Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Thu, 22 Sep 2016 19:08:50 +0200
Cc: Brijesh Singh <brijesh.singh@xxxxxxx>, thomas.lendacky@xxxxxxx, simon.guinot@xxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, rkrcmar@xxxxxxxxxx, matt@xxxxxxxxxxxxxxxxxxx, linus.walleij@xxxxxxxxxx, linux-mm@xxxxxxxxx, paul.gortmaker@xxxxxxxxxxxxx, hpa@xxxxxxxxx, dan.j.williams@xxxxxxxxx, aarcange@xxxxxxxxxx, sfr@xxxxxxxxxxxxxxxx, andriy.shevchenko@xxxxxxxxxxxxxxx, herbert@xxxxxxxxxxxxxxxxxxx, bhe@xxxxxxxxxx, xemul@xxxxxxxxxxxxx, joro@xxxxxxxxxx, x86@xxxxxxxxxx, mingo@xxxxxxxxxx, msalter@xxxxxxxxxx, ross.zwisler@xxxxxxxxxxxxxxx, dyoung@xxxxxxxxxx, jroedel@xxxxxxx, keescook@xxxxxxxxxxxx, toshi.kani@xxxxxxx, mathieu.desnoyers@xxxxxxxxxxxx, devel@xxxxxxxxxxxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mchehab@xxxxxxxxxx, iamjoonsoo.kim@xxxxxxx, labbott@xxxxxxxxxxxxxxxxx, tony.luck@xxxxxxxxx, alexandre.bounine@xxxxxxx, kuleshovmail@xxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, mcgrof@xxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx
In-reply-to: <20160922170718.34d4ppockeurrg25@pd.tnic>
References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> <147190832511.9523.10850626471583956499.stgit@brijesh-build-machine> <20160922143545.3kl7khff6vqk7b2t@pd.tnic> <464461b7-1efb-0af1-dd3e-eb919a2578e9@redhat.com> <20160922145947.52v42l7p7dl7u3r4@pd.tnic> <938ee0cf-85e6-eefa-7df9-9d5e09ed7a9d@redhat.com> <20160922170718.34d4ppockeurrg25@pd.tnic>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0

On 22/09/2016 19:07, Borislav Petkov wrote:
>> Which paragraph?
> "Linux relies on BIOS to set this bit if BIOS has determined that the
> reduction in the physical address space as a result of enabling memory
> encryption..."
> 
> Basically, you can enable SME in the BIOS and you're all set.

That's not how I read it.  I just figured that the BIOS has some magic
things high in the physical address space and if you reduce the physical
address space the BIOS (which is called from e.g. EFI runtime services)
would have problems with that.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov

References:
- [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)
  - From: Brijesh Singh
- [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Brijesh Singh
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Paolo Bonzini
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Paolo Bonzini
- Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
  - From: Borislav Petkov

Prev by Date: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Next by Date: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Previous by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Next by thread: Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]