From patchwork Thu Mar 2 15:13:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9600437 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 90AC260414 for ; Thu, 2 Mar 2017 15:31:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81677285A1 for ; Thu, 2 Mar 2017 15:31:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 75208285B9; Thu, 2 Mar 2017 15:31:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F138B285A1 for ; Thu, 2 Mar 2017 15:31:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753000AbdCBPbA (ORCPT ); Thu, 2 Mar 2017 10:31:00 -0500 Received: from mail-sn1nam02on0088.outbound.protection.outlook.com ([104.47.36.88]:53145 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753304AbdCBPaA (ORCPT ); Thu, 2 Mar 2017 10:30:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7qEqv3aG4a5L8YTSqBcl1Y9o0/GqS6PS2cqcSxP64i4=; b=tlUL7zyWOm293485mAHkTcSGJcI1nPvIkpFosGYHL5jjEriuhM7+pelmMG0F2+utbrJ0EL7D+CJadQP2oNQwdo6OF+NnwR7B7Y3Aoyf+UepyZ3aR2/Dp2i75GgvlCVzulJTDBShDgpe7m2eXro2u5pdRzDDTsOSEtjl7nD5mPMI= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by BN6PR12MB1602.namprd12.prod.outlook.com (10.172.20.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Thu, 2 Mar 2017 15:13:24 +0000 Subject: [RFC PATCH v2 07/32] x86/efi: Access EFI data as encrypted when SEV is active From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:13:21 -0500 Message-ID: <148846760142.2349.8522516472305792434.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR16CA0040.namprd16.prod.outlook.com (10.172.42.154) To BN6PR12MB1602.namprd12.prod.outlook.com (10.172.20.151) X-MS-Office365-Filtering-Correlation-Id: d2b744ec-5dee-4fba-745d-08d4617eadb9 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BN6PR12MB1602; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1602; 3:NX9IA7dzhWk03RUKvLjGtU5/GwFC6yO1aqSdUBLb+r9v6gefepdEJ4MUcgEsxl1vpSqyth2Q8BsoncjBs5QJGNPa/+B5+2G/1YmA2dnRkjDxLCrk/zDh94NRFtev5du2m3cB9u4CMW6C0v22q1Eeyt0rXvSDk4MV8GSV+Lblm7vuyxi4H0/jwNnMZsT9G+OgD0m8rFUF65j1r/LDyHXKW5CvJt8Dw0ZrG9QcEt4LU25pqxznqehkg2l/2Ih1T7fZd//fWE/PTrF2slHKzFXavcnzNys6DINP7WO/uX6uAGs=; 25:saC6xuPEf8JWXsGCygBvPiZO/hEUP62vRrD6SgH9aqAsZLYRWUrCikAmsS9S0ltkyp8e0lZMTCEeRPGveLigcbXBwFABtPFb2dEDrefzM7EZURdVUglgwfYwHugo5PyduKMm5BWe85pS+X8PmYfZ0vCmmDl2/U76/GjazYe1hmP/CLfL2MHbpHxArobldjj0EJUwfHfVazkGKG/HaDN98GZwvZLrSSv7Xqyg6e1Bx+W4/C5qcSpiYMTt3VytdUs7/c5ZWMsaB3qkW16HmlE3A1oGcmlUnA2XlT7cderIoNNDnTVbvrOm42Zd4znBIVPDg+iAJW0V/Dr9r0pfDPtvq3YRY3brawf/oo+2jimtTNJlEL3+kERZuaSDvcW4jTWOz/aBBwTit9Etpo6W6A60PkzcBJdTWROg2M580Y2ZHrRyvltvDp4Sy8Qs8jCPHf2jGHifTrwexHbmp95Kjbw+Lg== X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1602; 