From patchwork Mon Aug 22 23:25:25 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9294717 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 10CA4607D0 for ; Mon, 22 Aug 2016 23:40:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 015EC28B1A for ; Mon, 22 Aug 2016 23:40:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E995B28B1C; Mon, 22 Aug 2016 23:40:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3F5FD28B1A for ; Mon, 22 Aug 2016 23:40:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756975AbcHVXkg (ORCPT ); Mon, 22 Aug 2016 19:40:36 -0400 Received: from mail-co1nam03on0081.outbound.protection.outlook.com ([104.47.40.81]:58142 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756969AbcHVXkc (ORCPT ); Mon, 22 Aug 2016 19:40:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qXLJFbGwxcj95khbs1Nf/QYYEZw1R0qC6WP9mDN/Cqc=; b=QVcFfFaCSe+t9cXnE8DF3av24CX7ywyuuMWYbcGxojzw8ZglXKEAzYpMJPQ3ZU2i21QeVdFImft1BB9lV+II7GitblrZyhKKL+n98MtMLO8H9jS72E4JTixrU/Ki0JTGAGscBS6ehkwzErSFNv8nvxruDOD+1iACwLJSi1CizYg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BY2PR12MB0662.namprd12.prod.outlook.com (10.163.113.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.587.13; Mon, 22 Aug 2016 23:25:30 +0000 Subject: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:25:25 -0400 Message-ID: <147190832511.9523.10850626471583956499.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN2PR80CA042.lamprd80.prod.outlook.com (10.141.39.180) To BY2PR12MB0662.namprd12.prod.outlook.com (10.163.113.151) X-MS-Office365-Filtering-Correlation-Id: 5098a291-8f81-4af2-a59e-08d3cae39ce2 X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 2:UMie7XdaK38oxE1HvJkWZoA33nNuouWo8JU3Ryo8QTzUU76Q/rk2TczzgFp2KdF2hianlX1nA8zMuAK82o6q8M6x+wHLfptskKJzksgJJynlOiva2u7N2D099/R+dAn6BlJs6xh59hbxGbhBOluG6U8wzr1ENSrQ15l/iaIUXATMSgLiMcoArRm536eicwXu; 3:liHSwcwLN3RRY3wjvVgcZsbgAQheu3gInO7SZOdXqezO7s7kWm+XmWR6q/BmLnN+hPGdUu6V7QSRJiFnnlrrkBMPX9nuw1/FAiQJ+TDB9ZfoIVtc9hAdkc4MKo9TSqHV X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR12MB0662; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 25:vdtUiBHr9i609fs6LDlwV2W/86fLZSiWelcDnVRewyVJc9+MNzR2PH5pzYUUwjJ1WxBDpIN4LbKqD+GS8JZ92bc3o3Jv9rKpNFpCpOKEnwIKnkGtgjebP3zum9Fy/vRWhNLj7SeEX7c1IYQktw8zu2y9r2AWcJ01GFHQa4D9u6tgQhCO/enwTFGV30fphHpmIDmL8zw9tTspKBgt0zW1+mwTC7Z6LG+Vc+6o2YuaKUNX/7Js5OXdi5bGdNLnroo0QYjg6eOvflBCkTPq9R//BM7oPBndIeoUwl6vtcRSSue6c2FPzoLS/lyns4sKXeGX+1/VBLE+zO3BDGume3ghNfT+axmElnRnRtYSBP4XkPuVxdDhDgSbcJYRH2admkGbGwvvHFI5gDfNahWZPh1iUeF655McD4isOZTG5qTWybR0fwPngC8g3FmGZCNN0YXZmVQ1upj4rNgxTbb7tkApFGvwCigbtjAfUaZzmqnbZ548DIC6osdy/9m4mNi9JKAm+vi968NsbNMEaBlj4fXjjycneI8zpgfM7JFJSUltSPRG6oSGpdO92MMbcdW6JlbYZIrAYJFiZAxplmru/odi74y43pST38kAEZpNmPmUudBZlWfnW3JkFyKmg8tyHUtCNtgSGJlMp+AfNN8kW4kUN+CQT5EmiMkJXPzA9ybJSA93f/wnnt7XA1Sre0LAT51Tiwyem6K+U60LXwXRfBO52cnhCISS/bTZs1qvk115Lgg= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 