From patchwork Wed Jun 7 19:13:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9772523 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BB21760234 for ; Wed, 7 Jun 2017 19:13:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A687D2848D for ; Wed, 7 Jun 2017 19:13:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9A3CE284D5; Wed, 7 Jun 2017 19:13:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B77B12848D for ; Wed, 7 Jun 2017 19:13:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751992AbdFGTNk (ORCPT ); Wed, 7 Jun 2017 15:13:40 -0400 Received: from mail-bl2nam02on0066.outbound.protection.outlook.com ([104.47.38.66]:55680 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751592AbdFGTNb (ORCPT ); Wed, 7 Jun 2017 15:13:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TOHVngYbj0l4LKXjySUZf3F/OuX+dWVCggLI2M9tAV4=; b=ZNsTxW6eNlDsqkp2y1BtVd1lSXpvm9oLMN94KFz54nlijOMXBzkLbICjme4WGGG+NjsXqIQXm7uXl0OzJjyoj9JMfws918SiMIMf5F2To0kPoSSICyaGCvMl0CN/pcXWATiNGTyitLhGsELuBc3lmYKt34Fa0SCXElsxrOm/AtY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.12; Wed, 7 Jun 2017 19:13:24 +0000 From: Tom Lendacky Subject: [PATCH v6 01/34] x86: Document AMD Secure Memory Encryption (SME) To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Dave Young , Thomas Gleixner , Dmitry Vyukov Date: Wed, 07 Jun 2017 14:13:21 -0500 Message-ID: <20170607191320.28645.51540.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR17CA0047.namprd17.prod.outlook.com (10.175.189.33) To MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWHPR12MB1149: X-MS-Office365-Filtering-Correlation-Id: 46e00911-b237-4ca3-f1ad-08d4add94716 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1149; 3:w7mSPtLusiyyB5TKKeSnX6d7x8cQcZldSb9FiMgy+zzpNr8TSS+YMkpX12BbgGpNTDZD98UBYfJn9WMlSwHKvZUQSvzdW6UIY6MMk7O94fQXn5B5vaW6CWVrHmB6EnuYNNoKlfMefZdSJoWYF3INgSo4CJIpJVXk0qE55o/OgeTFxcooi8/xahbdwOTEKQsYxvf1WCOIeYkndtKEGisZ0mXVblK97O7qmI0dkqYn+6R7dF3NbiiiCaeVYbLHOH4kfcvH98Agu58FlJTlXKbJCL5iBJQJZnczrZFNoeg/pqsgScBYewwUmn2k2dlN/biTbMZL/m9Q4PWLD6xlmUTmfq263ZrE2BDHD6Zr9Ho/R4o=; 25:TORaLIQlInJnm9KSjVCMPr/9NXGYps0W6xLeOiMzHIR7xqfm5UFj0jJWFvC/ac3Cmy5a7vDbCK4LRF+8Bn4azCj0FKZMqa946VUavN1slk2RP6hEDOFerC/lRjkfoiryTqpuUcEqyLkWnPmh8RkEyXN+6S+8a5zndtEvwA6q7fsDbB/9YChkXiutQ6L7BYt2IqhvDql8pNwON0tllsYMVPNv4sBBR5GT8o31tUoE4X4cOGVClk69bBd2P6C/eImw4o48GUcGAFV6nvwO+LnCBbu2qsiUKxFMaxWNLFG8A6/ootOw9k72FG0Y4DdarPCFzAZrvsSOUukoQM7XUMK1+HfEnz1l0DoHs/wADD6ug+lmEoo+uFPjjKhLQuuSRcg5hwa5Y38rng0jTZYZAvZsiFdZP+dce4KYRnMOeIuaQzWIZ/1yRqj7wN6YCAq9V70qxkmYEkgZEaH7WJd+uB4199pbWilsz9KqkUTiVL1n29U= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1149; 31:SUTPvLHstSkA9l03yoFLBrc93jPeDeX/JuxEJM4JKwcFFwQ1ZrTSRSaYf9ovyOV7ew8/i8e08iWOnARzRwf1CRAJY0Wul2k92AO75uq30cewTmq/dD1zjjOMZC3NzA9Np5GsAFyhMmUKlfFd73SS0mtz1CVAlSHGoNvb720EnHLhvXmY5+jV1sj1I4gEeNSRTle2RTNgaVzLI9PnkGmlPGqRjZOVZUWH5ubvpwuX9xg=; 20:pQ4Tqvq5gn1QYBCtnkuW6nzsKARLTUTFYILV6lnobVOZ1lTzaxIbEM/SAY9u9BcIw/Ycw3zn+8oll5S/OsS/8JGTcBTIpRBsRaVJ+Q8xp3ajQifBkPjqvE8tnzSpaa37F5UXnMhiY0s3wSbJcmCQZ+hniLRp2vp8W0KZk/Y1nb+Gb22xU2SZhMAP+Rn60jBupSY0j7qkkcKnQ/3744GHjOVvUE7hSEJovSlDNODmQmxLW3yVjuQnptGP3vwT+DIdMsXtbU5Zb9adlSUN0aZlX+5id2HEL9hpEGMGYq7ah37t3/f40h8a6XueufLRgBXdlKByaD8obbnx9URx0PHZZ7/WkBMAU/fttqUSbBa6RZCId8nGq7uh6b0S318GKjjeIDoZG/8W/5iduFEuU2MZIczg2HuMHYPyAbHWsi6Sdyn8MSGCaZVu8yd23Byp7mcYGPt8p3+f56y1WCT57Fp1Opo/LKxg5UYOZ+jaddj1almR57DVewq0aE7Oy4BDLOJe X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123555025)(20161123558100)(20161123564025)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR12MB1149; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzQ6WnhHd2EramFNS216dnVERGxlMWE4aDN4SHRC?= =?utf-8?B?azNWcE9MZThTSDQ4RmRMNWRRUnpYM0Vhc0ZidUxHWEdPT1JoR1k2UjdVQ1d1?= =?utf-8?B?OWdyN1NNR0M4TXZFRUMzZG43ZVdnSU55KzRCQmZ6RlF5a0lqUXArQVhMRVJk?= =?utf-8?B?TW83M3RablJSaDQ5cU5HN1FDYkRTQ05CMEsrb3lOcEJiMnpRYjdrV203aWd2?= =?utf-8?B?L0JGaWNGQzlsdW9ScHhHaHVveFJKbDZ6YmlVQ0R6T3NTN24zTzBaQlNvTVk0?= =?utf-8?B?NTRMNDBmOGx4bmhOQ1F0bTRiTlZCZmZqeUNDYitoL0wvY2hRWHh3TjFtK1lj?= =?utf-8?B?UWROT3NZQXhtdkZETVpVLzJzUXdIOFFjR2tGUm4xVWRHT3VkYldvK09IOTM4?= =?utf-8?B?UXZobUpzM21CU3V3TXVUV205a2JqOUFlajJ2N3g2dVpEYU1mQzhDeW9rM21n?= =?utf-8?B?b2wvQmU2QlF2V3dPLzEwcUJOL2hBQy9hNDY3OStXODZGMncxZmhSTHBYd3kv?= =?utf-8?B?NUd5TitsMmxJY1FhUE80NUdQcjg0UzlDL2FSMmtHYitQemFGQ3RXSnJ6K1pL?= =?utf-8?B?bWhMdndaOHorcG1VakNoWm0rYUxZWngzbEpsR0txYWZvYmFrYlZqaWFJeVh2?= =?utf-8?B?YWxSY2JGUW16NlVvVHdNeTRKQmM2ZzdvTmpEQkwxTWJhTlBLSmt1UUdCMW4r?= =?utf-8?B?RFRmZWJrUXo3RzhhZ2F6WWN2bnM1MlNzWVhEc21OTWRJOUpSMjlUdmt2N0hY?= =?utf-8?B?OVFKeEJtTWtVb1cyYUZEem1pK0RnT3o2T2xyTURCWVBJYitSQXFWWkhGRWtl?= =?utf-8?B?bUpPc3EwUml2MTlUTjQ4Z20xd013cTJCY2JHaEUrUTVsRWJ6NUIyaTB5eHVL?= =?utf-8?B?d081MDRUMUlpaTVjU1ZaVklWd2drQXdvVERHSVE2eTBnL1JLd1U5RUhqc3Iy?= =?utf-8?B?dUtrUkVWK3JIcG1ZVmFhM0d0cEVYcFNRWGovY3U1Zk9EZUE4VjJTMmlTS0Y4?= =?utf-8?B?ek5EdDgrNnd1UkpTc0lVMVNYeStZak9YcUZhenNpVE9UUzVNbUJpcEcrVklU?= =?utf-8?B?TEE4cTdTcGJyeVVUZStKU040WkFpNEl1QzM4MjNCZnBLVTlXY0xpT3FrM1lS?= =?utf-8?B?RVZ2Q2Q2ajZ3cjAzZGwxNWE0Y1NxVVJKVEFzcm93QUVMMEVPSEdIMmVJMnlL?= =?utf-8?B?eXhOQ1lJVTRCUURLS3BXN1N1MDBBbFptbHh4Z3c1ZHd0OUlGcmQ5NjFqNnc5?