lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f0c80c25-13f6-34c9-1932-c57e0c900c75@intel.com>
Date:   Wed, 10 Feb 2021 08:47:10 -0800
From:   Dave Hansen <dave.hansen@...el.com>
To:     Joerg Roedel <joro@...tes.org>, x86@...nel.org
Cc:     Joerg Roedel <jroedel@...e.de>, hpa@...or.com,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Jiri Slaby <jslaby@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Juergen Gross <jgross@...e.com>,
        Kees Cook <keescook@...omium.org>,
        David Rientjes <rientjes@...gle.com>,
        Cfir Cohen <cfir@...gle.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Mike Stunes <mstunes@...are.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Martin Radev <martin.b.radev@...il.com>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in
 32-bit boot-path

On 2/10/21 2:21 AM, Joerg Roedel wrote:
> +	/* Store to memory and keep it in the registers */
> +	movl	%eax, rva(sev_check_data)(%ebp)
> +	movl	%ebx, rva(sev_check_data+4)(%ebp)
> +
> +	/* Enable paging to see if encryption is active */
> +	movl	%cr0, %edx	/* Backup %cr0 in %edx */
> +	movl	$(X86_CR0_PG | X86_CR0_PE), %ecx /* Enable Paging and Protected mode */
> +	movl	%ecx, %cr0
> +
> +	cmpl	%eax, rva(sev_check_data)(%ebp)
> +	jne	3f
> +	cmpl	%ebx, rva(sev_check_data+4)(%ebp)
> +	jne	3f

Also, I know that turning paging on is a *BIG* barrier.  But, I didn't
think it has any effect on the caches.

I would expect that the underlying physical address of 'sev_check_data'
would change when paging gets enabled because paging sets the C bit.
So, how does the write of 'sev_check_data' get out of the caches and
into memory where it can be read back with the new physical address?

I think there's some bit of the SEV architecture that I'm missing.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