On 10/29/2024 4:46 PM, Nikunj A. Dadhania wrote:
On 10/29/2024 2:11 PM, Xiaoyao Li wrote:
On 10/28/2024 1:34 PM, Nikunj A Dadhania wrote:
Add support for Secure TSC in SNP-enabled guests. Secure TSC allows guests
to securely use RDTSC/RDTSCP instructions, ensuring that the parameters
used cannot be altered by the hypervisor once the guest is launched.
Secure TSC-enabled guests need to query TSC information from the AMD
Security Processor. This communication channel is encrypted between the AMD
Security Processor and the guest, with the hypervisor acting merely as a
conduit to deliver the guest messages to the AMD Security Processor. Each
message is protected with AEAD (AES-256 GCM). Use a minimal AES GCM library
to encrypt and decrypt SNP guest messages for communication with the PSP.
Use mem_encrypt_init() to fetch SNP TSC information from the AMD Security
Processor and initialize snp_tsc_scale and snp_tsc_offset.
Why do it inside mem_encrypt_init()?
It was discussed here: https://lore.kernel.org/lkml/20240422132058.GBZiZkOqU0zFviMzoC@fat_crate.local/
IMHO, it's a bad starter. As more and more SNP features will be enabled
in the future, a SNP init function like tdx_early_init() would be a good
place for all SNP guest stuff.
Just my 2 cents.
Regards
Nikunj
