On Thu, Feb 16, 2017 at 09:43:07AM -0600, Tom Lendacky wrote: > Add support for Secure Memory Encryption (SME). This initial support > provides a Kconfig entry to build the SME support into the kernel and > defines the memory encryption mask that will be used in subsequent > patches to mark pages as encrypted. > > Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > arch/x86/Kconfig | 22 +++++++++++++++++++ > arch/x86/include/asm/mem_encrypt.h | 42 ++++++++++++++++++++++++++++++++++++ > arch/x86/mm/Makefile | 1 + > arch/x86/mm/mem_encrypt.c | 21 ++++++++++++++++++ > include/linux/mem_encrypt.h | 37 ++++++++++++++++++++++++++++++++ > 5 files changed, 123 insertions(+) > create mode 100644 arch/x86/include/asm/mem_encrypt.h > create mode 100644 arch/x86/mm/mem_encrypt.c > create mode 100644 include/linux/mem_encrypt.h > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index f8fbfc5..a3b8c71 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1395,6 +1395,28 @@ config X86_DIRECT_GBPAGES > supports them), so don't confuse the user by printing > that we have them enabled. > > +config AMD_MEM_ENCRYPT > + bool "AMD Secure Memory Encryption (SME) support" > + depends on X86_64 && CPU_SUP_AMD > + ---help--- > + Say yes to enable support for the encryption of system memory. > + This requires an AMD processor that supports Secure Memory > + Encryption (SME). > + > +config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT > + bool "Activate AMD Secure Memory Encryption (SME) by default" > + default y > + depends on AMD_MEM_ENCRYPT > + ---help--- > + Say yes to have system memory encrypted by default if running on > + an AMD processor that supports Secure Memory Encryption (SME). > + > + If set to Y, then the encryption of system memory can be > + deactivated with the mem_encrypt=off command line option. > + > + If set to N, then the encryption of system memory can be > + activated with the mem_encrypt=on command line option. Good. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.