From patchwork Fri Jul 7 13:38:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9830561 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9E21160317 for ; Fri, 7 Jul 2017 14:09:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8EBB728680 for ; Fri, 7 Jul 2017 14:09:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 832BD28697; Fri, 7 Jul 2017 14:09:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3E0028680 for ; Fri, 7 Jul 2017 14:09:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752219AbdGGNic (ORCPT ); Fri, 7 Jul 2017 09:38:32 -0400 Received: from mail-bn3nam01on0068.outbound.protection.outlook.com ([104.47.33.68]:11852 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751013AbdGGNiZ (ORCPT ); Fri, 7 Jul 2017 09:38:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NboUQuDWA0Fi1/r5yqWBcQoKqbCt1uusfcwqOmc3FTA=; b=BJU1we6jK8EWjNQyFvWu1mQG385+DdfQx9UQkZDFb06lor2+ND9CVAM8/t8YXOLB5TmfOdMiR9cViCMX1Pzll1yGSK1P7PNAh+NiEUTXG0QfVvu+VnQ3EfzUWldaHUBGrZkW69FweHAxHB4zMKGODBMfxLWIMu8YjlZXbg4eoiU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by BN6PR12MB1139.namprd12.prod.outlook.com (10.168.226.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Fri, 7 Jul 2017 13:38:19 +0000 From: Tom Lendacky Subject: [PATCH v9 01/38] x86: Document AMD Secure Memory Encryption (SME) To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, xen-devel@lists.xen.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Brijesh Singh , Toshimitsu Kani , Radim =?utf-8?b?S3LEjW3DocWZ?= , Matt Fleming , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Borislav Petkov , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , Thomas Gleixner , Paolo Bonzini Date: Fri, 07 Jul 2017 08:38:16 -0500 Message-ID: <20170707133816.29711.25165.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170707133804.29711.1616.stgit@tlendack-t1.amdoffice.net> References: <20170707133804.29711.1616.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR16CA0041.namprd16.prod.outlook.com (10.172.42.155) To BN6PR12MB1139.namprd12.prod.outlook.com (10.168.226.141) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6418e21f-f559-498b-768a-08d4c53d6f55 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN6PR12MB1139; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 