31:oAGia7Lm0H/Y0XUGUygfzcZ21utgYvgNhFSQyqc9Tic+96uc//qxiAxsvDHfKfzTKZ76gU7h+jZR5Tx6qoM8V/7RxqpUBG/CKNd+mqrqNs61Mp3mRnZwbrRQA8iFp7Dtv1u92l2CuuPb5TOUO5dApS4TN/IglTRLvCwOBQPRF93as6qtKLkPWlfUiLZ0TvqtXIY44GQjNIjS3vtk1+/092Ola6p7Hscp2GMqSfeyCZI=; 20:CHdpS5odpsaM0+wXzJ9BY8GBQ82rFDFxc4vI/kpH2rZJwrVkmRJHDB9yid3vKkWTVPXALlBKFIVtVPnNWY0rXp8we/QqY7mztigbT0HvF2tMzpGaNb9aoBXg+N2nxl5stIH5AzsHhLWcpnGKn+wNu9p954wLRPYpi1/cDWu8mX0U+3DRDMRuv5WOM70XBPwcBochzgNAyCATZzXcPYPBOIY6NCZhndu7Domh5zbv2fhKbuplcJTbHomAsPvP9fJ/MCN6scwM9LYvRUaYj/ib1FMvz2l73ugKqVBbOPWy+G1FsALPrA+8GNfUtlAR23a8VbRORrCEeSPxdFziJJZuAAtRjll0ysguS5BE2aTm5mF81/bySmYcd6XWnA4u3gOxecwmdhuWs682WdD2SpLi0WDDbQWUD/utIfnG1qj7/jUFkGr2OdRRRoQzEJq6PfANB/Y9bvf6SmnarYN4+Ot9VoVZ5xmXh760HKljx6MfiYkzr3yO8cWsJKnHfXJsOGhd X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BY2PR12MB0662; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0662; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 4:hTzINLHsPPNCcDY96Ff69HT+FQLUqHDcX+R3gDr5amk77vSVIHVRKx+69gM7YgJvJB5j8rx8v2TtqmkQoWjOryWQQfO1vY3kGQWq7ajKEPKNyf4C+MXtuu0rQbQrWWTKI/VlrEMAoLk2ljQV3OV1tJjOzp56xA1fWfDTt+4xORDSHT23j0m9Zpu1qHflohBQ7RW7xC0pL4AFao/W2XGNYBJtZxS4ALisc+yrpZ+LplOUiMnB9+QhIvT62ZBBbmL+DuyF6Wp9nQcLOYQGDjVmhHmAQSXN2ct3l+J05D2UDqdkO7p4lEgS6+6hYHIlKYQzFp04ZPyOawIGH1qH6X4HM+PwnfcIE2d6OLnGJ8xYcSRWarzeM1C/a9S5EHveGJEsBlpCya3Jr3y1sJwSgrBQocp+emn3UTMbvSWnq8bIKkaBWdc6lKfsrVYJAL7khui6 X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(199003)(189002)(105586002)(77096005)(68736007)(8676002)(81166006)(7406005)(7416002)(19580395003)(81156014)(106356001)(19580405001)(7846002)(2906002)(7736002)(2950100001)(92566002)(305945005)(9686002)(42186005)(103116003)(66066001)(86362001)(2201001)(33646002)(229853001)(6116002)(3846002)(76176999)(230700001)(586003)(83506001)(33716001)(5001770100001)(50986999)(54356999)(5660300001)(50466002)(107886002)(47776003)(23676002)(189998001)(97736004)(4001350100001)(101416001)(921003)(1121003)(217873001)(83996005)(2101003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0662; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwNjYyOzIzOnRMUmhMWUtXblNKMG1yVXhJK3NHMU13aEk2?= =?utf-8?B?eW1HSGpWOXA3MDh4SlV4SERWeC80TGZUd2xvTElkS3QrN2dkTEh4QWdMa2Mv?