On Fri, Jun 16, 2017 at 01:51:15PM -0500, Tom Lendacky wrote: > Add support to the early boot code to use Secure Memory Encryption (SME). > Since the kernel has been loaded into memory in a decrypted state, encrypt > the kernel in place and update the early pagetables with the memory > encryption mask so that new pagetable entries will use memory encryption. > > The routines to set the encryption mask and perform the encryption are > stub routines for now with functionality to be added in a later patch. > > Because of the need to have the routines available to head_64.S, the > mem_encrypt.c is always built and #ifdefs in mem_encrypt.c will provide > functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT. > > Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > arch/x86/include/asm/mem_encrypt.h | 8 +++++++ > arch/x86/kernel/head64.c | 33 +++++++++++++++++++++--------- > arch/x86/kernel/head_64.S | 39 ++++++++++++++++++++++++++++++++++-- > arch/x86/mm/Makefile | 4 +--- > arch/x86/mm/mem_encrypt.c | 24 ++++++++++++++++++++++ > 5 files changed, 93 insertions(+), 15 deletions(-) ... > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index b99d469..9a78277 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -11,6 +11,9 @@ > */ > > #include <linux/linkage.h> > +#include <linux/init.h> > + > +#ifdef CONFIG_AMD_MEM_ENCRYPT > > /* > * Since SME related variables are set early in the boot process they must > @@ -19,3 +22,24 @@ > */ > unsigned long sme_me_mask __section(.data) = 0; > EXPORT_SYMBOL_GPL(sme_me_mask); > + > +void __init sme_encrypt_kernel(void) > +{ > +} Just the minor: void __init sme_encrypt_kernel(void) { } in case you have to respin. Reviewed-by: Borislav Petkov <bp@xxxxxxx> -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>