3:WtL8cjJ/0iXgMh1MLhZZeNm0zGQh37jMweJgG7eiFZM6nJibRR+27Xh5e+/fRX9A1evSvCW/rs4AZQaIGSgTkOQHFmHtGEuFcurV4R9GNVh+Ue1spyd3dYL/zJhYG3y7SNdGmOM3zzoYHWdieydeMr828P35AHXfBzjaHxMDdU8sTQscT2zI6jWozpZrHFB5ZZ51u4aZkKQ37zIOy4si6rVGKVimfVp8ESvbycf291Dl5Cv73v9CNnodQNj6j169OGu0iDzYd2DBxglmeI+8GPHSirtRTG8y2zybsEkgKVmq5SPi9fYG6TzEAtLLkBtg1P5cf1k0zBvpWXKaF+a4CuazHiYRs0+n5QvnY8HmUVKBF+dMSzShWRxQeC7taOdmHY3HleOA1wIfileitk4KMbKa/Bfewqb2zdM4Hmh4h8Uf9kkPsUewAo/EIiT1oDPQ+4ycKGVqHMraTcGL8pwl/vPwC9DQdfZHOOLwnMIsqMjVSn1EKKkTTPsnYM5bP7SGoTTeGI1UY4q7SyRNXr4IPPhrjayP2myAfMGEtoQknD/aJxeop6a4c9+c6j+aBDWYu4IVvzAsr6HveVZmOXZazeC3PNzvOm9MenmYkEdjW6mkNNmQWAYUYBtiukCa1mp2G7QqOuh0Ole8T36aJsB0xiB46bjPC8x13U12DdtlllAEScI6p23h3V4YNmnmRQllNnL8nFUssJWIMlkSs9WEJBND4NeIF4BjRryTabCRvQth0wl2YdXbaM06EpDn/bGpdY9czVtuGs7GtSTNqsgLKg== X-MS-TrafficTypeDiagnostic: BN6PR12MB1139: X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 25:lbV6Yhb+cXsrgrD35/GFDeeSMYgMKfmttCscOEwx30s3Nnn5kpxyLLqpICUtVaP0VMYhXoJnelmaIC2pH/i8llrmzKzaO8n3gfOrIljWf9gmX+G7hPtTSinbewaAUbDf3tqHmU9+F/v4cyhpcL3XlvWxi6+8sLwmWOkMSlAQ4nNJhMtZrHAXbedmtgU3Z5ZacYIMEi9Pi6bHY5glE50zJx3mRotGVLWl2MTfK+ixgkteN5CgYwzQM0c4rvTArtWHj3xS+fH9FY/LWzWMVBLQDDtSIOECy9a+TWkht2MVELY32s0kYcWwEVVbGjJdx3v36XB7c9048d9EaaLT5+QWzP5W8MSTITmFCSE/nlSzpcNyO8K5A935B8l9Hi1/obKI2qNeg1t+ndz5NDwxem7t+vTMDY0OWYoELT3hNTnUQ3ea6bVPUss4DC+IhL5yJvCEKHbvB4Bd6glGVg9BOMONF4uCdCuXO/m8zIA63h0cwtYzBhe/68xj9Z7SntnKNnh7p0IVH2nc5tcQC4yh4qOTRj26fsv8kCXpYJSS5lMhylC0AKU3l1rREqxUk0SNS/ZYXp9f+wXoIIYwwoCYcGqjpmf/zAs3YeTz6cXdaOYmn8B25vK5QKMRs3zlzFXtfPrWXeBbCYBgV8UFNneUWLhBVnkfq5THqL+cJLjbsyjdZqPH89RmJkQqzM7TzTkB4QlMQTS7wflpT88qjmvAczbMRq8ArDNY+3Wl4AM/EmKLJDbPMpOEwL0Z16xGV6JJiTdVEH7vNf7Ra2JwDbQotHVK7rdgoKWFb1M0pBnq+zGJszCuzyAwrztjlT0PKQpyFx4bJ9p5BD5m+uXUZ8bYdx8LZ+e0spu52cAHisa/5cB6ZLD4KsbIIy0xlWN2PnVe4m3zukZQsgbk7QZB9VEY9eHUrmcWYpAU/kMSqyoMz9hBQ dY= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 31:IwKQ8DbILLP6yvVh+fMuW56Qb/wThvmGPMGkTl2XUdJkgexVom6o85TD4itUtN+uZUKhBUlkjFOViX4AbmXCK2/gYGcoxcg6d+/wWo0HfMrDs5tlA2Jt8769+k467H72UljHLheIqT+MUTTyr0ZduaS2T4kKmqt0MrImsW6cjodNY26zbsyuOOrd6vMxPYIgtIzXAgEKYLSKRA0/0J9ekrzcuKBJvFoTOzuSU+7lU/KdeAzjGa7LeqNVwnWWUnbh+mx6/ujlqawOpxyXrom8fNzp08fd3TKgVivYZ4rpGmGbLyQc3yhN3nNUdgg795Ehnt7vvW3beY16zQwsfwZkng34a7UNWDIZVfMInzC5AoJzAV3AG45dWjySQdoIUU9YR5sg091+liyQ7fK/rUnTODmtXG5j4Y8AE/4/ywwuNP3BD/MN20IsRmIx5iQTWczETabHsa2Hrc8UKyRP3SUPNFT5kVHypRH+3a/aznpIOzO/F6y35Huqbo12bNNoR8UNT0/u/a/uOHD53WA2xT6eSrbMwk7fl1iTmbyfHcOuf+kDkkd+++f1n8XjQZ0YIK8yM231xGMwxadcp7z2opwrpCxoV1H8GfUlMfdvIWRHjuJxfaIbYSZngckWCj3dlyvngUKYJDY+mun0Ijy1Zsb94yQXVpOSuYohk7hCKabdLt5B1R9eK9TrkRBJ/65JatZYsczrz+8WDqH2g2/mH8yeLg== X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 