Re: [RFC PATCH v2 09/20] x86: Add support for early encryption/decryption of memory

From: Borislav Petkov
Date: Tue Sep 06 2016 - 12:13:12 EST

Next message: Sebastian Andrzej Siewior: "Re: [tip:smp/hotplug 15/27] kernel/cpu.c:1282:3: error: 'CPUHP_SLAB_PREPARE' undeclared here (not in a function)"
Previous message: Jes Sorensen: "Re: [PATCH 0/5] Some cleanup patches for drivers/staging/rtl8723au/core/rtw_mlme.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 22, 2016 at 05:37:10PM -0500, Tom Lendacky wrote:
> This adds support to be able to either encrypt or decrypt data during
> the early stages of booting the kernel. This does not change the memory
> encryption attribute - it is used for ensuring that data present in
> either an encrypted or un-encrypted memory area is in the proper state
> (for example the initrd will have been loaded by the boot loader and
> will not be encrypted, but the memory that it resides in is marked as
> encrypted).
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> ---

...

> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 00eb705..f35a646 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -14,6 +14,107 @@
> #include <linux/mm.h>
>
> #include <asm/mem_encrypt.h>
> +#include <asm/tlbflush.h>
> +#include <asm/fixmap.h>
> +
> +/* Buffer used for early in-place encryption by BSP, no locking needed */
> +static char me_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE);
> +
> +/*
> + * This routine does not change the underlying encryption setting of the
> + * page(s) that map this memory. It assumes that eventually the memory is
> + * meant to be accessed as encrypted but the contents are currently not
> + * encyrpted.

s/encyrpted/encrypted/

Ditto below.

> + */
> +void __init sme_early_mem_enc(resource_size_t paddr, unsigned long size)
> +{
> + void *src, *dst;
> + size_t len;
> +
> + if (!sme_me_mask)
> + return;
> +
> + local_flush_tlb();
> + wbinvd();
> +
> + /*
> + * There are limited number of early mapping slots, so map (at most)
> + * one page at time.
> + */
> + while (size) {
> + len = min_t(size_t, sizeof(me_early_buffer), size);
> +
> + /* Create a mapping for non-encrypted write-protected memory */
> + src = early_memremap_dec_wp(paddr, len);
> +
> + /* Create a mapping for encrypted memory */
> + dst = early_memremap_enc(paddr, len);
> +
> + /*
> + * If a mapping can't be obtained to perform the encryption,
> + * then encrypted access to that area will end up causing
> + * a crash.
> + */
> + BUG_ON(!src || !dst);
> +
> + memcpy(me_early_buffer, src, len);
> + memcpy(dst, me_early_buffer, len);
> +
> + early_memunmap(dst, len);
> + early_memunmap(src, len);
> +
> + paddr += len;
> + size -= len;
> + }
> +}
> +
> +/*
> + * This routine does not change the underlying encryption setting of the
> + * page(s) that map this memory. It assumes that eventually the memory is
> + * meant to be accessed as not encrypted but the contents are currently
> + * encyrpted.
> + */
> +void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size)
> +{

...

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.

Next message: Sebastian Andrzej Siewior: "Re: [tip:smp/hotplug 15/27] kernel/cpu.c:1282:3: error: 'CPUHP_SLAB_PREPARE' undeclared here (not in a function)"
Previous message: Jes Sorensen: "Re: [PATCH 0/5] Some cleanup patches for drivers/staging/rtl8723au/core/rtw_mlme.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]