Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 998eec06 authored by Tom Lendacky's avatar Tom Lendacky Committed by Greg Kroah-Hartman
Browse files

x86/cpufeatures: Add SEV-ES CPU feature 



commit 360e7c5c4ca4fd8e627781ed42f95d58bc3bb732 upstream.

Add CPU feature detection for Secure Encrypted Virtualization with
Encrypted State. This feature enhances SEV by also encrypting the
guest register state, making it in-accessible to the hypervisor.

Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200907131613.12703-6-joro@8bytes.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3e21d8b0

arch/x86/include/asm/cpufeatures.h

+1 −0
Original line number Diff line number Diff line
@@ -235,6 +235,7 @@ 
#define X86_FEATURE_EPT_AD		( 8*32+17) /* Intel Extended Page Table access-dirty bit */

#define X86_FEATURE_VMCALL		( 8*32+18) /* "" Hypervisor supports the VMCALL instruction */

#define X86_FEATURE_VMW_VMMCALL		( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */

#define X86_FEATURE_SEV_ES		( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */



/* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */

#define X86_FEATURE_FSGSBASE		( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/

arch/x86/kernel/cpu/amd.c

+2 −1
Original line number Diff line number Diff line
@@ -663,7 +663,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) 
	 *	      If BIOS has not enabled SME then don't advertise the

	 *	      SME feature (set in scattered.c).

	 *   For SEV: If BIOS has not enabled SEV then don't advertise the

	 *            SEV feature (set in scattered.c).

	 *            SEV and SEV_ES feature (set in scattered.c).

	 *

	 *   In all cases, since support for SME and SEV requires long mode,

	 *   don't advertise the feature under CONFIG_X86_32.
@@ -694,6 +694,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) 
		setup_clear_cpu_cap(X86_FEATURE_SME);

clear_sev:

		setup_clear_cpu_cap(X86_FEATURE_SEV);

		setup_clear_cpu_cap(X86_FEATURE_SEV_ES);

	}

}

arch/x86/kernel/cpu/scattered.c

+1 −0
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ static const struct cpuid_bit cpuid_bits[] = { 
	{ X86_FEATURE_MBA,		CPUID_EBX,  6, 0x80000008, 0 },

	{ X86_FEATURE_SME,		CPUID_EAX,  0, 0x8000001f, 0 },

	{ X86_FEATURE_SEV,		CPUID_EAX,  1, 0x8000001f, 0 },

	{ X86_FEATURE_SEV_ES,		CPUID_EAX,  3, 0x8000001f, 0 },

	{ X86_FEATURE_SME_COHERENT,	CPUID_EAX, 10, 0x8000001f, 0 },

	{ 0, 0, 0, 0, 0 }

};