20:tDNu5BzxIdSME18ajlkYb2GvZCy4uo4zRugmhIXcHuDRvafKG9lWp3xY3vsE6VUQUUb11LvifE0oudw4Np25XNT6azCkYnz+BOZbiBmTtaK40m4wf/HrF1j7dDJ4M0KF/u/nSpe+PX4mCRUARvX4eT8deyVpW7lc+ZNQ25cYlUe2PVmbkwJ+6EiQK7u9mC+AgmFXLcEoI+t9dePAx3et+jj9mAOguYAn0aPf+hteJe8yLq3GpgVdcUgKrdaHnBInJ3XoqdjFTeOZSVcIs/M1fK6/cT7ehLh/+lVqyYNVPAqHudGwrSa4lUTUP96+RdSgoSHE+Ck7NreOB2aJ31pAQBkrpb3JCGz4xwh2e2nrdPFbf2B9UVPF+S4PP3VfJOZmBl9xJpEKDjWb7Z6c16FLYjarDHpLwLgY1OhnhzW3aFhEQWPYhb3oGNIUvg+wFpv/OxPD3m6tuy6OJrFLeKTcpzGdz5NKoemGYKAc/n3aWrtha/obo/c02fNlrNd00x0r X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(125551606395959)(278178393323532)(20558992708506)(133145235818549)(236129657087228)(767451399110)(148574349560750); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123560025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR12MB1139; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR12MB1139; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM5OzQ6WFVWRE4zT3hxNTE1emM1M0hXU3Fza05yZ21a?= =?utf-8?B?c2dZNDIvU0hFU205bktWb25POVNtbEtwNHl3c3MrUkJoc2RBdmNiOFFPYzlY?= =?utf-8?B?QlBwRzlSQTJxVGdBN3ltNTMvYUU4YWsvejlSVlExelFmYU15QW44SHZZMGk2?= =?utf-8?B?WWxBVFN1NXpmZnhQVWNlRS9PcFBIL05nOTJzUzlibmFFVXdpMTlyYnBaeGhk?= =?utf-8?B?QkpQMlRKQ1BYNFlHM0puNG84MEh0NmQwTWpFMWtpRGNxUGtnZXNhUEpZZDk2?= =?utf-8?B?N1hDNzBSVERRRklHWG95TkZ5OGJJNitBWWVHQytvMVovd0FSSkN1bVpITjly?= =?utf-8?B?Wm1Namgrc3RxNlpwZ2hDTEo2MGFGOGZXUlJTNmhSM283bUhrZmRXbHd6NGxK?= =?utf-8?B?dkQwRk1WOEV6c0t3RkxGQUgwbXpsWXdSVS9PUUhmRzlDZTAwVGF6eGRISXdK?= =?utf-8?B?ZmtmN0p3S1FBcTF5NjAzVUtKN0RwajJzK0kyM1RTZm5ueFBzcnNRbW1FbjZX?= =?utf-8?B?WWYxSm1QRUpkMzNzVC9QWFd6aDY3bjhWVmJiZmJ3bkM2a2dncjh1RFZBV0J4?= =?utf-8?B?NEtrYW0xeW5zeHFPT2VEcGxiVVQwZzhNb2FzR09tb1hObjEvQmtEZnQ2S0Fs?= =?utf-8?B?ekNoRnBacTZ0SnRmR2pncm12Tys2YXhaSC9SSTJMK3B3ckVqWFNkc2YvOWsv?= =?utf-8?B?QWVNSXNOMXJkRkNTa05GRHhieitOcU93blZ5MUVqLy8yM0RsUU1QQ1Z1Ri9D?= =?utf-8?B?S3dSTmZVWWxSZ3hGQU56ZkhwQ0VIakNnVG9zd1pYVDlOTndxdklBUzhlUDdI?= =?utf-8?B?NnZaZnZUTWNOZi9MWHZjK0l2T213S2IyMEcrMFZKTTFXd2lGQzNhNEpWcDRB?= =?utf-8?B?ZS9odlorNHlWTHVReWF1M3JIbzQyU0puemFSeUwyR0hOenJQWVIxTHpvL3ZE?= =?utf-8?B?QTd3Q3BOR0lNS1lDUy8wdXBkZ3psT016YmpEL0dtVDlpUDErVGdaWEN0cXlG?= =?utf-8?B?QmsxTGFYaktrQjBSV2Yxa2huVVpRU2Iydkgxa3FFalV4eDVSN05hZEZBd0xx?= =?utf-8?B?WkI3NjRKenBkdGcwZjZ0SS9EcjlYSGZibmZYTTdpUVJ6SjhPeGpSWnNzb2tE?