= =?utf-8?B?c3poazNBWTRTbndrYU1EZGpWdHRuQlNvQmMxY2N3a2p0UVVudWtZRnNJdW1x?= =?utf-8?B?WG1DbFpiRjV1dzl6Yi9VcGZFU1BwYVA3eVJOaTdDWldtQ0xxVUdLdDVrczR2?= =?utf-8?B?TitNRnJxT2w2eEdSeHFiRUxIRElyMHNtSjdqU0F3dHRnRGhNOVpDbG5DS1hX?= =?utf-8?B?RDcyN3hlelVVekJNeUdYZjdpcTQ3bnNMK052S0Z3UUlGbWw0ZW02RnorRmZo?= =?utf-8?B?U2xIRzZvUnRmeXVxc3Z2VTFRTUUycXY0Um1SbzBoNlV5dVFZOVNWMytwQjVn?= =?utf-8?B?NU90NTcvU2tZUVNvR1orQ0Z1N1JZL004V01zSHBlZDh2TjRCYi8zN25XbmNw?= =?utf-8?B?WEJXeWFvQVlyZWhVR1RSSk1zTkxxUjlnZk50ZnhTTStqTHY3NEJUNjBqWkgw?= =?utf-8?B?WTBPcUtIclliZXNuc2F2NGl1dFRYMW1mdm1xWEJGQ2hlMGszQjNFUW9XcmVz?= =?utf-8?B?WWRGaXIzNjQ0TWg1VGRoR0M5dUpUT2s0ZFo5N0kzMGtHWXV2Z2lFSVlmcnM2?= =?utf-8?B?dDZ4aGFyN01wc1FFcW1YT3lCKzBIcTU0Q2UzVCtIWjhqM0VKTFBFTDNhclZO?= =?utf-8?B?Z0hMZHB3dmhMSWtUTmdrV3RTbFkzb0krRER3ejdFYStmVks0aUtlM0VTR3dx?= =?utf-8?B?SGtMdDl0emQ4OFBKQW9MU2tqMFRzT3B2MlRuem5oTWJMamNncGE1SnRRTUIy?= =?utf-8?B?ckFOMjZmbUNkTVJWOHlqZzZhZjE1YS9hTGQvQW5LYzk2SmRWUnVqaStFZW5z?= =?utf-8?B?aGFzV2J5NG1FY2RvTENlRWh2L0tqdG9DOVc2Q210dUJHeHoxTE91MWJTWlc4?= =?utf-8?B?cVd4Tk9KY2c4Ny9INDRCZGVpVENYMks2c0t4K1ZsUjl2WE9ETk9FYlVZS0Vr?= =?utf-8?B?dG1Ua2hNRVNrNnJEM3FNUXVZbEp2cERTMVpYUzFEU0w4MDBJbzJXd3FXVTRD?= =?utf-8?B?VUhueHR1aW96a1J6T1ZQWTVQUDJycG15b05nTFZxRzgyRWZ3UjZCV25MUlNG?= =?utf-8?B?cVJzR2t1QkZGYmIvb1BvbkRDYUhENHBJMXpORkYxK3VON0tiNTBFN3RrVlJI?= =?utf-8?B?RU92RFVpdGcxaDNvZzYwSGtsK0xSZU0xcTI2WkNCU0xHZmc3NHFjRkNMcTVP?= =?utf-8?B?NUFBd1R1aUpTaml2cElyYnJ0eW1YamFLZWtJQUxnVUN5T2draWpkS1hJSkdP?= =?utf-8?B?OXh4blQ2NzF1R29HVkcxaEFiVTlUc1g5VU1DRFk0WndMZkFLUTBWSzdMSHFE?= =?utf-8?B?M0lJSlpjUG1tQzQ0RS9QWDZlekxYVUcvajhVaXZFN3JhTmNmNWgxbzE3WEJM?= =?utf-8?B?UGJtZEJGUmNJdGdSZ2pFSDdXd0crVFRIMmRvamV6Ym9wMDhRc3F0S2M2N0xk?= =?utf-8?B?c1AzZVpVOEtBOXRFNnFXSEtYWXV4YXNrN2Vnc3BBRzRRTGtPUU9TYU5zd1dx?= =?utf-8?B?dnBvK1hFejlmNUpyanlaaUdocHVZajJVV0Z1c0szOUFjeHlRWXRtK2h0NGJH?= =?utf-8?B?R1p3NnlITUV4dzJOeHRaU3lvbnhFVGNjVVMxOXlKcmg4MFAyaVA5QW44M3NY?= =?utf-8?B?d1UzQVBmOE1BZFM0dHZrYkVoMFcwSjhBTmI3cUJzbE5vMGVrRElsNGJhK2dz?= =?utf-8?B?Rkw5MERSbUlENnFYSUYzSGYzNlVGN3FLbCtRTElORmpLdVJoeW9uWHJZMEtM?= =?utf-8?Q?zZogFhe6ouogS?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 6:kbkB0EsO/Dwqye07i3H2Rsnt1uOOpni6HeNj3W6APVPyFQXevTpmOzWV7reNx9jVAGM1ei1w0Zqlbxjg2qFyBtZR0MbmH6b7eYapvNLWeUHnzbeqJ4f1wuAxnUKhpBcQ8+zpDRtG9vUgu4ADbKW2gxMoJGCjw8xEqCYL79DTNQNRHW3HGVz9N99Xu5S6OqUvytS+faNSCNfZxwUnH4aIxBFo8vFMysYBpQVJ+d910PMS1Y3dRKfwItGooCr4cRoFMvXG/kUreCSl0T50r+df8hi/OVULSZSr8vEwc0TDasftHjzOn9VR47t6Yho7H7srajcGj6b6TaYRhutQTF8FhA==; 5:kfhTd8meAZRS5H9MHea0PXOZ3LgDjiGjgBewiELLv1amiD2lJVpSZv2oya5Jx4uyYPGIpteaEz3UH5aBxRZoOTh/fRidRfsXwY1oByJVnJGjampbcc0hIjQ36KNhKw3S6jIya2ELC3yevcMyldJzvQ==; 