Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active
From: Borislav Petkov <bp@xxxxxxx>
Date: Fri, 25 Aug 2017 14:54:31 +0200
Cc: Brijesh Singh <brijesh.singh@xxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, linuxppc-dev@xxxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Tony Luck <tony.luck@xxxxxxxxx>, Piotr Luc <piotr.luc@xxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>, Reza Arbab <arbab@xxxxxxxxxxxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Laura Abbott <labbott@xxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Eric Biederman <ebiederm@xxxxxxxxxxxx>, Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>, Paul Mackerras <paulus@xxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Dave Airlie <airlied@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Christoph Lameter <cl@xxxxxxxxx>
In-reply-to: <42cf82fc-03be-c4c7-eaab-b2306a049d20@amd.com>
References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-15-brijesh.singh@amd.com> <20170823153058.yli5qogrmjl74wkl@pd.tnic> <42cf82fc-03be-c4c7-eaab-b2306a049d20@amd.com>
User-agent: NeoMutt/20170113 (1.7.2)

Btw,

I don't see our SEV-specific chicken bit which disables SEV only.

Do we need it? If so, maybe something like

mem_encrypt=sme_only

or so.

Or is the mem_encrypt=off chicken bit enough?

What about the use case where you want SME but no encrypted guests?

A bunch of hmmm.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

References:
- [RFC Part1 PATCH v3 00/17] x86: Secure Encrypted Virtualization (AMD)
  - From: Brijesh Singh
- [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active
  - From: Brijesh Singh
- Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active
  - From: Borislav Petkov
- Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active
  - From: Tom Lendacky

Prev by Date: [kvm-unit-tests] x86: access: Add test for 5 level paging mode
Next by Date: Re: kvm splat in mmu_spte_clear_track_bits
Previous by thread: Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active
Next by thread: [RFC Part2 PATCH v3 00/26] x86: Secure Encrypted Virtualization (AMD)
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]