lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 13:00:18 +0100 From: Borislav Petkov <bp@...en8.de> To: Tom Lendacky <thomas.lendacky@....com> Cc: linux-arch@...r.kernel.org, linux-efi@...r.kernel.org, kvm@...r.kernel.org, linux-doc@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com, linux-mm@...ck.org, iommu@...ts.linux-foundation.org, Rik van Riel <riel@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, Toshimitsu Kani <toshi.kani@....com>, Arnd Bergmann <arnd@...db.de>, Jonathan Corbet <corbet@....net>, Matt Fleming <matt@...eblueprint.co.uk>, "Michael S. Tsirkin" <mst@...hat.com>, Joerg Roedel <joro@...tes.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Paolo Bonzini <pbonzini@...hat.com>, Brijesh Singh <brijesh.singh@....com>, Ingo Molnar <mingo@...hat.com>, Alexander Potapenko <glider@...gle.com>, Andy Lutomirski <luto@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Thomas Gleixner <tglx@...utronix.de>, Larry Woodman <lwoodman@...hat.com>, Dmitry Vyukov <dvyukov@...gle.com> Subject: Re: [RFC PATCH v4 05/28] x86: Add Secure Memory Encryption (SME) support On Thu, Feb 16, 2017 at 09:43:07AM -0600, Tom Lendacky wrote: > Add support for Secure Memory Encryption (SME). This initial support > provides a Kconfig entry to build the SME support into the kernel and > defines the memory encryption mask that will be used in subsequent > patches to mark pages as encrypted. > > Signed-off-by: Tom Lendacky <thomas.lendacky@....com> > --- > arch/x86/Kconfig | 22 +++++++++++++++++++ > arch/x86/include/asm/mem_encrypt.h | 42 ++++++++++++++++++++++++++++++++++++ > arch/x86/mm/Makefile | 1 + > arch/x86/mm/mem_encrypt.c | 21 ++++++++++++++++++ > include/linux/mem_encrypt.h | 37 ++++++++++++++++++++++++++++++++ > 5 files changed, 123 insertions(+) > create mode 100644 arch/x86/include/asm/mem_encrypt.h > create mode 100644 arch/x86/mm/mem_encrypt.c > create mode 100644 include/linux/mem_encrypt.h > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index f8fbfc5..a3b8c71 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1395,6 +1395,28 @@ config X86_DIRECT_GBPAGES > supports them), so don't confuse the user by printing > that we have them enabled. > > +config AMD_MEM_ENCRYPT > + bool "AMD Secure Memory Encryption (SME) support" > + depends on X86_64 && CPU_SUP_AMD > + ---help--- > + Say yes to enable support for the encryption of system memory. > + This requires an AMD processor that supports Secure Memory > + Encryption (SME). > + > +config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT > + bool "Activate AMD Secure Memory Encryption (SME) by default" > + default y > + depends on AMD_MEM_ENCRYPT > + ---help--- > + Say yes to have system memory encrypted by default if running on > + an AMD processor that supports Secure Memory Encryption (SME). > + > + If set to Y, then the encryption of system memory can be > + deactivated with the mem_encrypt=off command line option. > + > + If set to N, then the encryption of system memory can be > + activated with the mem_encrypt=on command line option. Good. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists