| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3fe8b6d0-f01f-ea12-c04e-1e69a8697e19@amd.com> Date: Wed, 14 Aug 2024 09:44:32 +0530 From: "Nikunj A. Dadhania" <nikunj@....com> To: linux-kernel@...r.kernel.org, thomas.lendacky@....com, bp@...en8.de, x86@...nel.org Cc: mingo@...hat.com, tglx@...utronix.de, dave.hansen@...ux.intel.com, pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com, kvm@...r.kernel.org Subject: Re: [PATCH v11 00/20] Add Secure TSC support for SNP guests On 7/31/2024 8:37 PM, Nikunj A Dadhania wrote: > This patchset is also available at: > > https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest > > and is based on v6.11-rc1 > > Overview > -------- > > Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the > parameters being used cannot be changed by hypervisor once the guest is > launched. More details in the AMD64 APM Vol 2, Section "Secure TSC". > > In order to enable secure TSC, SEV-SNP guests need to send TSC_INFO guest > message before the APs are booted. Details from the TSC_INFO response will > then be used to program the VMSA before the APs are brought up. See "SEV > Secure Nested Paging Firmware ABI Specification" document (currently at > https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info" > > SEV-guest driver has the implementation for guest and AMD Security > Processor communication. As the TSC_INFO needs to be initialized during > early boot before APs are started, move the guest messaging code from > sev-guest driver to sev/core.c and provide well defined APIs to the > sev-guest driver. > > Patches: > 01-04: sev-guest driver cleanup and enhancements > 05: Use AES GCM library > 06-07: SNP init error handling and cache secrets page address > 08-10: Preparatory patches for code movement > 11-12: Patches moving SNP guest messaging code from SEV guest driver to > SEV common code > 13-20: SecureTSC enablement patches. > > Testing SecureTSC > ----------------- > > SecureTSC hypervisor patches based on top of SEV-SNP Guest MEMFD series: > https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest > > QEMU changes: > https://github.com/nikunjad/qemu/tree/snp-securetsc-latest > > QEMU commandline SEV-SNP with SecureTSC: > > qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \ > -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \ > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \ > -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \ > ... > > Changelog: > ---------- > v11: > * Rebased on top of v6.11-rc1 > * Added Acked-by/Reviewed-by > * Moved SEV Guest driver cleanups in the beginning of the series > * Commit message updates > * Enforced PAGE_SIZE constraints for snp_guest_msg > * After offline discussion with Boris, redesigned and exported > SEV guest messaging APIs to sev-guest driver > * Dropped VMPCK rework patches > * Make sure movement of SEV core routines does not break the SEV Guest > driver midway of the series. > A gentle reminder. Regards Nikunj
Powered by blists - more mailing lists