Re: [PATCH v2] x86/kernel: skip ROM range scans and validation for SEV-SNP guests

[Kevin Loughlin]

On Fri, Mar 8, 2024 at 3:44 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> On Fri, 8 Mar 2024 at 12:01, Borislav Petkov <bp@xxxxxxxxx> wrote:
> >
> > On Fri, Mar 08, 2024 at 11:30:50AM +0100, Ard Biesheuvel wrote:
> > > Agree with the analysis and the conclusion. However, this will need to
> > > be split into generic and x86 specific changes, given that the DMI
> > > code is shared between all architectures, and explicitly checking for
> > > SEV-SNP support in generic code is not appropriate.
> > >
> > > So what we will need is:
> >
> > I was actually thinking of:
> >
> >         x86_init.resources.probe_roms = snp_probe_roms;
> >
> > and snp_probe_roms() is an empty stub.
> >
> > Problem solved without ugly sprinkling of checks everywhere.
> >
>
> Indeed. Setting the override could be done in
> init_hypervisor_platform(), which is called right before from
> setup_arch().

The call to init_hypervisor_platform() has a comment saying it must
come after dmi_setup() (i.e., init_hypervisor_platform() would *not*
work for doing a dmi_setup() override), so I'm currently planning to
do the overrides at the end of snp_init() in arch/x86/kernel/sev.c
instead (which comes before both). This would be somewhat similar to
how there are early setup functions for specific platforms that
perform init overrides for different reasons (example:
x86_ce4100_early_setup()). Open to other locations of course.