On 11/15/2016 10:33 AM, Borislav Petkov wrote: > On Tue, Nov 15, 2016 at 10:06:16AM -0600, Tom Lendacky wrote: >> Yes, but that doesn't relate to the physical address space reduction. >> >> Once the SYS_CFG MSR bit for SME is set, even if the encryption bit is >> never used, there is a physical reduction of the address space. So when >> checking whether to adjust the physical address bits I can't rely on the >> sme_me_mask, I have to look at the MSR. >> >> But when I'm looking to decide whether to encrypt or decrypt something, >> I use the sme_me_mask to decide if that is needed. If the sme_me_mask >> is not set then the encrypt/decrypt op shouldn't be performed. >> >> I might not be grasping the point you're trying to make... > > Ok, let me try to summarize how I see it. There are a couple of states: > > * CPUID bit in 0x8000001f - that's SME supported > > * Reduction of address space - MSR bit. That could be called "SME > BIOS-eenabled". > > * SME active. That's both of the above and is sme_me_mask != 0. > > Right? Correct. > > So you said previously "The feature may be present and enabled even if > it is not currently active." > > But then you say "active" below > >>> And in patch 12 you have: >>> >>> + /* >>> + * If memory encryption is active, the trampoline area will need to >>> + * be in un-encrypted memory in order to bring up other processors >>> + * successfully. >>> + */ >>> + sme_early_mem_dec(__pa(base), size); >>> + sme_set_mem_unenc(base, size); > > and test sme_me_mask. Which makes sense now after having explained which > hw setting controls what. > > So can we agree on the nomenclature for all the different SME states > first and use those throughout the code? And hold those states down in > Documentation/x86/amd-memory-encryption.txt so that it is perfectly > clear to people looking at the code. Yup, that sounds good. I'll update the documentation to clarify the various states/modes of SME. > > Also, if we need to check those states more than once, we should add > inline helpers: > > sme_supported() > sme_bios_enabled() > sme_active() > > How does that sound? Sounds good. Thanks, Tom > -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html