[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

To: Tom Lendacky <thomas.lendacky@xxxxxxx>
From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Date: Tue, 18 Jul 2017 14:03:53 +0200 (CEST)
Cc: linux-efi@xxxxxxxxxxxxxxx, Brijesh Singh <brijesh.singh@xxxxxxx>, kvm@xxxxxxxxxxxxxxx, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>, x86@xxxxxxxxxx, linux-mm@xxxxxxxxx, Alexander Potapenko <glider@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Larry Woodman <lwoodman@xxxxxxxxxx>, linux-arch@xxxxxxxxxxxxxxx, Toshimitsu Kani <toshi.kani@xxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, kasan-dev@xxxxxxxxxxxxxxxx, Ingo Molnar <mingo@xxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Dave Young <dyoung@xxxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, kexec@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>
Delivery-date: Tue, 18 Jul 2017 12:05:10 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 17 Jul 2017, Tom Lendacky wrote:
> This patch series provides support for AMD's new Secure Memory Encryption 
> (SME)
> feature.
> 
> SME can be used to mark individual pages of memory as encrypted through the
> page tables. A page of memory that is marked encrypted will be automatically
> decrypted when read from DRAM and will be automatically encrypted when
> written to DRAM. Details on SME can found in the links below.
> 
> The SME feature is identified through a CPUID function and enabled through
> the SYSCFG MSR. Once enabled, page table entries will determine how the
> memory is accessed. If a page table entry has the memory encryption mask set,
> then that memory will be accessed as encrypted memory. The memory encryption
> mask (as well as other related information) is determined from settings
> returned through the same CPUID function that identifies the presence of the
> feature.
> 
> The approach that this patch series takes is to encrypt everything possible
> starting early in the boot where the kernel is encrypted. Using the page
> table macros the encryption mask can be incorporated into all page table
> entries and page allocations. By updating the protection map, userspace
> allocations are also marked encrypted. Certain data must be accounted for
> as having been placed in memory before SME was enabled (EFI, initrd, etc.)
> and accessed accordingly.
> 
> This patch series is a pre-cursor to another AMD processor feature called
> Secure Encrypted Virtualization (SEV). The support for SEV will build upon
> the SME support and will be submitted later. Details on SEV can be found
> in the links below.

Well done series. Thanks to all people involved, especially Tom and Boris!
It was a pleasure to review that.

Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
  - From: Tom Lendacky

References:
- [Xen-devel] [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
  - From: Tom Lendacky

Prev by Date: Re: [Xen-devel] [PATCH v6 09/14] arm/guest_access: Move vgic_access_guest_memory to guest_access.h
Next by Date: Re: [Xen-devel] [RFC v2]Proposal to allow setting up shared memory areas between VMs from xl config file
Previous by thread: [Xen-devel] [tip:x86/mm] xen/x86: Remove SME feature in PV guests
Next by thread: Re: [Xen-devel] [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.