From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Eduardo Habkost <ehabkost@redhat.com>,
Richard Henderson <rth@twiddle.net>,
Connor Kuehl <ckuehl@redhat.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jiri Slaby <jslaby@suse.cz>,
Marcelo Tosatti <mtosatti@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH v3 5/5] sev/i386: Enable an SEV-ES guest based on SEV policy
Date: Thu, 17 Sep 2020 16:34:29 +0100 [thread overview]
Message-ID: <20200917153429.GL2793@work-vm> (raw)
In-Reply-To: <8e560a8577066c07b5bf1e5993fbd6d697702384.1600205384.git.thomas.lendacky@amd.com>
* Tom Lendacky (thomas.lendacky@amd.com) wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> Update the sev_es_enabled() function return value to be based on the SEV
> policy that has been specified. SEV-ES is enabled if SEV is enabled and
> the SEV-ES policy bit is set in the policy object.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> target/i386/sev.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 6ddefc65fa..bcaadaa2f9 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -70,6 +70,8 @@ struct SevGuestState {
> #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
>
> +#define GUEST_POLICY_SEV_ES_BIT (1 << 2)
> +
I'm surprised that all the policy bits aren't defined in a header somewhere.
But other than that,
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> /* SEV Information Block GUID = 00f771de-1a7e-4fcb-890e-68c77e2fb44e */
> #define SEV_INFO_BLOCK_GUID \
> "\xde\x71\xf7\x00\x7e\x1a\xcb\x4f\x89\x0e\x68\xc7\x7e\x2f\xb4\x4e"
> @@ -375,7 +377,7 @@ sev_enabled(void)
> bool
> sev_es_enabled(void)
> {
> - return false;
> + return sev_enabled() && (sev_guest->policy & GUEST_POLICY_SEV_ES_BIT);
> }
>
> uint64_t
> --
> 2.28.0
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>,
Eduardo Habkost <ehabkost@redhat.com>,
kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
Connor Kuehl <ckuehl@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
Jiri Slaby <jslaby@suse.cz>, Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH v3 5/5] sev/i386: Enable an SEV-ES guest based on SEV policy
Date: Thu, 17 Sep 2020 16:34:29 +0100 [thread overview]
Message-ID: <20200917153429.GL2793@work-vm> (raw)
In-Reply-To: <8e560a8577066c07b5bf1e5993fbd6d697702384.1600205384.git.thomas.lendacky@amd.com>
* Tom Lendacky (thomas.lendacky@amd.com) wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> Update the sev_es_enabled() function return value to be based on the SEV
> policy that has been specified. SEV-ES is enabled if SEV is enabled and
> the SEV-ES policy bit is set in the policy object.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> target/i386/sev.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 6ddefc65fa..bcaadaa2f9 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -70,6 +70,8 @@ struct SevGuestState {
> #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
>
> +#define GUEST_POLICY_SEV_ES_BIT (1 << 2)
> +
I'm surprised that all the policy bits aren't defined in a header somewhere.
But other than that,
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> /* SEV Information Block GUID = 00f771de-1a7e-4fcb-890e-68c77e2fb44e */
> #define SEV_INFO_BLOCK_GUID \
> "\xde\x71\xf7\x00\x7e\x1a\xcb\x4f\x89\x0e\x68\xc7\x7e\x2f\xb4\x4e"
> @@ -375,7 +377,7 @@ sev_enabled(void)
> bool
> sev_es_enabled(void)
> {
> - return false;
> + return sev_enabled() && (sev_guest->policy & GUEST_POLICY_SEV_ES_BIT);
> }
>
> uint64_t
> --
> 2.28.0
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2020-09-17 15:43 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 21:29 [PATCH v3 0/5] Qemu SEV-ES guest support Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-15 21:29 ` [PATCH v3 1/5] sev/i386: Add initial support for SEV-ES Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-17 16:36 ` Dr. David Alan Gilbert
2020-09-17 16:36 ` Dr. David Alan Gilbert
2020-09-21 6:45 ` Dov Murik
2020-09-21 13:55 ` Tom Lendacky
2020-09-15 21:29 ` [PATCH v3 2/5] sev/i386: Require in-kernel irqchip support for SEV-ES guests Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-15 21:29 ` [PATCH v3 3/5] sev/i386: Allow AP booting under SEV-ES Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-16 9:23 ` Laszlo Ersek
2020-09-16 20:31 ` Tom Lendacky
2020-09-17 16:46 ` Dr. David Alan Gilbert
2020-09-17 16:46 ` Dr. David Alan Gilbert
2020-09-17 18:07 ` Tom Lendacky
2020-09-17 18:07 ` Tom Lendacky
2020-09-15 21:29 ` [PATCH v3 4/5] sev/i386: Don't allow a system reset under an SEV-ES guest Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-17 17:01 ` Dr. David Alan Gilbert
2020-09-17 17:01 ` Dr. David Alan Gilbert
2020-09-17 18:16 ` Tom Lendacky
2020-09-17 18:16 ` Tom Lendacky
2020-09-18 9:23 ` Dr. David Alan Gilbert
2020-09-18 9:23 ` Dr. David Alan Gilbert
2020-09-15 21:29 ` [PATCH v3 5/5] sev/i386: Enable an SEV-ES guest based on SEV policy Tom Lendacky
2020-09-15 21:29 ` Tom Lendacky
2020-09-17 15:34 ` Dr. David Alan Gilbert [this message]
2020-09-17 15:34 ` Dr. David Alan Gilbert
2020-09-17 16:07 ` Tom Lendacky
2020-09-17 16:07 ` Tom Lendacky
2020-09-17 16:11 ` Tom Lendacky
2020-09-17 16:11 ` Tom Lendacky
2020-09-17 17:28 ` [PATCH v3 0/5] Qemu SEV-ES guest support Dr. David Alan Gilbert
2020-09-17 17:28 ` Dr. David Alan Gilbert
2020-09-17 18:56 ` Tom Lendacky
2020-09-17 18:56 ` Tom Lendacky
2020-09-18 3:40 ` Sean Christopherson
2020-09-18 15:54 ` Tom Lendacky
2020-09-18 15:54 ` Tom Lendacky
2020-09-18 10:00 ` Dr. David Alan Gilbert
2020-09-18 10:00 ` Dr. David Alan Gilbert
2020-09-18 18:47 ` Tom Lendacky
2020-09-18 18:47 ` Tom Lendacky
2020-09-21 11:48 ` Dr. David Alan Gilbert
2020-09-21 11:48 ` Dr. David Alan Gilbert
2020-09-21 14:23 ` Tom Lendacky
2020-09-21 14:23 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200917153429.GL2793@work-vm \
--to=dgilbert@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=ckuehl@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jslaby@suse.cz \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.