From: Jeremi Piotrowski <jpiotrowski@xxxxxxxxxxxxx>
Hyper-V may expose the SEV/SEV-SNP CPU features to the guest, but it is
up to the guest to use them. early_detect_mem_encrypt() checks
SYSCFG[MEM_ENCRYPT] and HWCR[SMMLOCK] and if these are not set the
SEV-SNP features are cleared. Check if we are running under a
hypervisor and if so - update SYSCFG and skip the HWCR check.
It would be great to make this check more specific (checking for
Hyper-V) but this code runs before hypervisor detection on the boot cpu.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/amd.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index c7884198ad5b..17d91ac62937 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -565,6 +565,12 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
* don't advertise the feature under CONFIG_X86_32.
*/
if (cpu_has(c, X86_FEATURE_SME) || cpu_has(c, X86_FEATURE_SEV)) {
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR)) {
+ rdmsrl(MSR_AMD64_SYSCFG, msr);
+ msr |= MSR_AMD64_SYSCFG_MEM_ENCRYPT;
+ wrmsrl(MSR_AMD64_SYSCFG, msr);
+ }
+
/* Check if memory encryption is enabled */
rdmsrl(MSR_AMD64_SYSCFG, msr);
if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT))
@@ -584,7 +590,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
setup_clear_cpu_cap(X86_FEATURE_SME);
rdmsrl(MSR_K7_HWCR, msr);
- if (!(msr & MSR_K7_HWCR_SMMLOCK))
+ if (!(msr & MSR_K7_HWCR_SMMLOCK) && !cpu_has(c, X86_FEATURE_HYPERVISOR))
goto clear_sev;
return;
--
2.25.1