= =?utf-8?B?R3VKbkJsRUlsajRkYmdweTA4YXBEeGZqWWtVeisrYU4rTnBiZXBYcGlTQ3ZS?= =?utf-8?B?UFRtbXNnYys1TG1DQUszcHllcGgwUldKdU1xQlg0TG1KYzFTcW13cUVNWVFr?= =?utf-8?B?eHo2Tlg0MTRQM3V1VjBLRVZGVE1QSTEyWEc1Z1NKWWdkUmt0bTJTTG11SUdC?= =?utf-8?B?RDhqTFJDU3IrUDN5UjZDWTJJUnhzWE5ETWhRVXJycGo2cmJlbmhmK3hXVGZl?= =?utf-8?B?ZmJBS3ZSQWFMTnVkSm1rNWVGcktqUFQ3OVBNN2VSenhZajRmZGpBQkNRcVEy?= =?utf-8?B?ZFIybXVaMk9Ram8yaU9UWnZ6aklXYUp2RnExRThiWGJxaG9uN09GdUlDaWl0?= =?utf-8?B?ZXZzMXNmQldvT0dEbU5lNFdYZlQ3bTlSa0VaQVdwTlVyT1BSL1djeDYycEhE?= =?utf-8?Q?WWFPww7OYy1WzRXxw=3D?= X-Forefront-PRVS: 03319F6FEF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39860400002)(39400400002)(39410400002)(39850400002)(39450400003)(39840400002)(6506006)(38730400002)(53416004)(478600001)(72206003)(54906002)(53936002)(66066001)(3846002)(9686003)(110136004)(6116002)(81166006)(54356999)(76176999)(50986999)(4001350100001)(4326008)(86362001)(1076002)(42186005)(97746001)(6666003)(2950100002)(189998001)(47776003)(83506001)(23676002)(33646002)(2906002)(7416002)(230700001)(305945005)(7406005)(50466002)(25786009)(5660300001)(8676002)(55016002)(7736002)(103116003)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR12MB1149; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzIzOkZvcGhPUW1FVzJhTlFvc2xCWCtHek1SMFpJ?= =?utf-8?B?NjhKVS9tRHBtazFIN1hZd0RGOEg1TVplY0xJekVocDNOMXhKYVY3T0tBVTBL?= =?utf-8?B?dTFqaWtHbE9rVG9DSUlEbHRkU0JpcENaN3BJazZDMkRJbU0yVFhvbG9YYStm?= =?utf-8?B?NlNSOFJUQ1NRb0FLaldDcXJVaVBjU1ZJS1VNd0lYaS9HSG5WVFMwTkpXY1hZ?= =?utf-8?B?TGgrYnNGdlEzRmFEOGFJUEt0eis4MXFTaWJhajNNVElnb2NZU3lMc05hc3NP?= =?utf-8?B?cDgzWGtDS3BPS3hMVU5JV1JwRW11Z1JxWFZPbU1LV1VNcEpZemlhLzlJRTRX?= =?utf-8?B?NHMzRnNIc25jdHVkSTdMMG5Kdk52ajQ2S0QvUGtjL04zYndhbnpGQTgyZGZh?= =?utf-8?B?WEUwTkhGZlByM0k1R3lrTnF3QmMxaVJ5V2x1OHg0bitKcm0yQW9sSjdQemVQ?= =?utf-8?B?WllwbXFaRDFhbmxIUUhuVVVPdVdHVUFwMTU4aTJEZUR6STRmS3NjYVFEb2I1?= =?utf-8?B?RkFuL1IrMDlHeUtrQlZ0T1RvUms3bHRXQWdNdmFXeGlnWGREZkkxeTBnTEdF?= =?utf-8?B?MTNBSjRLa3lDcXlZd0wrUUNlbkFsMUhCSGtZVW9zbEgxMHhGVkpTNnczdGpD?= =?utf-8?B?TThJSTVvQlFPM01JV1VndVZxbmttaDlmQUtIYytlUExIZ1ZhRW8zaWZCUUFj?= =?utf-8?B?OE50UmxDSzZsUzREZGdRdVBRRVJSUUFrR1BoYTB2eCtTMXVrL0ZMWXVhR0w1?= =?utf-8?B?MUI5NTVjNEtMdmdVTlR1NSt2bHVsejJrQkdoSWtJRnJ0Q0YxcGNaWG9Dc21j?= =?utf-8?B?bW1nUXpXdkd6QS9sNy9zVUhpS3htdE5TdlZHMEZMcXpSM3Y1UUh2RzlDZk5W?= =?utf-8?B?czRFV0JrQlpQemR6NnRNQ3FSVnR1MWpSdzBCNzhwUm1Wek44RGNBWEVWTFZa?= =?utf-8?B?VUdQb1Nkakh0NVI3dTBISnZVSkpsZTVjYWVtS3gzQWtGZlNLMkR3VVZjLzB0?= =?utf-8?B?WHVhSmtGU2Y0K3pickpFdkxlb0FXMGhjeDE3OC9JUWJDN1U0ejFrRzU5S3Jt?