24:bNYqO2IBRmOE5Eohm1hA3NuweoGds/d874l+GBGut/FpuK4TKPQDd+G5moXs0hU25l7CWXrA3NEU2puEZ0mpJBeJ52q1MAOKtJgGeJFy11M=; 7:9ZGljIDPzUUkfR2h0X9XpR25W0URRB/SwaGJhPv/OdEftUvPZI8QpG+b+r1nZyXJXZH5D0la+13a4KNvoWrrNIbZBelrfcczhdE6fyvXsb2ZcNzVwXOPH/cVKZ/CMqXqncviVBkueID1sEKcivqyyX/mkwd+3bm7Y/UeOcwFBEc/eQyzR5S8QMA1lDoAechfjJeKv5tbmrzd2zqLsre7x7kPYtVRBnPEu+d27xT08pDnq5phKN5UL4SSALivguQb SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0662; 20:SpZviIbl27JNN9liTvpB3d8q52kIhiA1L2mmHsyhKniHyOO6F51rs1BW2HI9oIQILvl4aflThuaPHEzOReotWUqPxgFxjNBLQ7CMM8aBGD3JHoF9akxdz4QOLSQ/9Hs0AoU4kLHdrZnr+KM3NECS/VmH129HXj27hEX2vA0ZKdE0AR0lKTyktr71UfsdZf8td8STXmSV9PFs7BHbd9jx144RfLyHY57hKEGdfwLQPAgK1pt8CHeFSMuVxwzYsJm6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:25:30.5510 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0662 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 0871ea4..98363f3 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -213,7 +213,7 @@ void efi_sync_low_kernel_mappings(void) int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) { - unsigned long pfn, text; + unsigned long pfn, text, flags; efi_memory_desc_t *md; struct page *page; unsigned npages; @@ -230,6 +230,10 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) efi_scratch.efi_pgt = (pgd_t *)__sme_pa(efi_pgd); pgd = efi_pgd; + flags = _PAGE_NX | _PAGE_RW; + if (sev_active) + flags |= _PAGE_ENC; + /* * It can happen that the physical address of new_memmap lands in memory * which is not mapped in the EFI page table. Therefore we need to go @@ -237,7 +241,7 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) * phys_efi_set_virtual_address_map(). */ pfn = pa_memmap >> PAGE_SHIFT; - if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, _PAGE_NX | _PAGE_RW)) { + if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, flags)) { pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap); return 1; } @@ -302,6 +306,9 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va) if (!(md->attribute & EFI_MEMORY_WB)) flags |= _PAGE_PCD; + if (sev_active) + flags |= _PAGE_ENC; + pfn = md->phys_addr >> PAGE_SHIFT; if (kernel_map_pages_in_pgd(pgd, pfn, va, md->num_pages, flags)) pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n", @@ -426,6 +433,9 @@ void __init efi_runtime_update_mappings(void) (md->type != EFI_RUNTIME_SERVICES_CODE)) pf |= _PAGE_RW; + if (sev_active) + pf |= _PAGE_ENC; + /* Update the 1:1 mapping */ pfn = md->phys_addr >> PAGE_SHIFT; if (kernel_map_pages_in_pgd(pgd, pfn, md->phys_addr, md->num_pages, pf))