On Tue, 4 Oct 2022 at 06:41, Nikunj A. Dadhania <nikunj@xxxxxxx> wrote: > > Hi! > > We are trying to implement Secure TSC feature for AMD SNP guests [1]. During the boot-up of the > secondary cpus, SecureTSC enabled guests need to query TSC info from Security processor (PSP). > This communication channel is encrypted between the security processor and the guest, > hypervisor is just the conduit to deliver the guest messages to the security processor. > Each message is protected with an AEAD (AES-256 GCM). > > As the TSC info is needed during the smpboot phase, few crypto modules need to be loaded early > to use the crypto api for encryption/decryption of SNP Guest messages. > > I was able to get the SNP Guest messages working with initializing few crypto modules using > early_initcall() instead of subsys_initcall(). > > Require suggestion/inputs if this is acceptable. List of modules that was changed > to early_initcall: > > early_initcall(aes_init); > early_initcall(cryptomgr_init); > early_initcall(crypto_ctr_module_init); > early_initcall(crypto_gcm_module_init); > early_initcall(ghash_mod_init); > I understand the need for this, but I think it is a bad idea. These will run even before SMP bringup, and before pure initcalls, which are documented as
