git.osdn.net Git - uclinux-h8/linux.git/commit

author	Joerg Roedel <jroedel@suse.de>
	Wed, 28 Oct 2020 16:46:57 +0000 (17:46 +0100)
committer	Borislav Petkov <bp@suse.de>
	Thu, 29 Oct 2020 17:06:52 +0000 (18:06 +0100)
commit	86ce43f7dde81562f58b24b426cef068bd9f7595
tree	f3042a795cff8aa037faa8c7d77e61d003af12d7	tree \| snapshot
parent	ed7b895f3efb5df184722f5a30f8164fcaffceb1	commit \| diff

x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path

Check whether the hypervisor reported the correct C-bit when running as
an SEV guest. Using a wrong C-bit position could be used to leak
sensitive data from the guest to the hypervisor.

The check function is in a separate file:

arch/x86/kernel/sev_verify_cbit.S

so that it can be re-used in the running kernel image.

[ bp: Massage. ]

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org

arch/x86/boot/compressed/ident_map_64.c		diff \| blob \| history
arch/x86/boot/compressed/mem_encrypt.S		diff \| blob \| history
arch/x86/boot/compressed/misc.h		diff \| blob \| history
arch/x86/kernel/sev_verify_cbit.S	[new file with mode: 0644]	blob