= =?utf-8?B?S3BEVXpVZGNCSkFGK04xN2cyaDI5VWV1clN5QTYwbStpV0tQbTdXL3FpcEds?= =?utf-8?B?WUxJWld6Z2lMVE9zdzhTNFRSakVuVkZHamNHMXQrcE5IQUdGeDJzbGlkaW1X?= =?utf-8?B?TWJzL3ZTMEZmV3ZkMktsNERkT0xuUGUrV2duaitXTkFlNVFuNTlkWGlSNXV3?= =?utf-8?B?TDR6Tm9PZUxuUUNRc01jUjJBMURFVkpVRjJCV3NuQm9RQ1dhakF6RlM4S2Za?= =?utf-8?B?SXE3YXpCUFpLMVBLUG9DNVRwQzFxODJucG5ka2V6ckZpUGVka01xbng4SUts?= =?utf-8?B?OERkZisxZGs1SUUwZmp6bW9PNGk0QjFtWjRZRDNwRlM5UDhuUWJyV2xqOXlJ?= =?utf-8?B?SFFhNE8xZ3RWL3ZycVA2UzF0Sk5lVlVFT1V5YXg2Rm0vdjdMcDMwekRlVXFv?= =?utf-8?B?NzFMUytDNDltZW9jRnNGZ3pNTlVORXZad00zdE92S0FVMThTSWZBdk9lMkVW?= =?utf-8?B?Qmw5ZHBEWTIzK1BRanIvVW1KL3RrOHpuRFRHVHZmRU95aWs0SmhnL0ZOeVpx?= =?utf-8?B?UmxJQytmUEF2b05QZEJiMUZGTWNBZisxWnlsUC9sSHpyeTZpRU1GcW93V2pI?= =?utf-8?B?UGlOV2FJU0pJRTNUSkl4Wmd1azVaZndmYXVna2gyZWlWV1hjLzRycXpUNXF1?= =?utf-8?B?OERjbGhadlErNXVVSkhvSDBqTi9RSXdxdVB4VEFrUS96ZWh2S1NJWDJTakk5?= =?utf-8?B?RmQzY29qOFFYdUZ5QTV6bkw2V1hqdmtCYzQza3I5VHdTMDZzYlJLL25nT3ZL?= =?utf-8?B?ZTBic1c5Q0E9PQ==?= X-Forefront-PRVS: 0361212EA8 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39400400002)(39410400002)(39850400002)(39450400003)(39860400002)(39840400002)(54356999)(103116003)(50986999)(76176999)(8676002)(83506001)(110136004)(53936002)(38730400002)(81166006)(5660300001)(53416004)(42186005)(7736002)(7406005)(66066001)(33646002)(1076002)(25786009)(575784001)(86362001)(47776003)(9686003)(7416002)(23676002)(97746001)(2950100002)(2906002)(6506006)(230700001)(55016002)(54906002)(189998001)(4326008)(478600001)(50466002)(72206003)(3846002)(6666003)(6116002)(305945005)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1139; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM5OzIzOnpwWkVEcFlBSEo1NXJpK054WjNHMklkTXlk?= =?utf-8?B?ZWxwb25mQzdlbk03NzVuRnhZNGNnVVd4MU1RU2pYTHQyS211OVZ0WGFzUWhh?= =?utf-8?B?M0pKTWxudjg1S2hmaHBYUERHSlVVZEloRFdTL0thYy9jTXlGMUFCUjZ2OFBY?= =?utf-8?B?aFlQQlVOS3QrN01QUUJ0elYvYXQ2Y2JId2FDV2ZCMTM0bDZJSUVzYWxVZ1NZ?= =?utf-8?B?TGg5NjVEeHVzOFNUbTJLQU90eWpBTGdYaVh0Rkx1ekxQT0RON2xFNVdiOFlV?= =?utf-8?B?VVZENHJKaTQxMFdZd2tUMWt3WXkxZ1oySGV3bU9jbDB5djh4VnVrUndNVjJE?= =?utf-8?B?cmZVd1VyR0ZGa3QxN1hZS0tIVE0yRFoxNVM5dTc0ZUNsSTJqMG0yTG5CR0VC?= =?utf-8?B?NDhzU2UyTzF5cEZKVFJNN0NUR1FOMEVqRVhLclhiaXJCdVhKWm5sN3hRWUwy?= =?utf-8?B?NXdHdmhlUUJ3UDBtd2xnekNaeEt6WGdMT3RBYWVkSEhMTW85SS8yZ0Z0eUdQ?= =?utf-8?B?RVVtTCtsbmg0R3MzUVZ1VXd0R0dWT2ZxejcvSlJzVU9LSjJIeXd6cDdrS0Ey?= =?utf-8?B?cEdBM3VDYkw2VllSdjFrYXRGU2czb3JNby9GbTF2WVZWb3BZNHQyWHAyTnZW?