[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1709922929.git.thomas.lendacky@amd.com>
Date: Fri, 8 Mar 2024 12:35:15 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: <linux-kernel@...r.kernel.org>, <x86@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>, "Peter
Zijlstra" <peterz@...radead.org>, Dan Williams <dan.j.williams@...el.com>,
Michael Roth <michael.roth@....com>, Ashish Kalra <ashish.kalra@....com>,
Joel Becker <jlbec@...lplan.org>, Christoph Hellwig <hch@....de>
Subject: [PATCH v2 00/14] Provide SEV-SNP support for running under an SVSM
This series adds SEV-SNP support for running Linux under an Secure VM
Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
By running at a less priviledged VMPL, the SVSM can be used to provide
services, e.g. a virtual TPM, for Linux within the SEV-SNP confidential
VM (CVM) rather than trust such services from the hypervisor.
Currently, a Linux guest expects to run at the highest VMPL, VMPL0, and
there are certain SNP related operations that require that VMPL level.
Specifically, the PVALIDATE instruction and the RMPADJUST instruction
when setting the VMSA attribute of a page (used when starting APs).
If Linux is to run at a less privileged VMPL, e.g. VMPL2, then it must
use an SVSM (which is running at VMPL0) to perform the operations that
it is no longer able to perform.
How Linux interacts with and uses the SVSM is documented in the SVSM
specification [1] and the GHCB specification [2].
This series introduces support to run Linux under an SVSM. It consists
of:
- Detecting the presence of an SVSM
- When not running at VMPL0, invoking the SVSM for page validation and
VMSA page creation/deletion
- Adding a sysfs entry that specifies the Linux VMPL
- Modifying the sev-guest driver to use the VMPCK key associated with
the Linux VMPL
- Expanding the config-fs TSM support to request attestation reports
from the SVSM
- Detecting and allowing Linux to run in a VMPL other than 0 when an
SVSM is present
The series is based off of and tested against the tip tree:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master
fdd513724225 ("Merge branch into tip/master: 'x86/tdx'")
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
[2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
Cc: Joel Becker <jlbec@...lplan.org>
Cc: Christoph Hellwig <hch@....de>
---
Changes in v2:
- Define X86_FEATURE_SVSM_PRESENT and set the bit in the CPUID table,
removing the need to set the CPUID bit in the #VC handler.
- Rename the TSM service_version attribute to service_manifest_version.
- Add support to config-fs to hide attributes and hide the SVSM attributes
when an SVSM is not present.
Tom Lendacky (14):
x86/sev: Rename snp_init() in the boot/compressed/sev.c file
x86/sev: Make the VMPL0 checking function more generic
x86/sev: Check for the presence of an SVSM in the SNP Secrets page
x86/sev: Use kernel provided SVSM Calling Areas
x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0
x86/sev: Use the SVSM to create a vCPU when not in VMPL0
x86/sev: Provide SVSM discovery support
x86/sev: Provide guest VMPL level to userspace
virt: sev-guest: Choose the VMPCK key based on executing VMPL
configfs-tsm: Allow the privlevel_floor attribute to be updated
x86/sev: Extend the config-fs attestation support for an SVSM
fs/configfs: Add a callback to determine attribute visibility
x86/sev: Hide SVSM attestation entries if not running under an SVSM
x86/sev: Allow non-VMPL0 execution when an SVSM is present
Documentation/ABI/testing/configfs-tsm | 59 ++++
arch/x86/boot/compressed/sev.c | 256 ++++++++------
arch/x86/coco/core.c | 4 +
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 2 +
arch/x86/include/asm/sev-common.h | 18 +
arch/x86/include/asm/sev.h | 114 ++++++-
arch/x86/include/uapi/asm/svm.h | 1 +
arch/x86/kernel/sev-shared.c | 345 ++++++++++++++++++-
arch/x86/kernel/sev.c | 426 +++++++++++++++++++++---
arch/x86/mm/mem_encrypt_amd.c | 8 +-
drivers/virt/coco/sev-guest/sev-guest.c | 162 ++++++++-
drivers/virt/coco/tsm.c | 100 +++++-
fs/configfs/file.c | 13 +
include/linux/cc_platform.h | 8 +
include/linux/configfs.h | 114 +++++--
include/linux/tsm.h | 13 +-
17 files changed, 1440 insertions(+), 204 deletions(-)
--
2.43.2
Powered by blists - more mailing lists