From: Tom Lendacky <thomas.lendacky-5C7GfCeVMHo@public.gmane.org>
To: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Brijesh Singh" <brijesh.singh-5C7GfCeVMHo@public.gmane.org>,
kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Radim Krčmář" <rkrcmar-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Matt Fleming"
<matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org,
"Alexander Potapenko"
<glider-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
"Larry Woodman"
<lwoodman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Toshimitsu Kani" <toshi.kani-ZPxbGqLxI0U@public.gmane.org>,
"Jonathan Corbet" <corbet-T1hC0tSOHrs@public.gmane.org>,
linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org,
"Ingo Molnar" <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Andrey Ryabinin"
<aryabinin-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org>,
"Dave Young" <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Rik van Riel" <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Arnd Bergmann" <arnd-r2nGTMty4D4@public.gmane.org>,
"Borislav Petkov" <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>,
"Andy Lutomirski" <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
"Boris Ostrovsky"
<boris.ostrovsky-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
"Dmitry Vyukov" <dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
"Juergen Gross" <jgross-IBi9RG/b67k@public.gmane.org>,
kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-kernel@vg
Subject: Re: [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
Date: Tue, 18 Jul 2017 09:02:08 -0500 [thread overview]
Message-ID: <d43d315c-6797-b51e-58a8-05b5f98951d0@amd.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1707181402340.1945@nanos>
On 7/18/2017 7:03 AM, Thomas Gleixner wrote:
> On Mon, 17 Jul 2017, Tom Lendacky wrote:
>> This patch series provides support for AMD's new Secure Memory Encryption (SME)
>> feature.
>>
>> SME can be used to mark individual pages of memory as encrypted through the
>> page tables. A page of memory that is marked encrypted will be automatically
>> decrypted when read from DRAM and will be automatically encrypted when
>> written to DRAM. Details on SME can found in the links below.
>>
>> The SME feature is identified through a CPUID function and enabled through
>> the SYSCFG MSR. Once enabled, page table entries will determine how the
>> memory is accessed. If a page table entry has the memory encryption mask set,
>> then that memory will be accessed as encrypted memory. The memory encryption
>> mask (as well as other related information) is determined from settings
>> returned through the same CPUID function that identifies the presence of the
>> feature.
>>
>> The approach that this patch series takes is to encrypt everything possible
>> starting early in the boot where the kernel is encrypted. Using the page
>> table macros the encryption mask can be incorporated into all page table
>> entries and page allocations. By updating the protection map, userspace
>> allocations are also marked encrypted. Certain data must be accounted for
>> as having been placed in memory before SME was enabled (EFI, initrd, etc.)
>> and accessed accordingly.
>>
>> This patch series is a pre-cursor to another AMD processor feature called
>> Secure Encrypted Virtualization (SEV). The support for SEV will build upon
>> the SME support and will be submitted later. Details on SEV can be found
>> in the links below.
>
> Well done series. Thanks to all people involved, especially Tom and Boris!
> It was a pleasure to review that.
>
> Reviewed-by: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
A big thanks from me to everyone that helped review this. I truly
appreciate all the time that everyone put into this - especially Boris,
who helped guide this series from the start.
Thanks,
Tom
>
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
linux-doc@vger.kernel.org, linux-mm@kvack.org,
kvm@vger.kernel.org, kasan-dev@googlegroups.com,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Alexander Potapenko" <glider@google.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Rik van Riel" <riel@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Dave Young" <dyoung@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
iommu@lists.linux-foundation.org,
"Joerg Roedel" <joro@8bytes.org>,
kexec@lists.infradead.org, xen-devel@lists.xen.org,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Juergen Gross" <jgross@suse.com>
Subject: Re: [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
Date: Tue, 18 Jul 2017 09:02:08 -0500 [thread overview]
Message-ID: <d43d315c-6797-b51e-58a8-05b5f98951d0@amd.com> (raw)
Message-ID: <20170718140208.mfl5fQ2cPWs0dZWsGK_TihNTKqKYuzOxOJSOtY2kGtk@z> (raw)
In-Reply-To: <alpine.DEB.2.20.1707181402340.1945@nanos>
On 7/18/2017 7:03 AM, Thomas Gleixner wrote:
> On Mon, 17 Jul 2017, Tom Lendacky wrote:
>> This patch series provides support for AMD's new Secure Memory Encryption (SME)
>> feature.
>>
>> SME can be used to mark individual pages of memory as encrypted through the
>> page tables. A page of memory that is marked encrypted will be automatically
>> decrypted when read from DRAM and will be automatically encrypted when
>> written to DRAM. Details on SME can found in the links below.
>>
>> The SME feature is identified through a CPUID function and enabled through
>> the SYSCFG MSR. Once enabled, page table entries will determine how the
>> memory is accessed. If a page table entry has the memory encryption mask set,
>> then that memory will be accessed as encrypted memory. The memory encryption
>> mask (as well as other related information) is determined from settings
>> returned through the same CPUID function that identifies the presence of the
>> feature.
>>
>> The approach that this patch series takes is to encrypt everything possible
>> starting early in the boot where the kernel is encrypted. Using the page
>> table macros the encryption mask can be incorporated into all page table
>> entries and page allocations. By updating the protection map, userspace
>> allocations are also marked encrypted. Certain data must be accounted for
>> as having been placed in memory before SME was enabled (EFI, initrd, etc.)
>> and accessed accordingly.
>>
>> This patch series is a pre-cursor to another AMD processor feature called
>> Secure Encrypted Virtualization (SEV). The support for SEV will build upon
>> the SME support and will be submitted later. Details on SEV can be found
>> in the links below.
>
> Well done series. Thanks to all people involved, especially Tom and Boris!
> It was a pleasure to review that.
>
> Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
A big thanks from me to everyone that helped review this. I truly
appreciate all the time that everyone put into this - especially Boris,
who helped guide this series from the start.
Thanks,
Tom
>
next prev parent reply other threads:[~2017-07-18 14:02 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 21:09 [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:09 ` [PATCH v10 01/38] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:09 ` [PATCH v10 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-07-17 21:09 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 05/38] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 06/38] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 07/38] x86/mm: Remove phys_to_virt() usage in ioremap() Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 08/38] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 09/38] x86/mm: Simplify p[g4um]d_page() macros Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 10/38] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 11/38] x86/mm: Add SME support for read_cr3_pa() Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 12/38] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 13/38] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 14/38] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 15/38] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 16/38] efi: Add an EFI table address match function Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 17/38] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 18/38] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 19/38] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-11-03 15:12 ` Tomeu Vizoso
2017-11-03 15:12 ` Tomeu Vizoso
2017-11-03 15:31 ` Tom Lendacky
2017-11-03 15:31 ` Tom Lendacky
2017-11-06 7:13 ` Tomeu Vizoso
2017-11-06 7:13 ` Tomeu Vizoso
2017-07-17 21:10 ` [PATCH v10 21/38] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 22/38] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 24/38] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 25/38] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
[not found] ` <cover.1500319216.git.thomas.lendacky-5C7GfCeVMHo@public.gmane.org>
2017-07-17 21:10 ` [PATCH v10 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 28/38] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 32/38] xen/x86: Remove SME feature in PV guests Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 33/38] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4 Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 35/38] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 36/38] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-18 9:36 ` Ingo Molnar
2017-07-18 9:36 ` Ingo Molnar
2017-07-18 13:56 ` Tom Lendacky
2017-07-18 13:56 ` Tom Lendacky
2017-07-17 21:10 ` [PATCH v10 38/38] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-07-17 21:10 ` Tom Lendacky
2017-07-18 12:03 ` [PATCH v10 00/38] x86: Secure Memory Encryption (AMD) Thomas Gleixner
2017-07-18 12:03 ` Thomas Gleixner
2017-07-18 14:02 ` Tom Lendacky [this message]
2017-07-18 14:02 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d43d315c-6797-b51e-58a8-05b5f98951d0@amd.com \
--to=thomas.lendacky-5c7gfcevmho@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=aryabinin-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org \
--cc=boris.ostrovsky-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org \
--cc=brijesh.singh-5C7GfCeVMHo@public.gmane.org \
--cc=corbet-T1hC0tSOHrs@public.gmane.org \
--cc=dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=glider-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=jgross-IBi9RG/b67k@public.gmane.org \
--cc=kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
--cc=kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel@vg \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=lwoodman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=rkrcmar-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=toshi.kani-ZPxbGqLxI0U@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).