[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 5/5] x86/cpu-policy: Introduce some SEV features
On 4/29/24 5:16 PM, Andrew Cooper wrote:
For display purposes only right now.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Vaishali Thakkar <vaishali.thakkar@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>
CC: Sergiy Kibrik <Sergiy_Kibrik@xxxxxxxx>
CC: George Dunlap <george.dunlap@xxxxxxxxxx>
CC: Andrei Semenov <andrei.semenov@xxxxxxxx>
CC: Vaishali Thakkar <vaishali.thakkar@xxxxxxxxxx>
This is only half the work to get SEV working nicely. The other
half (rearranging __start_xen() so we can move the host policy collection
earlier) is still a work-in-progress.
---
tools/misc/xen-cpuid.c | 3 +++
xen/arch/x86/include/asm/cpufeature.h | 3 +++
xen/include/public/arch-x86/cpufeatureset.h | 4 ++++
xen/tools/gen-cpuid.py | 6 +++++-
4 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index 0d01b0e797f1..1463e0429ba1 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -281,6 +281,9 @@ static const char *const str_eAd[32] =
static const char *const str_e1Fa[32] =
{
+ [ 0] = "sme", [ 1] = "sev",
+ /* 2 */ [ 3] = "sev-es",
+ [ 4] = "sev-snp",
};
static const struct {
diff --git a/xen/arch/x86/include/asm/cpufeature.h
b/xen/arch/x86/include/asm/cpufeature.h
index b6fb8c24423c..732f0d2bf758 100644
--- a/xen/arch/x86/include/asm/cpufeature.h
+++ b/xen/arch/x86/include/asm/cpufeature.h
@@ -230,6 +230,9 @@ static inline bool boot_cpu_has(unsigned int feat)
#define cpu_has_v_gif boot_cpu_has(X86_FEATURE_V_GIF)
#define cpu_has_v_spec_ctrl boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)
+/* CPUID level 0x8000001f.eax */
+#define cpu_has_sev boot_cpu_has(X86_FEATURE_SEV)
+
/* Synthesized. */
#define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON)
#define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING)
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index 80d252a38c2d..7ee0f2329151 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -374,6 +374,10 @@ XEN_CPUFEATURE(NPT_SSS, 18*32+19) /* NPT
Supervisor Shadow Stacks *
XEN_CPUFEATURE(V_SPEC_CTRL, 18*32+20) /* Virtualised MSR_SPEC_CTRL */
/* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 19 */
+XEN_CPUFEATURE(SME, 19*32+ 0) /* Secure Memory Encryption */
+XEN_CPUFEATURE(SEV, 19*32+ 1) /* Secure Encryped VM */
+XEN_CPUFEATURE(SEV_ES, 19*32+ 3) /* SEV Encrypted State */
+XEN_CPUFEATURE(SEV_SNP, 19*32+ 4) /* SEV Secure Nested Paging */
#endif /* XEN_CPUFEATURE */
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
index f07b1f4cf905..bff4d9389ff6 100755
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -281,7 +281,7 @@ def crunch_numbers(state):
_3DNOW: [_3DNOWEXT],
# The SVM bit enumerates the whole SVM leave.
- SVM: list(range(NPT, NPT + 32)),
+ SVM: list(range(NPT, NPT + 32)) + [SEV],
# This is just the dependency between AVX512 and AVX2 of XSTATE
# feature flags. If want to use AVX512, AVX2 must be supported and
@@ -341,6 +341,10 @@ def crunch_numbers(state):
# The behaviour described by RRSBA depend on eIBRS being active.
EIBRS: [RRSBA],
+
+ SEV: [SEV_ES],
+
+ SEV_ES: [SEV_SNP],
}
deep_features = tuple(sorted(deps.keys()))
|