= =?utf-8?B?dFNXc3FZOEJWQnk2clBveHluZ3F2amJvMXZUUHVJL3pqamVoSnlvbndPbWV0?= =?utf-8?B?RW41WGV4cW5YTi83OURRWktKYzlXWGVnUk04NmdNMjRmOEFBeFp4SC9MaEIv?= =?utf-8?B?NW5tc2lGV09sNnFjQ1RndUJHNGRmc2I2b2drbS90WmtES0gyU0xtVHNNcUlQ?= =?utf-8?B?aGFFL2lMSFZLaDc4K3dMMSsxUEVRZ3JvemkxVVJVcjhFMGhlb3Urem5kdmJr?= =?utf-8?B?R2UzOHBUYk1ML3JKQmQ0Z1NSTjVqeEtCQ1lUVHQ4Ty9kZjNpMUo4R0JRejBV?= =?utf-8?B?cWJQWllBSEFkeVpBUk03Ni9QUkZ0V1cvMjRGVHRyakhDb1dYTlRJNnlyQWFy?= =?utf-8?B?TEVRbzlPdlJuRXkwZFhSd3ZyVHFGUkxQeWtDRXU5djdxUTNweWp4di9QNGNN?= =?utf-8?B?NjM2aUtRTnNTaXJkWjlZK3pFRTVST2ZWdWNXUnlucU1ITS8vV0tTZ1ZlcUxi?= =?utf-8?B?M280dmhvV0EvSEhRVVhRbGFhNlAxSW51SjRic2E4RzJUTnRHelQ0L1gyTlNG?= =?utf-8?B?MUZnOEowNzdnZEVza2lPcm5wd1RET0NYZzFSS2FVcEJZb1E5c05FcHhZNUkz?= =?utf-8?Q?AbNhqP3GUH3QHAoc+0=3D?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1149; 6:kSMCaH9OPgTjwrVUgMNaz5y2e3CFZh6CrDwX+T/c7zH8bykH2ZmZ2ritf2uYYuRaJhk6iRqNSZQ1e3LotG3BDZi+I674QauYMMmFlIvuB9/oGEpu3hIoajcRHutARq6OWRkeriomZR+0g7N1aHacL+3XzsPvV2Cf+9C+lOKG5VurfrT+NjleWa2DpSRy4xyfLcHCpLmrXsCRqOa7iyPo28t6hvP/KH6J5lZbs9akBf97Av2zll5aW91/GbWJugbLj69NCW7WRYQ4erZrfn9jAttTMlg/5lQpgxULC0FPSc6nLMwXFrarQHysrSc1NKMBJXW6K45lvCTkKnLYB9Ria9t2sMn7Gtn6zEOTdVkb/m88Yff1BsqFNY0D6/NUN6VrwkbM7DzCXnYyERGouz2sq+8XSSDOOtk/NhR7aZ2Qz5Cr1Ebk0rNwYeGnVbx9ezf3mGTahZMeT1nAZvK8ixp1lS/RZHL7Hbsv4LMgf4jnGPSql9UjmO6va7GXInd6kvOXMiD0X0ZVHcPG60Swfqp0kmmX4Dq5rplKele3qVWyPWA= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1149; 5:NEAeQ4gBF6Qy3dnwsh0S7EuNJiwfvoIWccqCHh0xjeGWG64SskwACa5AbzHlz1TQRJD1n1mJlIzcK5K3lSrgBlut7evIKOhu9G2ytlzXiCnfz/CwVu2kZCT//wt1LwWaBTDnD7GdbWf6wcls+HX6hyIcuT6h1PDf8IS03uBXAc3d+DRA/KZqdG/K0I/LdzpgmEcrJUlQ0LLLy9CjSYGp60kuHma16J69+m3K6WcVTfxL7cAA3O0qPb/MWJ6BSjooY7O+qy2QXZ6Ua1CSMZQ/ld+CpuKkmPyUDLbUOXVpapTSusYYaf/M74g2OeFa594ALaHBUTCw/tUGPL2253TdhY6Ss1GZc0AkX/X4WNhggO6UiSPIdD3IvIKdGAxiUvoOqBP5FKhh018Lm0ykmSqjJ+IU642LaHEO9U03hb7Mw8SCHilRo1uKjwJoKRdTq2nPQ0jyV01503HO7JjtPL6OqCsU6Koan4ciefWkfdUq+Netp3GRfSOGeljQIPFK/Xuw; 24:+isq3P3jgLt9mQLl3zwjMSb4hOAdcY/DqZSxiWqAIBkc95JQQr/P8J7dpgQutd+6LUgzRmzhGH5TyflYWU6c35HFihyiR3kbgHh0v3RKYpc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1149; 7:AswGPLQA1Ewa3sbUFnrwrb8sboLAwM2hoIjZUvqTTnWeyLlLrszh9GO1U/4Zrph3I65edg4TDo+DESRmZcKmx1mDrKP/y+LxQNExi/+W1YTrnifIyegt3DwFFCOY8M6P2wodYOq3IhojbMk3Df5W+JKaMEz7jTLUb6+wmE8Hu4HCkk1IHzn4ikBMqcREVfmcgeDYXtVSb/EtuJh9xbHO5zaHpT81G1OGhD7xScAY3w4EeD2Kw0eDOLe/Te6oQ+QqMJTJAt8ESdAz6HvI37ORtA+Ehh0/Dqn2jRT096oIdl3Kp7LfipwxZIio5VSq4cZHnIubK9D6mT8OKDOzMF+NKg==; 