= =?utf-8?B?M2ZnMHpBczcyc0lFaStzbHU1TExQS2d2eWU5QUVCVDBGT2paeFUxNktlMVdW?= =?utf-8?B?NnJCUXc0WVpwbW5CeWZ2V3A4M1RmR0JYTW9OaE5RdXhEOFZseGRId1NuUjBE?= =?utf-8?B?V3BvOE4rWkNEa2JGeHhjRzEwazhGTVBHOHFNYlljVVg3MFVuYklxeUMrUHVZ?= =?utf-8?B?dnJiSkcwMHZEbnU1ZjExYjZ2Mml6eGlRbTNZZ1lPSEg0dnV5eWY2WkNoNUw5?= =?utf-8?B?SEZ6TWVkVXpZK29RN2VDbFg4cHI0R1p3RmFscWdCOTRTZnFkY3lyTGd0b21u?= =?utf-8?B?bXpYaHlKakVqYXdWMFJpdlRieUhBWThMUE44cURraUNsSjBkY0t3NlFmNzJv?= =?utf-8?B?V3p2cmFCVkczc01VTUxuZ1ZrVkVJWDhhTXRTaU80TFRGcW4xQjhONHJibXhX?= =?utf-8?B?aUh2STNFOC9pN0Yra1lBWXROZ0JRNGJMMlpCOEJzU3RYNTRuK2EwbXc5Rys3?= =?utf-8?B?Q05nVjBUelZrcSswN1NFL0p1NmlPa2NwWkxEdjEybnVOeWtmaXlxYVdlV0M3?= =?utf-8?B?Wm4rVEh3ams1YmZBL3Q2bFlHNGEyMnBBSjN6SzNhUFpVdXc2RVFGU3JVbEhl?= =?utf-8?B?bktSOGFvallmWDF1QzNIbkhaMEIzb0ViVmtDK0JKSTRLUnVVLzdpaXJORkpE?= =?utf-8?B?T0FpNmM1L0Y2Q3VOc3YvN3FUREdOM0tUQzJpTkQyZEZjTDJVelNkZW1wQ1JM?= =?utf-8?B?ZkdIV1B0UnMxNkw0cGJOTDBKMXllWnhYaGNQYkZqWjVLMUh3bnM1T1VYcWNn?= =?utf-8?B?b0NJMGRLdXVKVFVSVlN6d1hQaDJaaGUyWm1uUmxFbW56RktrQzdiTWk2N1Iy?= =?utf-8?B?TWxiNkp2cThyTSs5V0x5eWU1TlpkYVhDeVgwZ3ZGUno4TDRGNmhOekFLaVU3?= =?utf-8?B?dkpza0FWUUU4NndCZ3M4WkhXMmtIZnErVUxQUjkyUWxnek4vRVNML3hyWjd3?= =?utf-8?B?KzhKM0Zibk1pZlROV0kxV3UvTytlcWFOZzJLdGtCKzl6QXp5OCszS05TS0Z3?= =?utf-8?Q?ojb2DHacoalQO8O9NI=3D?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM5OzY6U1FITDNNc1ZxekNWbzZLa0EzTmZPbk5OdVpr?= =?utf-8?B?WmZSNVFhS0JlejJaNEVoL1FQd0hvYjkxeUdvayt3SmVya2N2dVFLQ3RzQmdY?= =?utf-8?B?K1I5VUNYMzBTOU5QUE9vTGc3Slg3YlRWMXZydDFuZEhtanZXNGNIbEN0Kzl1?= =?utf-8?B?S1ZMZ1QyUEh0cGhZWEg2UlZBNGZVMEk4ay85akdkS3JFNjVjRlZkNWhicXpj?= =?utf-8?B?bUpNNTUvQ2hKcFo4aGtGVCszV0J0bDluc0RWeVdoMmtQbTN1NnZoRjFEVUlU?= =?utf-8?B?KzZXNTA5K1l5UUgxSW5JY1A4aWRRWkt3dkxxaDR5T0JoVW1sMDJRTFNqS1FW?= =?utf-8?B?cCtIUmQ2UjhQS1NvdmYreFRlZkM0Zjg3QkxGVVVPOHRqK2QvNGVpbkIxLzlB?= =?utf-8?B?c3JNRDNFeWJ1WVJyL3BtYWFjeC95blQ2RFBlK2tPVWtlNHpRRkZhWXBHKzRx?= =?utf-8?B?enk3em1LR1ZBVFAvaUw2aUQvYVIremZNbTFIM1YraUpWQmIwVmhOemtNenFt?= =?utf-8?B?RU5GUXR2aGdLbmtLTjNFWnJjNGFjVWJhZXRIZ0VnbVNDK0dra2pWU3hldEQ4?= =?utf-8?B?Q0dJMlU3UlVXNjNkZWJWc0VqbFdvZDlrcGxuc1M0TEhDMFFTOXhkbXdEbnFY?= =?utf-8?B?M3R4YWZMNVZ5N3RlNlc2Qkg4VzJzRDB6TFdMaHFMUkF0T3NEY3NvSk92cXFr?= =?utf-8?B?QW1WclRJSmZKallNOURTTitDb1BHRDhidnlyTmcydGhFVnIzODZVL1J1Umlx?= =?utf-8?B?TE5XOWtQcmYzNzQyT3E3VFhKendjeXlWNFo2dWxWOWQ3R095dWQxeUFiNmtT?= =?utf-8?B?RGlWUXBVUFhuNnFEdGNhNlB3V0orWEZqYWtJbVNEZEU0RE1STTZYNkFhajU4?= =?utf-8?B?TWliMXhIVERBdWdGd2YxaFBuSms5elRGNjNMMGdzbVRPT25paDdTUExCcVIw?= =?utf-8?B?c0Vlb0hnL1ZOc2JEMjQySXFxVXc2aEY5bUNOYTFkQnZoOXUzVEFMR0d5eks3?= =?utf-8?B?QmxwSG0vbEZpc00vcnJlMndjb1NyTFVGZ1RKbWliclpSd0JvaFlQa2YyZkZH?= =?utf-8?B?ZHlnTHBLMTh4Uks0K2VIYVlaWTdQNGZ2SUlEamlEYzJVMVpBS1B1Y1FYSHlY?= =?utf-8?B?aVh2RmpNRThNbmNvMWxqUEJLVGUzM2JuR1lCdXBjMjk0US8zVDh0MEdTQ2pw?= =?utf-8?B?Q293RUI2a2tWSmpGWVhXWWRXNmtNMFpLcWRuanVYb0ZlUWFkWlpBUVpZam4w?= =?utf-8?B?VlVzZExUSnZMTkZLNHBhSnBqMWhNRGtBaitTZlJkNm5oMndJRitXb2VkUGRr?= =?utf-8?B?SE5DMEtuc0wxdFlDWmVKZE5oYXFkdUVVOHpaMkJaWklUMXlGUlhuNVl6VHFV?= =?utf-8?Q?D8cXHDC?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 5:IS/6IVtUvi3B6dZb0+Ft2h8wri6ZEN6lbmEq4Ymgr2Xe1F/3APCW39i89h33BV5QHmoA2FZXpmOjWEss4QVotSPPi4L0K9+XyHXr/4M5vgJ5+p3/U1jsaG2e9HAISgd9XHybDAoC8040kUvKwypWDjy/kpQqh6eh/PfNJ9/geBqBGTntWmCzwvo0Ick2PHBOC7uUzhUbzWkIcDx+XhICnLJjYOKtlsj+5BT9Uahf1/Tin6vbNToz6Z9Nzn5QGgA9M5GcLNEsZY02OPYR+MYa7+aUnIJhyQuGq5MjzW7l46qkJqr6sok4lDT9aQu2OAj0Hlszvmzu58IkPVCxESzYuAD0ap3zr5YaCfCrh+Kn/7CVpmhujY2b9XDn3UUU/a0R9RgohsiASUW0Zh/0+OD0BEK7ICingDSiyU6gz+5836t4upHWkTIifEYJXC564Tz5WPEddfuMewI7pSNqqxqdWcbTGUBqWnQtEkfbSfEAMFq/u1VEwFFm68h68LS52owJ; 24:wsBYsevATxbmP4OhvpfgQoo8o0tiW081ZBaKnC297OpExXkoQUq0qT4PBOMun/9NeRAvCtjxQcnQwam5oQ3A0tuuJqGMbRHSgsHn2oPnZkY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 7:By35qfnX9AHBCE9nmhCSuQqFCLa5qj2topBad++FFScAUJumIbhiGTUwtHHxlfItp4aBF2CE4t7HXf78oJXzrGOTVoSS61lznmlJphJAtuEry613pq75NPXJWN7Ag919FetrcjkxUK+geZ9w0W4Be2xzYSKmVitTsuVggYZgbxIx7IKohNdwVrnlt+UiI3XSaA0MZ/FTJbJt4/Egu+tCgFWI4tukh0wgbisoh6FgnNXETniov7RFG9EWoIVtfmQA9HKeAV549824qbeagAu8Kz7x+800P4x2P4b6DLaL0xUKAQLM1Y+q98/TpxBx+8+B7t/WjwkogXImNRym/KzI53WebaCdbJbqCAkAGgO6Luqc2hvg/9+nhTouPKZxQrm7JL6fHirQFUUJYZAT9lZPUkxvmaFI+WdITr3gSOj3qPHFnk60yLjkkzFp4DfaYSpINk95SAf0fdXHAGnWreAzz/L5GnMfV4dm6SU9xwTDZinMImA7boUa0Uv3bC/k8RfTZxRRi7kmjz59T+nxPvz7TDcPAEDLsxM5plLxIHKMV7Wlm8ZYR59GPeErQR1JGnafy6uOOJLLiOwg3Ox4lp8IIcBKG3TPjYZJDRqaSbbQ0l3rxyz0no+KaucjHklvRzU+mkKOVkC7MEU8uiFgg8k7HzZAMXIk5Q0486VQ+FjjQmHpaaaHcWY62ADbvgE77q26R6HCw590bt2oLGwOwPMto22n4m6APGF+FnAQSdI9DlwYO+eauFV9JYTptkWtU4DNWP+8HESBOOvHv26wd/t8htcq0zu6AGqwBy1CaBG44To= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1139; 20:yZ/41oQVVWu8jmBwvmn7HIvVf8o+lEJSnrkqEsX2/VTmnNUlL++qCNG6lCJBEYSDRl7OtocxdQViHKRzVQJ6uTBMFixNBRlLwAb1zX+uJdKMhWyDaFsjtQI2YAXPxb9FeQOV1rqGkj/CV2o88b77Bf36BgSKAA7nDS/tc/HR5ODeElJLUQ1nJ4Qu/gdoCnah6+EF9h9yPUj6RSdCuvFUTMovWdMNQg/4Z0F+tx0o43Di3O6NPes2sxpjtwYtW35M