From patchwork Mon Feb 28 02:13:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 12762303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 597B1C433EF for ; Mon, 28 Feb 2022 02:15:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232520AbiB1CPu (ORCPT ); Sun, 27 Feb 2022 21:15:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232479AbiB1CPf (ORCPT ); Sun, 27 Feb 2022 21:15:35 -0500 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9965654FA0; Sun, 27 Feb 2022 18:14:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646014497; x=1677550497; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CGjUly9oOqE8jcazWKvTLpspiX5nMpmHIHIgV7VYEKE=; b=kdMYFYjW6lkhxwLUi3VFU3q6Nhb61rPqCmV6UaFJNyhb4nKtmE5rWX5f zLcc1WmLyZ6N3Vg20ia90MoYGttMtsXmenyoXx6tdORr+4LURc6CjXSSR eV3R0vu8FddBoUP4r9MfFAtuNVIHwjlKIpicE1QCN4haoIk+J6r9sKWRH lfTq8XuFiexYLc/AcMKcGnR/wz18RxI3XyqPUcESHHB3r5BV7oAR4+u4H rNaehdrCcrueZ2DgzRrkNZPos6/JdNxRPhWrU4gevoPcgtqwSUdrmE9ti cKYlxfYEcexBlYkxk8BUPrEqf8BToy61zM4rX4fGsy91cq2DJM7jLvkVM Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10271"; a="240191967" X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="240191967" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Feb 2022 18:14:48 -0800 X-IronPort-AV: E=Sophos;i="5.90,142,1643702400"; d="scan'208";a="777936966" Received: from jdpanhor-mobl2.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.49.36]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Feb 2022 18:14:43 -0800 From: Kai Huang To: x86@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@intel.com, luto@kernel.org, kvm@vger.kernel.org, pbonzini@redhat.com, seanjc@google.com, hpa@zytor.com, peterz@infradead.org, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, tony.luck@intel.com, ak@linux.intel.com, dan.j.williams@intel.com, chang.seok.bae@intel.com, keescook@chromium.org, hengqi.arch@bytedance.com, laijs@linux.alibaba.com, metze@samba.org, linux-kernel@vger.kernel.org, kai.huang@intel.com Subject: [RFC PATCH 15/21] x86/virt/tdx: Reserve TDX module global KeyID Date: Mon, 28 Feb 2022 15:13:03 +1300 Message-Id: <977a5a4356e47111c05f5d5e5766c743c8db6215.1646007267.git.kai.huang@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org TDX module initialization requires to use one TDX private KeyID as the global KeyID to crypto protect TDX metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/virt/vmx/tdx.c b/arch/x86/virt/vmx/tdx.c index 8dac98b91c77..e6c54b2a1f6e 100644 --- a/arch/x86/virt/vmx/tdx.c +++ b/arch/x86/virt/vmx/tdx.c @@ -111,6 +111,9 @@ static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMEN static int tdx_cmr_num; static struct tdsysinfo_struct tdx_sysinfo; +/* TDX global KeyID to protect TDX metadata */ +static u32 tdx_global_keyid; + static bool __seamrr_enabled(void) { return (seamrr_mask & SEAMRR_ENABLED_BITS) == SEAMRR_ENABLED_BITS; @@ -1239,6 +1242,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EFAULT until all steps of TDX module * initialization are done.