lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aBdz-4hJu0zp40mC@gmail.com>
Date: Sun, 4 May 2025 16:04:43 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Ard Biesheuvel <ardb+git@...gle.com>
Cc: linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org, x86@...nel.org,
	Ard Biesheuvel <ardb@...nel.org>, Borislav Petkov <bp@...en8.de>,
	Dionna Amalie Glaze <dionnaglaze@...gle.com>,
	Kevin Loughlin <kevinloughlin@...gle.com>,
	Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFT PATCH v2 00/23] x86: strict separation of startup code


* Ard Biesheuvel <ardb+git@...gle.com> wrote:

> Ard Biesheuvel (23):
>   x86/boot: Move early_setup_gdt() back into head64.c
>   x86/boot: Disregard __supported_pte_mask in __startup_64()
>   x86/boot: Drop global variables keeping track of LA57 state
>   x86/sev: Make sev_snp_enabled() a static function
>   x86/sev: Move instruction decoder into separate source file
>   x86/sev: Disentangle #VC handling code from startup code
>   x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback
>   x86/sev: Fall back to early page state change code only during boot
>   x86/sev: Move GHCB page based HV communication out of startup code
>   x86/sev: Use boot SVSM CA for all startup and init code
>   x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check
>   x86/sev: Unify SEV-SNP hypervisor feature check
>   x86/linkage: Add SYM_PIC_ALIAS() macro helper to emit symbol aliases
>   x86/boot: Add a bunch of PIC aliases
>   x86/boot: Provide __pti_set_user_pgtbl() to startup code
>   x86/sev: Provide PIC aliases for SEV related data objects
>   x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object
>   x86/sev: Export startup routines for ordinary use
>   x86/boot: Created a confined code area for startup code
>   x86/boot: Move startup code out of __head section
>   x86/boot: Disallow absolute symbol references in startup code
>   x86/boot: Revert "Reject absolute references in .head.text"
>   x86/boot: Get rid of the .head.text section

>  42 files changed, 2367 insertions(+), 2325 deletions(-)

So to move this forward I applied the following 7 patches to 
tip:x86/boot:

	x86/boot: Move early_setup_gdt() back into head64.c
	x86/boot: Disregard __supported_pte_mask in __startup_64()
	x86/sev: Make sev_snp_enabled() a static function
	x86/sev: Move instruction decoder into separate source file
	x86/linkage: Add SYM_PIC_ALIAS() macro helper to emit symbol aliases
	x86/boot: Add a bunch of PIC aliases
	x86/boot: Provide __pti_set_user_pgtbl() to startup code

Which are I believe independent of SEV testing.

I also merged in pending upstream fixes, including:

   8ed12ab1319b ("x86/boot/sev: Support memory acceptance in the EFI stub under SVSM")

Which should make tip:x86/boot a good base for your series going 
forward?

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