31:4sgG2UvXGdpsBZYXzyJ1lGsLh6Ga+8PbJ3Ud/O/gT/bwQ5gyKWPjBK1d9iBtHMzf2afkSePghOeZnkFIe8LsBa7OYUPpJIS+0rgJPoaVcDjqI6Kvg745ikqcCfPAJb2Db8QldTrMCBaP7dYxfuhi170goaKE/c9f2wImGOj2TVk6oDid2BYU/Mfxdu2nRt0CdLfxFt4uPwJFoMwNrtqDGvHsLjcYxI4Wg4EXAyuECaw=; 20:AiuMRgN1PqXIuOwcQkI7gShOU4L5FiUfDCZ1O//KO6FKWMI0HbHt53+va9g32VTOUgjwlByKxujklvgfmv+ZuDf2NUWt0dfuMQqszQRIJRm0Fd7dL3sw80JjR9Jgq4kcjcC5kKCecrQP0IFhfzW11bw2JTxzMzGh2U93y39VULaYypyBv/9Bg6+B9MXF23AQs36u53MBM4sDXdhT+lsT8NkGVCY8gGPuGex5ua+QiGKeWr6G2DwNqGdVW80SNEzpRoNJrLzk9sE5n5dEV0x1HHsPPvt5yd3/WQ7nh8LK3R/GWKQR9YfIndQzDJxC4u2bNOFUwCMbNFoy9+Y1JOBdYdIuUbsh7aeTDmtwWpv3VduOdU+3afLlAT5TkBc3+Fbn+r5LCKwGMjMUdWnbHVJEp5bnHmUn3kjgGasFsJkLzxj7GKzRmZHbu69gSk0YS7SQv187hhGEY8O5HEjjnRz0O9ayuinFI+m2ceCS5yMs8hSI+HAHz1WRJ7sHlhjMsbWW X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558025)(6072148); SRVR:BN6PR12MB1602; BCL:0; PCL:0; RULEID:; SRVR:BN6PR12MB1602; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1602; 4:k/g/XPGVj+JFRVrdPfdHy6uXGdVQhIZVEjUHBaECWxUeW8hsLy57Z3jawAZKmLcDrMAe9L6MC4dC5WqE7GUpFtolWD0CH7YITxldJ+2Ka0bJZqcep3tAu3xvn88jjKB1aksod8U4pBqKtsZP5g4OBVDbD779rtl06qhaggmFAQ5CU1/8JPh95zgFM4VMg9F5zGCR4cWoCq9tIsyFwRDwz53PuFz4s23kBW/r7ajyua/3VC0EdrlMdMtn6loTkvXUKKL3ZDlM8J4gb6K/wI4qRtNMwbuqZKo5TN27qLH8xWTwfijr6BLkDQNKxIqTroornVwkPshurosyCyQrW0quGQZ5idkcmY3O6ynE5yVTrAJxBp4d8g8VDYkSpdjtB9m0Ieqreq/iQhNFpRUyKrAdxAFEK2mx2tBLPPpGaNFRl5ISw+BmdhXcGkoVTwb3t0YdNrKjG7YaynnICY+p5vUX8C25WCQFG+gGNQfiOOuC3djAZC7NGnCk/uEF4El/rbAF6NhKBuepLBITclUp6ey2VsjhOZ8xLV3MRuNvdd+bqiZXVZ+hDTp3K/ta21sNVhPx0KhoTUkoimHIlK6gK0faIf5tCIw+wiNnc9t/zwIajLBDOzQRKHxqjD9nsT5LDgnB+NT0X4onWYlR3KnRna0UqWVM4XqNhdTeCpNgarbgZT4= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(39850400002)(39450400003)(39860400002)(39840400002)(39410400002)(25786008)(77096006)(23676002)(50466002)(47776003)(6486002)(230700001)(66066001)(5660300001)(9686003)(3846002)(50986999)(92566002)(83506001)(7416002)(7366002)(7736002)(7406005)(305945005)(103116003)(42186005)(1191002)(2906002)(90366009)(54356999)(33716001)(6116002)(53936002)(33646002)(2950100002)(8676002)(81166006)(6666003)(38730400002)(2201001)(86362001)(189998001)(76176999)(921003)(2101003)(84006005)(1121003)(83996005)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1602; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxNjAyOzIzOm1IeFl1WmtXQzlMWjcvN284MGFWdlRTcjhJ?= =?utf-8?B?TERXeXJlbGsvaktMRnZWcTREemVCeVFVWmVqbGxpVWp6cWxUMlltT0pQd1Bk?= =?utf-8?B?RVAycWkvVDBJWXNVekZxNTZKbGY1M3Z0bUNzRHZhTDNqOUhIRFFJc3pVL041?= =?utf-8?B?SkE3cURXVlJWSStPZWVJZGQza0EzL2ZhN0lRb29LemZIM0NGajNaWWlSenQz?= =?utf-8?B?cCt5OE5uWFhOcXZJelFlNkN0dlcrcmlVSXNleHhUOS92MUw1alNpVW1YLzZ2?= =?utf-8?B?d3dYbmo5U1h6clpuNE1tcWI5U2VWczRqaWtOQUlPcGcvNzBrRlZWNVJVVkdB?= =?utf-8?B?NjVXL0hIeld3MUdaaUp4azVpa1BpNjJhT3pKaW5aMGQvV3BGbTlUN1RMQWY2?= =?utf-8?B?VkkrWE1LdllLQ0Y2YmxJaDNkR2VhT1p5dDNBYVFpQVZKQnZzU3hyL3NtaFVY?= =?utf-8?B?Ujd1clpPem4vWk4vUTZ1aG5DelQzQ1owL3g2cjdablpLckdScEE5ek5Ja2E1?= =?utf-8?B?dnN3ckpaZHNEdTAwR1V4T1ErdXVQZEoyV2Q2VUFXa0c1Mm1WdkVmbU9aMTI1?= =?utf-8?B?QjNLcEhNN1dxSDhHb1ZadzdtVGRpUWtCUUhKZ0txeHZvZHNnbWpXaGtDU3hl?= =?utf-8?B?cnFxQ2Fwdk9kUEZ4VmZISGM4a3U1Nm1LNHFsZDRNOURSbXZCWkpTTXQ4WlF1?= =?utf-8?B?ZGpYN3Rka2xzODZnc0tzUzR2emZWNk5yb3pxMXI5bHJyRmN6RW1Yc0tObjhn?= =?utf-8?B?bnBpSE5wU0dwaUdvdVNZYlNJa0Vxd3d4eGNNdUlOdWxrNHJjUkVMb1ZGeU1w?= =?utf-8?B?V0NTampLZEJjUE83dy95UWxjMytDRjV1WTd1WWttTnhCdXhWV2tzU1IvQ1Vl?= =?utf-8?B?dU1LM3NDZlBVT1JlQzFvbGJsUXJpVmZma2x0TlB3OTdTb0daUFNDbjYyR05t?= =?utf-8?B?cHB0aVV6UUlMRmRCdXlYOEdFUytJckpUYWFFaWl4VDMvcVlVMHZ2NDZiQWZR?= =?utf-8?B?M3BVRk9CRFJYdXhhdDM1RStaV2tkejJra1ljMnVVZXlCU0hJRTBmVzI1TjdH?= =?utf-8?B?RVpwL2ZNTzlLNllNRzZZSjFINjREZUI1VVd1cHdnWkcvMmUvZEhaaEJRMkNQ?= =?utf-8?B?M1A1THNjK2l5SUNFYkMwelN4bDRFRGJ3YVBuSDhBanprUElJbDdXbDV0NTll?= =?utf-8?B?QTZhcnZTN0xsWlJjU05Oa1Z6RGxoN1BFeXZZUGo4N0hWVEFyWUZiR1B4QzJV?= =?utf-8?B?djNTYXNVaUdvOGs2T0MrVnZIQ2ZrZ1A0NkRBSWMvbzdEK2NUcG1Gb1liNUN3?= =?utf-8?B?VVlIRnArMFhENFcrQ3JuYjZpdCt2SGx2K3FBUjdheUdhbm12TW9FZHUvWGZu?= =?utf-8?B?a0o4Zi9hWUs2ZjZPeGhIL2NmOHZvQm5vRFl1UVlPVzd1QlM2NlRyTEZGWGJl?= =?utf-8?B?M3ZJM3FRWUs0N1VSZElXSFBwNW5vNVd5ZitkeFlKU1RBaFRFQWpsUU1kZEh5?= =?utf-8?B?TFcwc2lhb0J6WG1kT1Vqc21maTJ2YXJVY0NkVEROU053QnBuVmRyMmxYNmJy?= =?utf-8?B?RU9HdXgySXpoc0s1bmpOWG9WTlNmZGVMampkVDRSVlJBRW5NWENHaFYzbkw2?= =?utf-8?B?a1Z6aFE5REFUL3JudmJVSmxYazh4UThYcEZ1VHlkSTNmV05PT3dpN1dvRnkx?= =?utf-8?Q?k6kG4/sI1+LyqrB3jdth352EZoF0eRcN+d9g5Oh?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1602; 6:PR1ffogYS7RI+3RLO3mxGhZI6wjZcTl086kGgbI3IkNFBmvN6hb4jSihLfUJhcZnya4ClXNr5FbauIDVu/QMn+3XJ6XtjpNeD9M+k60YsYU1GdFHqrJ4C7r2g7PixaFwbHCtOl4O71A1cjM+dBSO04OMJBdkFmtoyTHzQIpRnBnI5YbqZ+gwzLQJINPU58MaX1Q9u81s1UffrLxVfhWEKGMtDIEQKmtxwY9cyruEzRH0zD+beMAJPz/yanaqKM/9VAwBf8rw48EDlseSFpRqRR+7vXbuBtwtYwm4p0llWu8z97+CZGRjzvF2uI/kUsh8tNjo4Q9+SvABzvIhpTO2KUo94i6e/Mq+atzSOvQRRybWwpdZ17SMXdjlKpTfnu6zH+7CizZA+9z4YK7wmg0ujrcSVODSav62JsGnTAopN+8=; 