From patchwork Wed Sep 27 15:13:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9974285 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DF82A60365 for ; Wed, 27 Sep 2017 15:19:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D134128881 for ; Wed, 27 Sep 2017 15:19:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C59DA28FCD; Wed, 27 Sep 2017 15:19:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A94628881 for ; Wed, 27 Sep 2017 15:19:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753421AbdI0PTL (ORCPT ); Wed, 27 Sep 2017 11:19:11 -0400 Received: from mail-by2nam03on0084.outbound.protection.outlook.com ([104.47.42.84]:59616 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752551AbdI0POD (ORCPT ); Wed, 27 Sep 2017 11:14:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+PUbyYakreoV/xuAKj775c/uOLDyziWC0kE9TZMMMMg=; b=psigQWrc5XoBXBM//ny3FfyMfOq1Ep7AZzCJg83HrGqp3B5XKcmOuIH60qIRZmEyKUf2Kp27Z+OmBEOwlraK48r+h4Krbq5aofj/ZudulNYiO1kEduCL+0wZ2lLej5gqGd7IFYUvb93bSWbM9Z5VLqBLnbmjwhbOt1igdP6JlS4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by CY1PR12MB0152.namprd12.prod.outlook.com (10.161.173.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 27 Sep 2017 15:13:56 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Tom Lendacky , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Andy Lutomirski , Matt Fleming , Ard Biesheuvel , linux-efi@vger.kernel.org, Brijesh Singh Subject: [Part1 PATCH v5 07/17] x86/efi: Access EFI data as encrypted when SEV is active Date: Wed, 27 Sep 2017 10:13:19 -0500 Message-Id: <20170927151329.70011-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20170927151329.70011-1-brijesh.singh@amd.com> References: <20170927151329.70011-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR04CA0033.namprd04.prod.outlook.com (10.174.93.150) To CY1PR12MB0152.namprd12.prod.outlook.com (10.161.173.22) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4dec8250-0a35-4819-4932-08d505ba6050 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY1PR12MB0152; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 3:Nv/tZfggmi5p5Ual7zie9s7RMzHUbaYEdGGiJGnYl/p2ju4aNng2qL3bVwQFRZAE+vbBHo0mmhPN7aTa24OFyLwoFJk+b8yyayTpvXLsGIyu9S5hfSCrV5Z3C/BJGkBo2HfEiQXVv5p019YFdgxdkFoDp4b0ifGlhpwvGPxrczS3NtFlFDlEySYCFofCWI108YNZ6ccRXfiJO6LndElA7IgxEeGlBlzWQEHSxnQOhhSTN+ti5uO+2pISYSpBurQz; 25:hGDC0ytAv1hadL3jA+scIdXPJpPy++SMT7/Rqs8HVGV8Bx5vkjy8ht7mZAIuux6QeFZ+4ny1DB/CdbM3m/fuyCS/5wwVzEyxahP7BGSzsH12N/NfsFgH4pqaHzq8P6GH04WtChTZvmVuO0l3OWgP4epB3xkm4pSY6V1XsDDjf+s52JoUQh2sKjGZ2KnPBJB3X8hylPNeFAKUfl3RtMiDPn3MSNuzDWtcNF92kBjGLUP0xYHBjxCtDIelaQquYRDbmGlKQicPxg7plD9qfbUwZTXPCkJqp8RZ6DrKqNAeXEP9NYzC6BffxeE1xe1CcIQhcNFCcvE2D+5Lt0ePdRcPpQ==; 31:EG7D5Xr0SY6TSBo5Q2qBFex+wLlmI74Fg4PJDuIbmtF//BhJRpa+SGL/jIWm8lZOEk/gR6obhPPUMSy1lKf462miGNjtLPgaV/+mUmchL1A9ofAnV6jGEHXNev8hdwy+NbZwEVm55+vXSrGsT8hJgq0OJ/T7HGFi8tBXyyUU9ulVXBF4DOoZn3Wk5Gn8cfZHXXsAggsN9TMPWNg+KApz+2O1GOqvt5oDLRYB17xafM8= X-MS-TrafficTypeDiagnostic: CY1PR12MB0152: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 20:RMVWMWdVmJUOa0JWwRISTbxKsbc4gP+FZBz1qUoXKVBJsbLFTUQpsjuGwRFbvDKXehNizGBFPNUXmhHCpYg5W9OhYv6OQfHK589KfpdnzI8ci9wuFM9r5Ii5+wVDezKDs0y/dW60gpCriNlwzO5IgW2PTS7YOkLgi5z/V2AW/0exIgp4N0/uOuMqRTojzWUveNqxnvTCkhPnVwrVe+sgl7uSaLoVztO9rFEtFbxGSrX2hEWCbsBIKdvYdHjY7+7qO7sWIipdqy51+6HJdw6mmVZS0jQ8eLrzZKgFbbNOK1fCyY/h9iBxdOJFxBAs03f8Lh9abOoOAAGX2SWfQYco2WFdzUaqMrV9Gbu6K6kU3R7rOI1JycpmLemYCb96QJDZvXjHQ1u4WztWTo9MwEELGvq5ZS5FWI5HYNhc4UNCfY9TZDojEIHeVugCbslb4u4bnbnUfEpJKWCfo3ouQWFM2bl6RCxPL9SOo0G9lToxf4DfDCcoqhy9Nvk63Ve9eCm+; 4:2FdiSojU4g6IU7YcmGWw9i47RbBsgbTk38lAT91aenEdL9R7CSh9wlgk/vg8uuSkQeb8LUMb1m2NIhhjOmn9xR+Hj2gjH1dWQVfT7oLb5OZoajtam9hAm73+vy68R+nm7IErFrKc06eNuNe+wRrhD/Q5Sc84IVM9BcjucoTTUMq54a6RAtmMCUFZ7CPl6JuYo/clAv0AizR8iAqqUmncTHmOsYF8TU+1uazz8/4ADcOLOQAHtcqJ771ywCUq7QH5nM6isKcO+6tWvytnp0e2OPf/MPqTiuI2kTXK3Thfp13FeEGgt+Ly20M6oOLjBmCX X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR12MB0152; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR12MB0152; X-Forefront-PRVS: 04433051BF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(3846002)(25786009)(6116002)(53416004)(106356001)(8936002)(4326008)(54906003)(1076002)(6486002)(50226002)(8676002)(305945005)(50466002)(5003940100001)(81156014)(48376002)(81166006)(6666003)(68736007)(36756003)(189998001)(7736002)(105586002)(97736004)(53936002)(7416002)(2950100002)(101416001)(478600001)(16526017)(16586007)(76176999)(50986999)(316002)(47776003)(66066001)(86362001)(33646002)(5660300001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0152; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR12MB0152; 23:7fP3G7QXCQi/8PNqpLHRbH6HnSXVfwEFmkzramSRZ?= =?us-ascii?Q?999ND/duTdg7M+YoZA/FiKIgdM8qBrDGtCLaG2oOOfQe9zf92tjGabjOJgPq?= =?us-ascii?Q?My9S3EKc/WcCIxXBdTkVXR8RGVDe07KhK32jPAzr2Tf/Ie6TMX1VRYJa3Bbd?= =?us-ascii?Q?/gX07bwTqP6djZMESvPxXkf38zTh9/H6BAOGkw+Ol+zsMWQc/R+SVmyX6Y9s?= =?us-ascii?Q?YLA4WoEH8hDD0jnz/L4ZPABFhEU4fg/eZWyEerHxfHzliTYD5IiW08qF/plT?= =?us-ascii?Q?+Jk+zPkCpC5Z29XQ91TFK9upzDhYa59RHGPH5q6F3d0aeu5JdlTrVryvkU1r?= =?us-ascii?Q?5k4tWMFkMtNa7zm39DbX9wRcu28Zfcsc9FpxupXFt9umEPW1YGFlZv8Lds1H?= =?us-ascii?Q?WlW0mGvmvHye4YikM3nta2J+oX+W7uWqmKUux+oBBcbiECZLJKA+9w3C6pZK?= =?us-ascii?Q?fgq951XB2nNyPcC1qrQxN8ksiqcfNooCxP6yD5jAkM4VaBy0JrtEY4x+Zl+L?= =?us-ascii?Q?TFVNhkVEE6kJTUYH9xtqo1ohc9UZlGAm0WgPetwjxX0CVNb9P+ghnGIb0LQl?= =?us-ascii?Q?o0CuKZg0ZoQIPZeKM11FMSfOehHwBCZ1ukYVasXyPLb9mjcE4sqXn0rFAW1B?= =?us-ascii?Q?wTYXmAJhpdgyw505rME6I5Ja6zbsjmCBk8oM837+Nk2BLozBiY7hXJgWxkd6?= =?us-ascii?Q?zqmmjng+V0/C6/Ow7Urv66HY2YLPXsRKBSLON7+TGPl5j5pmUm1IKzYXuPAt?= =?us-ascii?Q?LQkKzTgk27ruGi+/LQlrxFz34fZPE5cd1/S3RCmDWbciA+2bTkcY0/HyPfeV?= =?us-ascii?Q?mnbsS0Xj4xJoAPlNXOMuORA4sphGv2WGid96FrTIHEO+BpJQ4I+YIefE8k/8?= =?us-ascii?Q?Es0W9qXdzvaCDtkhvYbOxziQMsV1WMVz5BFEJAgMyqMHqcYRAd6x0lqhzunx?= =?us-ascii?Q?P7KXsUdbYhlm+zhcEBoH4in8nPQ645gPU0+rqGMMrhnm03b4GsiYu9zuRt/n?= =?us-ascii?Q?JyLs2qzRIEdD82/Hcw4b/IZ1uXHeEoZcMFf4vPRvW0wbXGppWyP3vRkELp+P?