[PATCH v2 1/4] x86/efistub: Obtain SEV CC blob address from the stub

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb+git@google.com>
To: linux-efi@vger.kernel.org
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, mingo@kernel.org,
	 Ard Biesheuvel <ardb@kernel.org>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	 Borislav Petkov <bp@alien8.de>,
	Dionna Amalie Glaze <dionnaglaze@google.com>,
	 Kevin Loughlin <kevinloughlin@google.com>
Subject: [PATCH v2 1/4] x86/efistub: Obtain SEV CC blob address from the stub
Date: Wed, 16 Apr 2025 18:57:45 +0200	[thread overview]
Message-ID: <20250416165743.4080995-7-ardb+git@google.com> (raw)
In-Reply-To: <20250416165743.4080995-6-ardb+git@google.com>

From: Ard Biesheuvel <ardb@kernel.org>

The x86 EFI stub no longer boots via the traditional decompressor but
jumps straight to the core kernel, avoiding all the page fault handling
and other complexity that is entirely unnecessary when booting via EFI.

The SEV startup code expects the address of the CC blob configuration
table in boot_params, so store it there when booting with SEV-SNP
enabled. This removes a dependency on the later call to sev_enable()
(which is going to be removed), and permits the EFI stub to fail
gracefully inside the guest rather than terminate it entirely.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 drivers/firmware/efi/libstub/x86-stub.c | 21 +++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index cafc90d4caaf..d9ae1a230d39 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -681,17 +681,28 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle)
 	return EFI_SUCCESS;
 }
 
-static bool have_unsupported_snp_features(void)
+static bool check_snp_features(struct boot_params *bp)
 {
+	u64 status = sev_get_status();
 	u64 unsupported;
 
-	unsupported = snp_get_unsupported_features(sev_get_status());
+	unsupported = snp_get_unsupported_features(status);
 	if (unsupported) {
 		efi_err("Unsupported SEV-SNP features detected: 0x%llx\n",
 			unsupported);
-		return true;
+		return false;
 	}
-	return false;
+
+	if (status & MSR_AMD64_SEV_SNP_ENABLED) {
+		void *tbl = get_efi_config_table(EFI_CC_BLOB_GUID);
+
+		if (!tbl) {
+			efi_err("SEV-SNP is enabled but CC blob not found\n");
+			return false;
+		}
+		bp->cc_blob_address = (u32)(unsigned long)tbl;
+	}
+	return true;
 }
 
 static void efi_get_seed(void *seed, int size)
@@ -829,7 +840,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
 
 	hdr = &boot_params->hdr;
 
-	if (have_unsupported_snp_features())
+	if (!check_snp_features(boot_params))
 		efi_exit(handle, EFI_UNSUPPORTED);
 
 	if (IS_ENABLED(CONFIG_EFI_DXE_MEM_ATTRIBUTES)) {
-- 
2.49.0.805.g082f7c87e0-goog

next prev parent reply	other threads:[~2025-04-16 16:58 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-16 16:57 [PATCH v2 0/4] efi: Don't initalize SEV-SNP from the EFI stub Ard Biesheuvel
2025-04-16 16:57 ` Ard Biesheuvel [this message]
2025-04-16 16:57 ` [PATCH v2 2/4] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check Ard Biesheuvel
2025-04-16 16:57 ` [PATCH v2 3/4] x86/sev: Unify SEV-SNP hypervisor feature check Ard Biesheuvel
2025-04-16 16:57 ` [PATCH v2 4/4] x86/efistub: Don't bother enabling SEV in the EFI stub Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cafc90d4caa dfblob:d9ae1a230d3 )
 OR (
bs:"[PATCH v2 1/4] x86/efistub: Obtain SEV CC blob address from the stub" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250416165743.4080995-7-ardb+git@google.com \
    --to=ardb+git@google.com \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=dionnaglaze@google.com \
    --cc=kevinloughlin@google.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox