Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7744ccdb authored by Tom Lendacky's avatar Tom Lendacky Committed by Ingo Molnar
Browse files

x86/mm: Add Secure Memory Encryption (SME) support 



Add support for Secure Memory Encryption (SME). This initial support
provides a Kconfig entry to build the SME support into the kernel and
defines the memory encryption mask that will be used in subsequent
patches to mark pages as encrypted.

Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Toshimitsu Kani <toshi.kani@hpe.com>
Cc: kasan-dev@googlegroups.com
Cc: kvm@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-efi@vger.kernel.org
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/a6c34d16caaed3bc3e2d6f0987554275bd291554.1500319216.git.thomas.lendacky@amd.com


Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 9af9b940

arch/x86/Kconfig

+25 −0
Original line number Diff line number Diff line
@@ -1415,6 +1415,31 @@ config X86_DIRECT_GBPAGES 
	  supports them), so don't confuse the user by printing

	  that we have them enabled.



config ARCH_HAS_MEM_ENCRYPT

	def_bool y



config AMD_MEM_ENCRYPT

	bool "AMD Secure Memory Encryption (SME) support"

	depends on X86_64 && CPU_SUP_AMD

	---help---

	  Say yes to enable support for the encryption of system memory.

	  This requires an AMD processor that supports Secure Memory

	  Encryption (SME).



config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT

	bool "Activate AMD Secure Memory Encryption (SME) by default"

	default y

	depends on AMD_MEM_ENCRYPT

	---help---

	  Say yes to have system memory encrypted by default if running on

	  an AMD processor that supports Secure Memory Encryption (SME).



	  If set to Y, then the encryption of system memory can be

	  deactivated with the mem_encrypt=off command line option.



	  If set to N, then the encryption of system memory can be

	  activated with the mem_encrypt=on command line option.



# Common NUMA Features

config NUMA

	bool "Numa Memory Allocation and Scheduler Support"

arch/x86/include/asm/mem_encrypt.h

0 → 100644
+30 −0
Original line number Diff line number Diff line 
/*

 * AMD Memory Encryption Support

 *

 * Copyright (C) 2016 Advanced Micro Devices, Inc.

 *

 * Author: Tom Lendacky <thomas.lendacky@amd.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */



#ifndef __X86_MEM_ENCRYPT_H__

#define __X86_MEM_ENCRYPT_H__



#ifndef __ASSEMBLY__



#ifdef CONFIG_AMD_MEM_ENCRYPT



extern unsigned long sme_me_mask;



#else	/* !CONFIG_AMD_MEM_ENCRYPT */



#define sme_me_mask	0UL



#endif	/* CONFIG_AMD_MEM_ENCRYPT */



#endif	/* __ASSEMBLY__ */



#endif	/* __X86_MEM_ENCRYPT_H__ */

arch/x86/mm/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -39,3 +39,4 @@ obj-$(CONFIG_X86_INTEL_MPX) += mpx.o 
obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o

obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o



obj-$(CONFIG_AMD_MEM_ENCRYPT)	+= mem_encrypt.o

arch/x86/mm/mem_encrypt.c

0 → 100644
+21 −0
Original line number Diff line number Diff line 
/*

 * AMD Memory Encryption Support

 *

 * Copyright (C) 2016 Advanced Micro Devices, Inc.

 *

 * Author: Tom Lendacky <thomas.lendacky@amd.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */



#include <linux/linkage.h>



/*

 * Since SME related variables are set early in the boot process they must

 * reside in the .data section so as not to be zeroed out when the .bss

 * section is later cleared.

 */

unsigned long sme_me_mask __section(.data) = 0;

EXPORT_SYMBOL_GPL(sme_me_mask);

include/linux/mem_encrypt.h

0 → 100644
+35 −0
Original line number Diff line number Diff line 
/*

 * AMD Memory Encryption Support

 *

 * Copyright (C) 2016 Advanced Micro Devices, Inc.

 *

 * Author: Tom Lendacky <thomas.lendacky@amd.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */



#ifndef __MEM_ENCRYPT_H__

#define __MEM_ENCRYPT_H__



#ifndef __ASSEMBLY__



#ifdef CONFIG_ARCH_HAS_MEM_ENCRYPT



#include <asm/mem_encrypt.h>



#else	/* !CONFIG_ARCH_HAS_MEM_ENCRYPT */



#define sme_me_mask	0UL



#endif	/* CONFIG_ARCH_HAS_MEM_ENCRYPT */



static inline bool sme_active(void)

{

	return !!sme_me_mask;

}



#endif	/* __ASSEMBLY__ */



#endif	/* __MEM_ENCRYPT_H__ */