| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2024 08:37:25 -0800
From: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Ashish Kalra <ashish.kalra@....com>,
Michael Roth <michael.roth@....com>,
Tom Lendacky <thomas.lendacky@....com>, X86 ML <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86/sev: Dump SEV_STATUS
On Tue, Feb 13, 2024 at 05:33:11PM +0100, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@...en8.de>
>
> It is, and will be even more useful in the future, to dump the SEV
> features enabled according to SEV_STATUS. Do so:
>
> [ 0.542753] Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
> [ 0.544425] SEV: Status: SEV SEV-ES SEV-SNP DebugSwap
>
This could use some commas/delimiters to improve readability for those multi-word
bits (or stick to the name from the APM). This is from an Azure SNP CVM(*):
Feb 14 16:16:55 vm kernel: SEV: Status: SEV SEV-ES SEV-SNP vTom Reflect VC AI DebugSwap No HostIBS BTB Isol VMSA reg prot
(*): tested with the below patch applied (I'm not suggesting this should be
incorporated) because from a kernel point of view only vTOM is present in the
cached sev_status, the rest is handled by VMPL0:
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -2285,6 +2285,8 @@
void sev_show_status(void)
{
int i;
+ u64 sev_status;
+ rdmsrl(MSR_AMD64_SEV, sev_status);
pr_info("Status: ");
for (i = 0; i < MSR_AMD64_SNP_RESV_BIT; i++) {
Powered by blists - more mailing lists