From: Thomas Gleixner <tglx@linutronix.de>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-efi@vger.kernel.org,
"Brijesh Singh" <brijesh.singh@amd.com>,
kvm@vger.kernel.org, "Radim Krčmář" <rkrcmar@redhat.com>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
x86@kernel.org, linux-mm@kvack.org,
"Alexander Potapenko" <glider@google.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Larry Woodman" <lwoodman@redhat.com>,
linux-arch@vger.kernel.org,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Joerg Roedel" <joro@8bytes.org>,
linux-doc@vger.kernel.org, kasan-dev@googlegroups.com,
"Ingo Molnar" <mingo@redhat.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Dave Young" <dyoung@redhat.com>,
"Rik van Riel" <riel@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
xen-devel@lists.xen.org, iommu@lists.linux-foundation.org,
"Michael S. Tsirkin" <mst@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
Date: Tue, 18 Jul 2017 14:03:53 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.20.1707181402340.1945@nanos> (raw)
In-Reply-To: <cover.1500319216.git.thomas.lendacky@amd.com>
On Mon, 17 Jul 2017, Tom Lendacky wrote:
> This patch series provides support for AMD's new Secure Memory Encryption (SME)
> feature.
>
> SME can be used to mark individual pages of memory as encrypted through the
> page tables. A page of memory that is marked encrypted will be automatically
> decrypted when read from DRAM and will be automatically encrypted when
> written to DRAM. Details on SME can found in the links below.
>
> The SME feature is identified through a CPUID function and enabled through
> the SYSCFG MSR. Once enabled, page table entries will determine how the
> memory is accessed. If a page table entry has the memory encryption mask set,
> then that memory will be accessed as encrypted memory. The memory encryption
> mask (as well as other related information) is determined from settings
> returned through the same CPUID function that identifies the presence of the
> feature.
>
> The approach that this patch series takes is to encrypt everything possible
> starting early in the boot where the kernel is encrypted. Using the page
> table macros the encryption mask can be incorporated into all page table
> entries and page allocations. By updating the protection map, userspace
> allocations are also marked encrypted. Certain data must be accounted for
> as having been placed in memory before SME was enabled (EFI, initrd, etc.)
> and accessed accordingly.
>
> This patch series is a pre-cursor to another AMD processor feature called
> Secure Encrypted Virtualization (SEV). The support for SEV will build upon
> the SME support and will be submitted later. Details on SEV can be found
> in the links below.
Well done series. Thanks to all people involved, especially Tom and Boris!
It was a pleasure to review that.
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2017-07-18 12:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 21:09 [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-07-18 10:58 ` [tip:x86/mm] " tip-bot for Tom Lendacky
2017-07-18 12:03 ` Thomas Gleixner [this message]
2017-07-18 14:02 ` [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1707181402340.1945@nanos \
--to=tglx@linutronix.de \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox