[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Tom Lendacky <thomas.lendacky@amd.com>,
	Nikunj A Dadhania <nikunj@amd.com>,
	Larry.Dewey@amd.com, linux-kernel@vger.kernel.org,
	linux-coco@lists.linux.dev, Juergen Gross <jgross@suse.com>,
	kirill.shutemov@linux.intel.com, alexey.gladkov@intel.com,
	Joerg Roedel <jroedel@suse.de>
Subject: [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS
Date: Wed, 12 Mar 2025 15:41:07 +0100	[thread overview]
Message-ID: <20250312144107.108451-3-joro@8bytes.org> (raw)
In-Reply-To: <20250312144107.108451-1-joro@8bytes.org>

From: Joerg Roedel <jroedel@suse.de>

Current user-space tooling which needs access to the SEV_STATUS MSR is
using the MSR module. The use of this module poses a security risk in
any trusted execution environment and is generally discouraged.

Instead, provide an file in SYSFS in the /sys/hypervisor/sev/
directory to provide the value of the SEV_STATUS MSR to user-space.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 Documentation/ABI/testing/sysfs-hypervisor | 5 +++++
 arch/x86/coco/sev/core.c                   | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/Documentation/ABI/testing/sysfs-hypervisor b/Documentation/ABI/testing/sysfs-hypervisor
index aca8b02c878c..54c80899c19c 100644
--- a/Documentation/ABI/testing/sysfs-hypervisor
+++ b/Documentation/ABI/testing/sysfs-hypervisor
@@ -1,5 +1,6 @@
 What:		/sys/devices/system/cpu/sev
 		/sys/devices/system/cpu/sev/vmpl
+		/sys/devices/system/cpu/sev/sev_status
 Date:		May 2024
 Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>
 Description:	Secure Encrypted Virtualization (SEV) information
@@ -8,3 +9,7 @@ Description:	Secure Encrypted Virtualization (SEV) information
 
 		vmpl: Reports the Virtual Machine Privilege Level (VMPL) at which
 		      the SEV-SNP guest is running.
+
+		sev_status: Reports the value of the SEV_STATUS MSR which
+		            enumerates the enabled features of an SEV-SNP
+			    environment.
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 51a04a19449b..3e834ce9badc 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -2678,10 +2678,19 @@ static ssize_t vmpl_show(struct kobject *kobj,
 	return sysfs_emit(buf, "%d\n", snp_vmpl);
 }
 
+static ssize_t sev_status_show(struct kobject *kobj,
+			       struct kobj_attribute *attr, char *buf)
+{
+	return sysfs_emit(buf, "%llx\n", sev_status);
+}
+
 static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
+static struct kobj_attribute sev_status_attr = __ATTR_RO(sev_status);
+
 
 static struct attribute *vmpl_attrs[] = {
 	&vmpl_attr.attr,
+	&sev_status_attr.attr,
 	NULL
 };
 
-- 
2.48.1

next prev parent reply	other threads:[~2025-03-12 14:41 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-12 14:41 [PATCH 0/2 v2] Move SEV sysfs information and expose MSR_SEV_STATUS Joerg Roedel
2025-03-12 14:41 ` [PATCH 1/2] x86/coco/sev: Move SEV SYSFS group to /sys/hypervisor/ Joerg Roedel
2025-03-12 15:11   ` Tom Lendacky
2025-03-12 15:13     ` Joerg Roedel
2025-03-12 15:32   ` Liam Merwick
2025-03-12 15:43     ` Joerg Roedel
2025-03-12 14:41 ` Joerg Roedel [this message]
2025-03-12 14:46   ` [PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS Tom Lendacky
2025-03-12 14:56     ` Joerg Roedel
2025-03-12 14:57   ` Dave Hansen
2025-03-12 15:07     ` Joerg Roedel
2025-03-12 16:04       ` Dave Hansen
2025-03-12 16:19         ` Joerg Roedel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:aca8b02c878 dfblob:54c80899c19 dfblob:51a04a19449
dfblob:3e834ce9bad )
 OR (
bs:"[PATCH 2/2] x86/sev: Make SEV_STATUS available via SYSFS" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250312144107.108451-3-joro@8bytes.org \
    --to=joro@8bytes.org \
    --cc=Larry.Dewey@amd.com \
    --cc=alexey.gladkov@intel.com \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=jroedel@suse.de \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nikunj@amd.com \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.