20:sAVhzDWokrEkX+O0LYkyjaCMUzBhZ9n78MXS5Ks/CcM8Qo7eei8OMOHQD9JhKOkSsTOkLFNenPPBpZvA9akHNRZxQw7wqEDXL9R/BfeuPV0soEwvQgfIQXuHGl8Ld7Okr5uzNGjfT522+JXUXXQzx+VbNHnVWnM1DdxBTcvm27Ud5LVLHr6uokmg8qzadXk3xItvIqqIQmOux7dip5kpIONyBYv3W3MUxJJ0skQ3AU+BwCy8e0rNqZSAVBlYUMlu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jun 2017 19:13:24.0335 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1149 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- Documentation/admin-guide/kernel-parameters.txt | 11 ++++ Documentation/x86/amd-memory-encryption.txt | 68 +++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 Documentation/x86/amd-memory-encryption.txt diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 4e4c340..abb65da 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2188,6 +2188,17 @@ memory contents and reserves bad memory regions that are detected. + mem_encrypt= [X86-64] AMD Secure Memory Encryption (SME) control + Valid arguments: on, off + Default (depends on kernel configuration option): + on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) + off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n) + mem_encrypt=on: Activate SME + mem_encrypt=off: Do not activate SME + + Refer to Documentation/x86/amd-memory-encryption.txt + for details on when memory encryption can be activated. + mem_sleep_default= [SUSPEND] Default system suspend mode: s2idle - Suspend-To-Idle shallow - Power-On Suspend or equivalent (if supported) diff --git a/Documentation/x86/amd-memory-encryption.txt b/Documentation/x86/amd-memory-encryption.txt new file mode 100644 index 0000000..f512ab7 --- /dev/null +++ b/Documentation/x86/amd-memory-encryption.txt @@ -0,0 +1,68 @@ +Secure Memory Encryption (SME) is a feature found on AMD processors. + +SME provides the ability to mark individual pages of memory as encrypted using +the standard x86 page tables. A page that is marked encrypted will be +automatically decrypted when read from DRAM and encrypted when written to +DRAM. SME can therefore be used to protect the contents of DRAM from physical +attacks on the system. + +A page is encrypted when a page table entry has the encryption bit set (see +below on how to determine its position). The encryption bit can also be +specified in the cr3 register, allowing the PGD table to be encrypted. Each +successive level of page tables can also be encrypted by setting the encryption +bit in the page table entry that points to the next table. This allows the full +page table hierarchy to be encrypted. Note, this means that just because the +encryption bit is set in cr3, doesn't imply the full hierarchy is encyrpted. +Each page table entry in the hierarchy needs to have the encryption bit set to +achieve that. So, theoretically, you could have the encryption bit set in cr3 +so that the PGD is encrypted, but not set the encryption bit in the PGD entry +for a PUD which results in the PUD pointed to by that entry to not be +encrypted. + +Support for SME can be determined through the CPUID instruction. The CPUID +function 0x8000001f reports information related to SME: + + 0x8000001f[eax]: + Bit[0] indicates support for SME + 0x8000001f[ebx]: + Bits[5:0] pagetable bit number used to activate memory + encryption + Bits[11:6] reduction in physical address space, in bits, when + memory encryption is enabled (this only affects + system physical addresses, not guest physical + addresses) + +If support for SME is present, MSR 0xc00100010 (MSR_K8_SYSCFG) can be used to +determine if SME is enabled and/or to enable memory encryption: + + 0xc0010010: + Bit[23] 0 = memory encryption features are disabled + 1 = memory encryption features are enabled + +Linux relies on BIOS to set this bit if BIOS has determined that the reduction +in the physical address space as a result of enabling memory encryption (see +CPUID information above) will not conflict with the address space resource +requirements for the system. If this bit is not set upon Linux startup then +Linux itself will not set it and memory encryption will not be possible. + +The state of SME in the Linux kernel can be documented as follows: + - Supported: + The CPU supports SME (determined through CPUID instruction). + + - Enabled: + Supported and bit 23 of MSR_K8_SYSCFG is set. + + - Active: + Supported, Enabled and the Linux kernel is actively applying + the encryption bit to page table entries (the SME mask in the + kernel is non-zero). + +SME can also be enabled and activated in the BIOS. If SME is enabled and +activated in the BIOS, then all memory accesses will be encrypted and it will +not be necessary to activate the Linux memory encryption support. If the BIOS +merely enables SME (sets bit 23 of the MSR_K8_SYSCFG), then Linux can activate +memory encryption by default (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) or +by supplying mem_encrypt=on on the kernel command line. However, if BIOS does +not enable SME, then Linux will not be able to activate memory encryption, even +if configured to do so by default or the mem_encrypt=on command line parameter +is specified.