[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] x86: Support booting under Secure Startup via SKINIT

On 29.01.2021 12:45, Andrew Cooper wrote:
> From: Norbert Kamiński <norbert.kaminski@xxxxxxxxx>
> For now, this is simply enough logic to let Xen come up after the bootloader
> has executed an SKINIT instruction to begin a Secure Startup.
> During a Secure Startup, the BSP operates with the GIF clear (blocks all
> external interrupts, even SMI/NMI), and INIT_REDIRECTION active (converts INIT
> IPIs to #SX exceptions, if e.g. the platform needs to scrub secrets before
> resetting).  To afford APs the same Secure Startup protections as the BSP, the
> INIT IPI must be skipped, and SIPI must be the first interrupt seen.
> Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"
> Introduce skinit_enable_intr() and call it from cpu_init(), next to the
> enable_nmis() which performs a related function for tboot startups.
> Also introduce ap_boot_method to control the sequence of actions for AP boot.
> Signed-off-by: Marek Kasiewicz <marek.kasiewicz@xxxxxxxxx>
> Signed-off-by: Norbert Kamiński <norbert.kaminski@xxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Acked-by: Jan Beulich <jbeulich@xxxxxxxx>



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.