diff options
author | Joerg Roedel <jroedel@suse.de> | 2020-10-28 17:46:57 +0100 |
---|---|---|
committer | Borislav Petkov <bp@suse.de> | 2020-10-29 18:06:52 +0100 |
commit | 86ce43f7dde81562f58b24b426cef068bd9f7595 (patch) | |
tree | f3042a795cff8aa037faa8c7d77e61d003af12d7 /arch/x86/boot/compressed/misc.h | |
parent | x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (diff) | |
download | linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.tar.xz linux-dev-86ce43f7dde81562f58b24b426cef068bd9f7595.zip |
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
Check whether the hypervisor reported the correct C-bit when running as
an SEV guest. Using a wrong C-bit position could be used to leak
sensitive data from the guest to the hypervisor.
The check function is in a separate file:
arch/x86/kernel/sev_verify_cbit.S
so that it can be re-used in the running kernel image.
[ bp: Massage. ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org
Diffstat (limited to 'arch/x86/boot/compressed/misc.h')
-rw-r--r-- | arch/x86/boot/compressed/misc.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 6d31f1b4c4d1..d9a631c5973c 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -159,4 +159,6 @@ void boot_page_fault(void); void boot_stage1_vc(void); void boot_stage2_vc(void); +unsigned long sev_verify_cbit(unsigned long cr3); + #endif /* BOOT_COMPRESSED_MISC_H */ |