X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2017 13:38:19.7554 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1139 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- Documentation/admin-guide/kernel-parameters.txt | 11 ++++ Documentation/x86/amd-memory-encryption.txt | 68 +++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 Documentation/x86/amd-memory-encryption.txt diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 7037a0f..05742cc 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2197,6 +2197,17 @@ memory contents and reserves bad memory regions that are detected. + mem_encrypt= [X86-64] AMD Secure Memory Encryption (SME) control + Valid arguments: on, off + Default (depends on kernel configuration option): + on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) + off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n) + mem_encrypt=on: Activate SME + mem_encrypt=off: Do not activate SME + + Refer to Documentation/x86/amd-memory-encryption.txt + for details on when memory encryption can be activated. + mem_sleep_default= [SUSPEND] Default system suspend mode: s2idle - Suspend-To-Idle shallow - Power-On Suspend or equivalent (if supported) diff --git a/Documentation/x86/amd-memory-encryption.txt b/Documentation/x86/amd-memory-encryption.txt new file mode 100644 index 0000000..f512ab7 --- /dev/null +++ b/Documentation/x86/amd-memory-encryption.txt @@ -0,0 +1,68 @@ +Secure Memory Encryption (SME) is a feature found on AMD processors. + +SME provides the ability to mark individual pages of memory as encrypted using +the standard x86 page tables. A page that is marked encrypted will be +automatically decrypted when read from DRAM and encrypted when written to +DRAM. SME can therefore be used to protect the contents of DRAM from physical +attacks on the system. + +A page is encrypted when a page table entry has the encryption bit set (see +below on how to determine its position). The encryption bit can also be +specified in the cr3 register, allowing the PGD table to be encrypted. Each +successive level of page tables can also be encrypted by setting the encryption +bit in the page table entry that points to the next table. This allows the full +page table hierarchy to be encrypted. Note, this means that just because the +encryption bit is set in cr3, doesn't imply the full hierarchy is encyrpted. +Each page table entry in the