Provide a "nosnp" kernel command line option to prevent enabling of the
RMP and SEV-SNP features in the host/hypervisor. Not initializing the
RMP removes system overhead associated with RMP checks.
Co-developed-by: Eric Van Tassell <Eric.VanTassell@xxxxxxx>
Signed-off-by: Eric Van Tassell <Eric.VanTassell@xxxxxxx>
Signed-off-by: Pavan Kumar Paluri <papaluri@xxxxxxx>
---
Documentation/arch/x86/x86_64/boot-options.rst | 3 +++
arch/x86/virt/svm/cmdline.c | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/Documentation/arch/x86/x86_64/boot-options.rst b/Documentation/arch/x86/x86_64/boot-options.rst
index 137432d34109..3d4e9a7dccf2 100644
--- a/Documentation/arch/x86/x86_64/boot-options.rst
+++ b/Documentation/arch/x86/x86_64/boot-options.rst
@@ -317,3 +317,6 @@ The available options are:
debug
Enable debug messages.
+
+ nosnp
+ Do not enable SEV-SNP (applies to host/hypervisor only).
diff --git a/arch/x86/virt/svm/cmdline.c b/arch/x86/virt/svm/cmdline.c
index 507549a9c793..1e71c75f0201 100644
--- a/arch/x86/virt/svm/cmdline.c
+++ b/arch/x86/virt/svm/cmdline.c
@@ -24,6 +24,12 @@ static int __init init_sev_config(char *str)
continue;
}
+ if (!strcmp(s, "nosnp")) {
+ setup_clear_cpu_cap(X86_FEATURE_SEV_SNP);
+ cc_platform_clear(CC_ATTR_HOST_SEV_SNP);
+ continue;
+ }
+
pr_info("SEV command-line option '%s' was not recognized\n", s);
}
--
2.34.1
