• Michael Roth's avatar
    x86/compressed/64: Detect/setup SEV/SME features earlier during boot · ec1c66af
    Michael Roth authored
    With upcoming SEV-SNP support, SEV-related features need to be
    initialized earlier during boot, at the same point the initial #VC
    handler is set up, so that the SEV-SNP CPUID table can be utilized
    during the initial feature checks. Also, SEV-SNP feature detection
    will rely on EFI helper functions to scan the EFI config table for the
    Confidential Computing blob, and so would need to be implemented at
    least partially in C.
    
    Currently set_sev_encryption_mask() is used to initialize the
    sev_status and sme_me_mask globals that advertise what SEV/SME features
    are available in a guest. Rename it to sev_enable() to better reflect
    that (SME is only enabled in the case of SEV guests in the
    boot/compressed kernel), and move it to just after the stage1 #VC
    handler is set up so that it can be used to initialize SEV-SNP as well
    in future patches.
    
    While at it, re-implement it as C code so that all SEV feature
    detection can be better consolidated with upcoming SEV-SNP feature
    detection, which will also be in C.
    
    The 32-bit entry path remains unchanged, as it never relied on the
    set_sev_encryption_mask() initialization to begin with.
    
      [ bp: Massage commit message. ]
    Signed-off-by: default avatarMichael Roth <michael.roth@amd.com>
    Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Link: https://lore.kernel.org/r/20220307213356.2797205-8-brijesh.singh@amd.com
    ec1c66af
sev.c 5.07 KB