lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Jun 2017 21:44:11 +0200 From: Borislav Petkov <bp@...en8.de> To: Tom Lendacky <thomas.lendacky@....com> Cc: linux-arch@...r.kernel.org, linux-efi@...r.kernel.org, kvm@...r.kernel.org, linux-doc@...r.kernel.org, x86@...nel.org, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com, linux-mm@...ck.org, iommu@...ts.linux-foundation.org, Rik van Riel <riel@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, Toshimitsu Kani <toshi.kani@....com>, Arnd Bergmann <arnd@...db.de>, Jonathan Corbet <corbet@....net>, Matt Fleming <matt@...eblueprint.co.uk>, "Michael S. Tsirkin" <mst@...hat.com>, Joerg Roedel <joro@...tes.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Paolo Bonzini <pbonzini@...hat.com>, Larry Woodman <lwoodman@...hat.com>, Brijesh Singh <brijesh.singh@....com>, Ingo Molnar <mingo@...hat.com>, Andy Lutomirski <luto@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Alexander Potapenko <glider@...gle.com>, Dave Young <dyoung@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Dmitry Vyukov <dvyukov@...gle.com> Subject: Re: [PATCH v6 18/34] x86/efi: Update EFI pagetable creation to work with SME On Wed, Jun 07, 2017 at 02:16:27PM -0500, Tom Lendacky wrote: > When SME is active, pagetable entries created for EFI need to have the > encryption mask set as necessary. > > When the new pagetable pages are allocated they are mapped encrypted. So, > update the efi_pgt value that will be used in cr3 to include the encryption > mask so that the PGD table can be read successfully. The pagetable mapping > as well as the kernel are also added to the pagetable mapping as encrypted. > All other EFI mappings are mapped decrypted (tables, etc.). > > Signed-off-by: Tom Lendacky <thomas.lendacky@....com> > --- > arch/x86/platform/efi/efi_64.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) patches 15-18: Reviewed-by: Borislav Petkov <bp@...e.de> -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists