 @@ 
 #include <asm/msr.h>
 #include <asm/segment.h>
 #include <asm/processor-flags.h>
+#include <asm/realmode.h>
 #include "realmode.h"
 
 	.text
@@ -92,6 +93,23 @@  ENTRY(startup_32)
 	movl	%edx, %fs
 	movl	%edx, %gs
 
+	/* Check for memory encryption support */
+	bt	$TH_FLAGS_SME_ENABLE_BIT, pa_tr_flags
+	jnc	.Ldone
+	movl	$MSR_K8_SYSCFG, %ecx
+	rdmsr
+	bt	$MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax
+	jc	.Ldone
+
+	/*
+	 * Memory encryption is enabled but the MSR has not been set on this
+	 * CPU so we can't continue
+	 */
+.Lno_sme:
+	hlt
+	jmp	.Lno_sme
+.Ldone:
+
 	movl	pa_tr_cr4, %eax
 	movl	%eax, %cr4		# Enable PAE mode
 
@@ -147,6 +165,7 @@  GLOBAL(trampoline_header)
 	tr_start:		.space	8
 	GLOBAL(tr_efer)		.space	8
 	GLOBAL(tr_cr4)		.space	4
+	GLOBAL(tr_flags)	.space	4
 END(trampoline_header)
 
 #include "trampoline_common.S"

[RFC,v2,16/20] x86: Check for memory encryption on the APs

Commit Message

Comments

Patch