aca20d5462
Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encryption is to be activated, then the encryption mask is set and the kernel is encrypted "in place." Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Dave Young <dyoung@redhat.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Larry Woodman <lwoodman@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Matt Fleming <matt@codeblueprint.co.uk> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Toshimitsu Kani <toshi.kani@hpe.com> Cc: kasan-dev@googlegroups.com Cc: kvm@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-efi@vger.kernel.org Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/5f0da2fd4cce63f556117549e2c89c170072209f.1500319216.git.thomas.lendacky@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
81 lines
2.3 KiB
C
81 lines
2.3 KiB
C
/*
|
|
* AMD Memory Encryption Support
|
|
*
|
|
* Copyright (C) 2016 Advanced Micro Devices, Inc.
|
|
*
|
|
* Author: Tom Lendacky <thomas.lendacky@amd.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
|
|
#ifndef __X86_MEM_ENCRYPT_H__
|
|
#define __X86_MEM_ENCRYPT_H__
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <asm/bootparam.h>
|
|
|
|
#ifdef CONFIG_AMD_MEM_ENCRYPT
|
|
|
|
extern unsigned long sme_me_mask;
|
|
|
|
void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr,
|
|
unsigned long decrypted_kernel_vaddr,
|
|
unsigned long kernel_len,
|
|
unsigned long encryption_wa,
|
|
unsigned long encryption_pgd);
|
|
|
|
void __init sme_early_encrypt(resource_size_t paddr,
|
|
unsigned long size);
|
|
void __init sme_early_decrypt(resource_size_t paddr,
|
|
unsigned long size);
|
|
|
|
void __init sme_map_bootdata(char *real_mode_data);
|
|
void __init sme_unmap_bootdata(char *real_mode_data);
|
|
|
|
void __init sme_early_init(void);
|
|
|
|
void __init sme_encrypt_kernel(void);
|
|
void __init sme_enable(struct boot_params *bp);
|
|
|
|
/* Architecture __weak replacement functions */
|
|
void __init mem_encrypt_init(void);
|
|
|
|
void swiotlb_set_mem_attributes(void *vaddr, unsigned long size);
|
|
|
|
#else /* !CONFIG_AMD_MEM_ENCRYPT */
|
|
|
|
#define sme_me_mask 0UL
|
|
|
|
static inline void __init sme_early_encrypt(resource_size_t paddr,
|
|
unsigned long size) { }
|
|
static inline void __init sme_early_decrypt(resource_size_t paddr,
|
|
unsigned long size) { }
|
|
|
|
static inline void __init sme_map_bootdata(char *real_mode_data) { }
|
|
static inline void __init sme_unmap_bootdata(char *real_mode_data) { }
|
|
|
|
static inline void __init sme_early_init(void) { }
|
|
|
|
static inline void __init sme_encrypt_kernel(void) { }
|
|
static inline void __init sme_enable(struct boot_params *bp) { }
|
|
|
|
#endif /* CONFIG_AMD_MEM_ENCRYPT */
|
|
|
|
/*
|
|
* The __sme_pa() and __sme_pa_nodebug() macros are meant for use when
|
|
* writing to or comparing values from the cr3 register. Having the
|
|
* encryption mask set in cr3 enables the PGD entry to be encrypted and
|
|
* avoid special case handling of PGD allocations.
|
|
*/
|
|
#define __sme_pa(x) (__pa(x) | sme_me_mask)
|
|
#define __sme_pa_nodebug(x) (__pa_nodebug(x) | sme_me_mask)
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#endif /* __X86_MEM_ENCRYPT_H__ */
|