5:VBwK/1M/IcBhdAJyp/KYAvjcNigOne/sCSeL4p49Qz5Fv7HdbpFqZtyDRPmoDelABXKjBP1O1rbFUB0b3yG9UyKIfo/pGmmVcyDcWQpmp7+FmhkE7aZJ4mxLAgLWaTHsdAKouDsiHM6AK/AV8XvrEw==; 24:Uxk9GqzbHO6eGCIe0akiq57/Z7M3UGNfITPgKOop741UuIG0v82Xqikd0sVnn5QggY8x8sXI9EHrFfmgNt/Gi5k1Ltg8SN9c2rbaXzbg9Y0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1602; 7:eWom0u9KP8iCcmfDRiSNY0RdXkwJh8YpNhOVb2UjnnmvL4dfE2ThyXGzdLqomyZUXee+MdTUn6UpkshGENTi2Rh0Clsxh8HFWP+b6wZ/94GkRoN4nQ0aG3U+2h0hpD9hVSG/yU9pPCU10Lxf6YXbVf7lV2wsb0uOS8LaXiUjRiyFH43Aaeo2v8rp436o4id82/EdN1XqyubuxJRrHjM34E6vCzuaX5yIlWjnGrAEH+MzwEBf/bb5kglE7HBZ/fweDin5DNp41ix6L4NbS5DLh7MeqbOcdgGvjOmyEmgfezYeIkynnbdRapEb0N19qq714r4ZrL2atT4hX4/uSp9vew==; 20:a806XDQA2J8xjCPoKqIDcB70uOwQ3Lu/VbE73d8Qd7iC7FEO74PYvoobJ8d0Wt89Ti86fqIXRWr2XBUAlV1LGUk0lU5mZrgEJHTwOVoro35xEIq3nKn+TmUc3Fc8lorVcgEmsi+oKyF4owxN62uznT/y5NM79VIjowjJKcdYMigKasRISAKjGfxt7Q9PeAdtCRY+2qGpWvOQIq1pfz2fgeWwwo0aZ76ztkKnI9ASIZfKYbcN52NFCjKSn717ibyj X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:13:24.0710 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1602 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/platform/efi/efi_64.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 2d8674d..9a76ed8 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -45,6 +45,7 @@ #include #include #include +#include /* * We allocate runtime services regions bottom-up, starting from -4G, i.e. @@ -286,7 +287,10 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) * as trim_bios_range() will reserve the first page and isolate it away * from memory allocators anyway. */ - if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, _PAGE_RW)) { + pf = _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, pf)) { pr_err("Failed to create 1:1 mapping for the first page!\n"); return 1; } @@ -329,6 +333,9 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va) if (!(md->attribute & EFI_MEMORY_WB)) flags |= _PAGE_PCD; + if (sev_active()) + flags |= _PAGE_ENC; + pfn = md->phys_addr >> PAGE_SHIFT; if (kernel_map_pages_in_pgd(pgd, pfn, va, md->num_pages, flags)) pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n", @@ -455,6 +462,9 @@ static int __init efi_update_mem_attr(struct mm_struct *mm, efi_memory_desc_t *m if (!(md->attribute & EFI_MEMORY_RO)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + return efi_update_mappings(md, pf); } @@ -506,6 +516,9 @@ void __init efi_runtime_update_mappings(void) (md->type != EFI_RUNTIME_SERVICES_CODE)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + efi_update_mappings(md, pf); } }