[PATCH v4 3/3] x86/efistub: Don't bother enabling SEV in the EFI stub

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
	 Ard Biesheuvel <ardb@kernel.org>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	 Borislav Petkov <bp@alien8.de>
Subject: [PATCH v4 3/3] x86/efistub: Don't bother enabling SEV in the EFI stub
Date: Tue,  9 Sep 2025 10:06:35 +0200	[thread overview]
Message-ID: <20250909080631.2867579-8-ardb+git@google.com> (raw)
In-Reply-To: <20250909080631.2867579-5-ardb+git@google.com>

From: Ard Biesheuvel <ardb@kernel.org>

One of the last things the EFI stub does before handing over to the core
kernel when booting as a SEV guest is enabling SEV, even though this is
mostly redundant: one of the first things the core kernel does is
calling sme_enable(), after setting up the early GDT and IDT but before
even setting up the kernel page tables. sme_enable() performs the same
SEV-SNP initialization that the decompressor performs in sev_enable().

So let's just drop this call to sev_enable(), and rely on the core
kernel to initiaize SEV correctly.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/include/asm/sev.h              | 2 --
 drivers/firmware/efi/libstub/x86-stub.c | 6 ------
 2 files changed, 8 deletions(-)

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index d7be1ff3f7e0..b017e1dab705 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -462,7 +462,6 @@ static __always_inline void sev_es_nmi_complete(void)
 		__sev_es_nmi_complete();
 }
 extern int __init sev_es_efi_map_ghcbs_cas(pgd_t *pgd);
-extern void sev_enable(struct boot_params *bp);
 
 /*
  * RMPADJUST modifies the RMP permissions of a page of a lesser-
@@ -588,7 +587,6 @@ static inline void sev_es_ist_exit(void) { }
 static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; }
 static inline void sev_es_nmi_complete(void) { }
 static inline int sev_es_efi_map_ghcbs_cas(pgd_t *pgd) { return 0; }
-static inline void sev_enable(struct boot_params *bp) { }
 static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { return 0; }
 static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { return 0; }
 static inline void setup_ghcb(void) { }
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index c4ef645762ec..354bc3901193 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -938,12 +938,6 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
 		goto fail;
 	}
 
-	/*
-	 * Call the SEV init code while still running with the firmware's
-	 * GDT/IDT, so #VC exceptions will be handled by EFI.
-	 */
-	sev_enable(boot_params);
-
 	efi_5level_switch();
 
 	enter_kernel(kernel_entry, boot_params);
-- 
2.51.0.384.g4c02a37b29-goog

next prev parent reply	other threads:[~2025-09-09  8:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-09  8:06 [PATCH v4 0/3] efi: Don't initalize SEV-SNP from the EFI stub Ard Biesheuvel
2025-09-09  8:06 ` [PATCH v4 1/3] x86/boot: Drop unused sev_enable() fallback Ard Biesheuvel
2025-09-11 21:35   ` Tom Lendacky
2025-11-20 20:26   ` [tip: x86/sev] " tip-bot2 for Ard Biesheuvel
2025-09-09  8:06 ` [PATCH v4 2/3] x86/efistub: Obtain SEV CC blob address from the stub Ard Biesheuvel
2025-09-11 21:27   ` Tom Lendacky
2025-09-11 21:49     ` Ard Biesheuvel
2025-09-09  8:06 ` Ard Biesheuvel [this message]
2025-09-11 21:53   ` [PATCH v4 3/3] x86/efistub: Don't bother enabling SEV in the EFI stub Tom Lendacky
2025-09-12  7:29     ` Ard Biesheuvel
2025-09-12  8:26       ` Ard Biesheuvel
2025-09-12 13:32         ` Tom Lendacky
2025-09-15 16:08           ` Borislav Petkov
2025-09-12 20:34 ` Ashish Kalra
2025-09-12 22:22   ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d7be1ff3f7e dfblob:b017e1dab70 dfblob:c4ef645762e
dfblob:354bc390119 )
 OR (
bs:"[PATCH v4 3/3] x86/efistub: Don't bother enabling SEV in the EFI stub" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250909080631.2867579-8-ardb+git@google.com \
    --to=ardb+git@google.com \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.