hierarchy needs to have the encryption bit set to +achieve that. So, theoretically, you could have the encryption bit set in cr3 +so that the PGD is encrypted, but not set the encryption bit in the PGD entry +for a PUD which results in the PUD pointed to by that entry to not be +encrypted. + +Support for SME can be determined through the CPUID instruction. The CPUID +function 0x8000001f reports information related to SME: + + 0x8000001f[eax]: + Bit[0] indicates support for SME + 0x8000001f[ebx]: + Bits[5:0] pagetable bit number used to activate memory + encryption + Bits[11:6] reduction in physical address space, in bits, when + memory encryption is enabled (this only affects + system physical addresses, not guest physical + addresses) + +If support for SME is present, MSR 0xc00100010 (MSR_K8_SYSCFG) can be used to +determine if SME is enabled and/or to enable memory encryption: + + 0xc0010010: + Bit[23] 0 = memory encryption features are disabled + 1 = memory encryption features are enabled + +Linux relies on BIOS to set this bit if BIOS has determined that the reduction +in the physical address space as a result of enabling memory encryption (see +CPUID information above) will not conflict with the address space resource +requirements for the system. If this bit is not set upon Linux startup then +Linux itself will not set it and memory encryption will not be possible. + +The state of SME in the Linux kernel can be documented as follows: + - Supported: + The CPU supports SME (determined through CPUID instruction). + + - Enabled: + Supported and bit 23 of MSR_K8_SYSCFG is set. + + - Active: + Supported, Enabled and the Linux kernel is actively applying + the encryption bit to page table entries (the SME mask in the + kernel is non-zero). + +SME can also be enabled and activated in the BIOS. If SME is enabled and +activated in the BIOS, then all memory accesses will be encrypted and it will +not be necessary to activate the Linux memory encryption support. If the BIOS +merely enables SME (sets bit 23 of the MSR_K8_SYSCFG), then Linux can activate +memory encryption by default (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) or +by supplying mem_encrypt=on on the kernel command line. However, if BIOS does +not enable SME, then Linux will not be able to activate memory encryption, even +if configured to do so by default or the mem_encrypt=on command line parameter +is specified.