= =?us-ascii?Q?yRnrSaurF8jadYMi2gk5RdKaxFD620tin/0fLfLzT19d5oYBBHVv9MTiUYgr?= =?us-ascii?Q?fVy40t2XoE=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 6:ir9h4fqBj2JLuw1svuUwNU9n/sDAMmQp9A+pgvN8Qg9J/kSYOgijEbgb/bFzzaRI04ONgylVzBDXJJH/r4M/UElFzgwhBNELLcp0X8cAB0uizFwUmymG/uwSMNwbg8U7q72vmkbaOmOVKQrtnqjwlKOC9wYLKB07x5efAOjzWCI/9CQN1l+BYME3sDmIE6VgauFPh8xePkMTR0kDXF5+0jYsmE/L/nWLSaoI0BpEpEvkoHdNITlyWIOZJcCqtVagIeihxX/zqDYl9h3EOeeNSWgxVSc7HzRXrLFhhz6WQxarWwHNQ5Nv2eiNRyi930y7oXRZL0rfUYaVM+M17YU81w==; 5:7Nf8VljtptK/M8UiaifKXcPJopkXpy7PDbq6zp3ETw0PdplmkE4t382WXJ2mXymMJHunvASQUyz5JQ0MRTQit+PZv8l+0KzSsBvFbQbtMvBWYpxK+pnUMOkaATng+LlExMwEccyZ8QqRyuVoup/C5A==; 24:Q0eGnL3jiBXgNzVztxdwL6Pf/LQKMT0DSfTLyaYvtn1cZLlO9QLjOu02nBMeaOJoxTYBKsY0qLFxBr8dARA0eMdm21r3icCaRYs5+tdSG8Y=; 7:3lB780/JfdO+hPRN2u/Xks5tcwiK73HtTVoCCAV4+KQ1bsIAZDJGJSmcL/ejTr2rIudtM046sxkYbWSGURGsUQZXB7l+easZx39U08P8yZvCXe2tQNWh2o2f8AY6CqeT05yhqEbL5v8/Eyfm29r1+M3w+Mo5YXBAMP+KAVeeM1NrY9w1/YqvOqQLOTYHB9PMn12YR7zyKD3E8+yF8PmVkwatqqtivjngdBgtnzzzkVQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0152; 20:4ha4B0ZbwjGme0ppHRmV+R96AkoOu9q4VOWqnqPdhvAnedXa/lTV9T1PKiIvmGD8LeUvUoIev5D4m8kbxkMDQxcfAK9dS/+gkmcHbCc5IcKmrVpqbF4ghshPjuA0WamVcgJQSFM82XEClu4p/aJiuFE4LPTnA4pgArvFWElSDs0oQXZ+X6qo4FYHZVjXO0nDCJKarRkfvE2qNrI9ABowTMscTFzhQHeeEho5oN0R+ZcOarvG1vmHn22xhYH47WOF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2017 15:13:56.6816 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0152 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Matt Fleming Cc: Ard Biesheuvel Cc: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/platform/efi/efi_64.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 12e83888e5b9..5469c9319f43 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -369,7 +370,11 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) * as trim_bios_range() will reserve the first page and isolate it away * from memory allocators anyway. */ - if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, _PAGE_RW)) { + pf = _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + + if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, pf)) { pr_err("Failed to create 1:1 mapping for the first page!\n"); return 1; } @@ -412,6 +417,9 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va) if (!(md->attribute & EFI_MEMORY_WB)) flags |= _PAGE_PCD; + if (sev_active()) + flags |= _PAGE_ENC; + pfn = md->phys_addr >> PAGE_SHIFT; if (kernel_map_pages_in_pgd(pgd, pfn, va, md->num_pages, flags)) pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n", @@ -538,6 +546,9 @@ static int __init efi_update_mem_attr(struct mm_struct *mm, efi_memory_desc_t *m if (!(md->attribute & EFI_MEMORY_RO)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + return efi_update_mappings(md, pf); } @@ -589,6 +600,9 @@ void __init efi_runtime_update_mappings(void) (md->type != EFI_RUNTIME_SERVICES_CODE)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + efi_update_mappings(md, pf); } }