lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Nov 2017 08:41:47 -0600
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Borislav Petkov <bp@...en8.de>,
        Steve Rutherford <srutherford@...gle.com>
Cc:     Brijesh Singh <brijesh.singh@....com>, x86@...nel.org,
        KVM list <kvm@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...e.de>,
        Andy Lutomirski <luto@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim KrĠmář 
        <rkrcmar@...hat.com>
Subject: Re: [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD)

On 11/16/2017 4:02 AM, Borislav Petkov wrote:
> On Wed, Nov 15, 2017 at 03:57:13PM -0800, Steve Rutherford wrote:
>> One piece that seems missing here is the handling of the vmm
>> communication exception. What's the plan for non-automatic exits? In
>> particular, what's the plan for emulated devices that are currently
>> accessed through MMIO (e.g. the IOAPIC)?
> 
> First of all, please do not top-post.
> 
> Then, maybe this would answer some of your questions:
> 
> http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf
> 
> But I'd look in Tom's direction for further comments.

I'm not sure what the question really is...

MMIO works just fine using the data contained in the VMCB on exit
(exit_info_1, exit_info_2, insn_bytes, etc.).

These patches are for SEV support.  If the question is related to SEV-ES
(based on the non-automatic exit comment), that support is not part of
these patches and will require additional changes to be able to both
launch a guest as an SEV-ES guest and run as an SEV-ES guest.

> 
>> Maybe I'm getting ahead of myself: What's the testing story? (since I
>> don't think linux would boot with these patches, I'm curious what you
>> are doing to ensure these pieces work)
> 
> Seems to boot fine here :)

Using these patches we have successfully booted and tested a guest both
with and without SEV enabled.

Thanks,
Tom

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