lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170916123418.37807-4-brijesh.singh@amd.com> Date: Sat, 16 Sep 2017 07:34:04 -0500 From: Brijesh Singh <brijesh.singh@....com> To: linux-kernel@...r.kernel.org, x86@...nel.org, kvm@...r.kernel.org Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...e.de>, Andy Lutomirski <luto@...nel.org>, Tom Lendacky <thomas.lendacky@....com>, Brijesh Singh <brijesh.singh@....com> Subject: [Part1 PATCH v4 03/17] x86/mm: Don't attempt to encrypt initrd under SEV From: Tom Lendacky <thomas.lendacky@....com> When SEV is active the initrd/initramfs will already have already been placed in memory encrypted so do not try to encrypt it. Cc: Thomas Gleixner <tglx@...utronix.de> Cc: Ingo Molnar <mingo@...hat.com> Cc: "H. Peter Anvin" <hpa@...or.com> Cc: Borislav Petkov <bp@...e.de> Cc: Andy Lutomirski <luto@...nel.org> Cc: linux-kernel@...r.kernel.org Cc: x86@...nel.org Signed-off-by: Tom Lendacky <thomas.lendacky@....com> Signed-off-by: Brijesh Singh <brijesh.singh@....com> --- arch/x86/kernel/setup.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 82559867e0a9..967155e63afe 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -368,9 +368,11 @@ static void __init reserve_initrd(void) * If SME is active, this memory will be marked encrypted by the * kernel when it is accessed (including relocation). However, the * ramdisk image was loaded decrypted by the bootloader, so make - * sure that it is encrypted before accessing it. + * sure that it is encrypted before accessing it. For SEV the + * ramdisk will already be encrypted, so only do this for SME. */ - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); + if (sme_active()) + sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); initrd_start = 0; -- 2.9.5
Powered by blists - more mailing lists