On 7/18/2017 7:03 AM, Thomas Gleixner wrote: > On Mon, 17 Jul 2017, Tom Lendacky wrote: >> This patch series provides support for AMD's new Secure Memory Encryption (SME) >> feature. >> >> SME can be used to mark individual pages of memory as encrypted through the >> page tables. A page of memory that is marked encrypted will be automatically >> decrypted when read from DRAM and will be automatically encrypted when >> written to DRAM. Details on SME can found in the links below. >> >> The SME feature is identified through a CPUID function and enabled through >> the SYSCFG MSR. Once enabled, page table entries will determine how the >> memory is accessed. If a page table entry has the memory encryption mask set, >> then that memory will be accessed as encrypted memory. The memory encryption >> mask (as well as other related information) is determined from settings >> returned through the same CPUID function that identifies the presence of the >> feature. >> >> The approach that this patch series takes is to encrypt everything possible >> starting early in the boot where the kernel is encrypted. Using the page >> table macros the encryption mask can be incorporated into all page table >> entries and page allocations. By updating the protection map, userspace >> allocations are also marked encrypted. Certain data must be accounted for >> as having been placed in memory before SME was enabled (EFI, initrd, etc.) >> and accessed accordingly. >> >> This patch series is a pre-cursor to another AMD processor feature called >> Secure Encrypted Virtualization (SEV). The support for SEV will build upon >> the SME support and will be submitted later. Details on SEV can be found >> in the links below. > > Well done series. Thanks to all people involved, especially Tom and Boris! > It was a pleasure to review that. > > Reviewed-by: Thomas Gleixner <tglx at linutronix.de> A big thanks from me to everyone that helped review this. I truly appreciate all the time that everyone put into this - especially Boris, who helped guide this series from the start. Thanks, Tom >
