Index | Thread | Search

From:
Jonathan Gray <jsg@jsg.id.au>
Subject:
Re: kern/SEV: Allow boot on QEMU with SEV
To:
Hans-Jörg Höxer <Hans-Joerg_Hoexer@genua.de>
Cc:
tech@openbsd.org
Date:
Tue, 1 Oct 2024 22:00:32 +1000

Download raw body.

Thread 
On Tue, Oct 01, 2024 at 01:43:28PM +0200, Hans-Jörg Höxer wrote:
> Hi,
> 
> when booting an SEV enabled kernel on QEMU we noticed, that QEMU does not
> annouce SME, only SEV.  I think this is reasonable, as SME is an orthogonal
> mechanism to SEV.  Therefore do not depend on SME when checking for SEV.

ok jsg@ if the comments are changed to remove SME:

	 * Determine AMD SME and SEV capabilities.
	/* AMD CPU, check for SME and SEV. */

> 
> >From Sebastian Sturm <ssturm@genua.de>
> 
> Take care,
> HJ.
> -----------------------------------------------------------------------
> commit 0495938dc80a047cace3cd282593256dbe51022d
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Thu Sep 12 13:08:17 2024 +0200
> 
>     kern: Enable booting with SEV on QEMU
>     
>     QEMU does not forward the SME feature if SEV is enabled. This removes
>     the requirement for SME in the x64 boot code.
>     
>     From Sebastian Sturm <ssturm@genua.de>.
> 
> diff --git a/sys/arch/amd64/amd64/locore0.S b/sys/arch/amd64/amd64/locore0.S
> index bc45eee7a09..ff9548c8b5d 100644
> --- a/sys/arch/amd64/amd64/locore0.S
> +++ b/sys/arch/amd64/amd64/locore0.S
> @@ -273,33 +273,29 @@ cont:
>  	 */
>  	movl	$RELOC(cpu_vendor),%ebp
>  	cmpl $0x68747541, (%ebp)	/* "Auth" */
> -	jne	.Lno_smesev
> +	jne	.Lno_sev
>  	cmpl $0x69746e65, 4(%ebp)	/* "enti" */
> -	jne	.Lno_smesev
> +	jne	.Lno_sev
>  	cmpl $0x444d4163, 8(%ebp)	/* "cAMD" */
> -	jne	.Lno_smesev
> +	jne	.Lno_sev
>  
>  	/* AMD CPU, check for SME and SEV. */
>  	movl	$0x8000001f, %eax
>  	cpuid
> -	pushl	%eax
> -	andl	$CPUIDEAX_SME, %eax	/* SME */
> -	popl	%eax
> -	jz	.Lno_smesev
>  	andl	$CPUIDEAX_SEV, %eax	/* SEV */
> -	jz	.Lno_smesev
> +	jz	.Lno_sev
>  
>  	/* Are we in guest mode with SEV enabled? */
>  	movl	$MSR_SEV_STATUS, %ecx
>  	rdmsr
>  	andl	$SEV_STAT_ENABLED, %eax
> -	jz	.Lno_smesev
> +	jz	.Lno_sev
>  
>  	/* Determine C bit position */
>  	movl	%ebx, %ecx	/* %ebx from previous cpuid */
>  	andl	$0x3f, %ecx
>  	cmpl	$0x20, %ecx	/* must be at least bit 32 (counting from 0) */
> -	jl	.Lno_smesev
> +	jl	.Lno_sev
>  	xorl	%eax, %eax
>  	movl	%eax, RELOC(pg_crypt)
>  	subl	$0x20, %ecx
> @@ -338,7 +334,7 @@ cont:
>  
>  	movl	$0x1, RELOC(cpu_sev_guestmode)	/* we are a SEV guest */
>  
> -.Lno_smesev:
> +.Lno_sev:
>  
>  	/*
>  	 * Finished with old stack; load new %esp now instead of later so we