From: Dave Hansen <dave.hansen@intel.com>
To: Joerg Roedel <joro@8bytes.org>, x86@kernel.org
Cc: Joerg Roedel <jroedel@suse.de>,
hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Jiri Slaby <jslaby@suse.cz>,
Dan Williams <dan.j.williams@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Juergen Gross <jgross@suse.com>,
Kees Cook <keescook@chromium.org>,
David Rientjes <rientjes@google.com>,
Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mike Stunes <mstunes@vmware.com>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Martin Radev <martin.b.radev@gmail.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org
Subject: Re: [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in 32-bit boot-path
Date: Wed, 10 Feb 2021 08:25:11 -0800 [thread overview]
Message-ID: <0526b64e-8ef0-2e3c-06a7-e07835be160c@intel.com> (raw)
In-Reply-To: <20210210102135.30667-7-joro@8bytes.org>
On 2/10/21 2:21 AM, Joerg Roedel wrote:
> +1: rdrand %eax
> + jnc 1b
> +2: rdrand %ebx
> + jnc 2b
> +
> + /* Store to memory and keep it in the registers */
> + movl %eax, rva(sev_check_data)(%ebp)
> + movl %ebx, rva(sev_check_data+4)(%ebp)
> +
> + /* Enable paging to see if encryption is active */
> + movl %cr0, %edx /* Backup %cr0 in %edx */
> + movl $(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
> + movl %ecx, %cr0
> +
> + cmpl %eax, rva(sev_check_data)(%ebp)
> + jne 3f
> + cmpl %ebx, rva(sev_check_data+4)(%ebp)
> + jne 3f
> +
> + movl %edx, %cr0 /* Restore previous %cr0 */
> +
> + jmp 4f
This is all very cute. But, if this fails, it means that the .data
section is now garbage, right?. I guess failing here is less
entertaining than trying to run the kernel with random garbage in .data,
but it doesn't make it very far either way, right?
Why bother with rdrand, though? Couldn't you just pick any old piece of
.data and compare before and after?
next prev parent reply other threads:[~2021-02-10 16:26 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 10:21 [PATCH 0/7] x86/seves: Support 32-bit boot path and other updates Joerg Roedel
2021-02-10 10:21 ` [PATCH 1/7] x86/boot/compressed/64: Cleanup exception handling before booting kernel Joerg Roedel
2021-02-10 10:21 ` [PATCH 2/7] x86/boot/compressed/64: Reload CS in startup_32 Joerg Roedel
2021-02-10 10:21 ` [PATCH 3/7] x86/boot/compressed/64: Setup IDT in startup_32 boot path Joerg Roedel
2021-02-24 10:49 ` Borislav Petkov
2021-02-10 10:21 ` [PATCH 4/7] x86/boot/compressed/64: Add 32-bit boot #VC handler Joerg Roedel
2021-02-25 12:13 ` Borislav Petkov
2021-02-10 10:21 ` [PATCH 5/7] x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path Joerg Roedel
2021-02-10 10:21 ` [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in " Joerg Roedel
2021-02-10 16:25 ` Dave Hansen [this message]
2021-02-10 16:46 ` Joerg Roedel
2021-02-10 16:47 ` Dave Hansen
2021-02-10 20:44 ` Tom Lendacky
2021-03-02 19:43 ` Borislav Petkov
2021-03-09 10:02 ` Joerg Roedel
2021-02-10 10:21 ` [PATCH 7/7] x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() Joerg Roedel
2021-02-10 14:58 ` [PATCH 0/7] x86/seves: Support 32-bit boot path and other updates Konrad Rzeszutek Wilk
2021-02-10 15:12 ` Joerg Roedel
2021-02-10 15:19 ` Konrad Rzeszutek Wilk
2021-02-10 15:27 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0526b64e-8ef0-2e3c-06a7-e07835be160c@intel.com \
--to=dave.hansen@intel.com \
--cc=cfir@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mhiramat@kernel.org \
--cc=mstunes@vmware.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=sean.j.christopherson@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox