On Mon, Aug 22, 2016 at 05:37:10PM -0500, Tom Lendacky wrote: > This adds support to be able to either encrypt or decrypt data during > the early stages of booting the kernel. This does not change the memory > encryption attribute - it is used for ensuring that data present in > either an encrypted or un-encrypted memory area is in the proper state > (for example the initrd will have been loaded by the boot loader and > will not be encrypted, but the memory that it resides in is marked as > encrypted). > > Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- ... > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index 00eb705..f35a646 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -14,6 +14,107 @@ > #include <linux/mm.h> > > #include <asm/mem_encrypt.h> > +#include <asm/tlbflush.h> > +#include <asm/fixmap.h> > + > +/* Buffer used for early in-place encryption by BSP, no locking needed */ > +static char me_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as encrypted but the contents are currently not > + * encyrpted. s/encyrpted/encrypted/ Ditto below. > + */ > +void __init sme_early_mem_enc(resource_size_t paddr, unsigned long size) > +{ > + void *src, *dst; > + size_t len; > + > + if (!sme_me_mask) > + return; > + > + local_flush_tlb(); > + wbinvd(); > + > + /* > + * There are limited number of early mapping slots, so map (at most) > + * one page at time. > + */ > + while (size) { > + len = min_t(size_t, sizeof(me_early_buffer), size); > + > + /* Create a mapping for non-encrypted write-protected memory */ > + src = early_memremap_dec_wp(paddr, len); > + > + /* Create a mapping for encrypted memory */ > + dst = early_memremap_enc(paddr, len); > + > + /* > + * If a mapping can't be obtained to perform the encryption, > + * then encrypted access to that area will end up causing > + * a crash. > + */ > + BUG_ON(!src || !dst); > + > + memcpy(me_early_buffer, src, len); > + memcpy(dst, me_early_buffer, len); > + > + early_memunmap(dst, len); > + early_memunmap(src, len); > + > + paddr += len; > + size -= len; > + } > +} > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as not encrypted but the contents are currently > + * encyrpted. > + */ > +void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) > +{ ... -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html