Index | Thread | Search

From:
Hans-Jörg Höxer <hshoexer@genua.de>
Subject:
SEV-ES guest: indicate SEV guestmode
To:
<tech@openbsd.org>
Date:
Wed, 25 Jun 2025 11:47:19 +0200

Download raw body.

Thread 
Hi,

prompted by bluhm@:  With this diff we show the SEV mode when we are a
SEV enabled guest.

Looks like this:

...
cpu0: cpuid 8000001F eax=30ffffb<SME,SEV,SEVES,SEVSNP,VMPL,RMPQUERY,VMPLSSS,SECT SC,TSCAUXVIRT,HWECACHECOH,REQ64BITHOST,RESTINJ,ALTINJ,DBGSTSW,IBSDISALLOW,VTE,VM GEXITPARAM,VTOMMSR,IBSVIRT,VMSARPROT,SMTPROT> ecx=3ee edx=50
cpu0: SEV-ES guest mode
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
...

Take care,
Hans-Joerg
----------------
commit aeb3588749276574bf83852b5a862c67700ff99e
Author: Hans-Joerg Hoexer <hshoexer@genua.de>
Date:   Fri Jul 5 12:33:02 2024 +0200

    SEV-ES guest: indicate SEV guestmode

diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c
index 923887fc826..b7947a1b897 100644
--- a/sys/arch/amd64/amd64/identcpu.c
+++ b/sys/arch/amd64/amd64/identcpu.c
@@ -712,6 +712,10 @@ identifycpu(struct cpu_info *ci)
 		    CPUID_AMDSEV_EDX_BITS);
 		amd64_pos_cbit = (ci->ci_feature_amdsev_ebx & 0x3f);
 		amd64_min_noes_asid = ci->ci_feature_amdsev_edx;
+		if (cpu_sev_guestmode && CPU_IS_PRIMARY(ci))
+			printf("\n%s: SEV%s guest mode", ci->ci_dev->dv_xname,
+			    ISSET(cpu_sev_guestmode, SEV_STAT_ES_ENABLED) ?
+			    "-ES" : "");
 	}
 
 	printf("\n");
diff --git a/sys/arch/amd64/amd64/locore0.S b/sys/arch/amd64/amd64/locore0.S
index 84cdc1f2061..ab8d1d1c978 100644
--- a/sys/arch/amd64/amd64/locore0.S
+++ b/sys/arch/amd64/amd64/locore0.S
@@ -348,8 +348,9 @@ cont:
 	/* Are we in guest mode with SEV enabled? */
 	movl	$MSR_SEV_STATUS, %ecx
 	rdmsr
-	andl	$SEV_STAT_ENABLED, %eax
+	testl	$SEV_STAT_ENABLED, %eax
 	jz	.Lno_sev
+	movl	%eax, RELOC(cpu_sev_guestmode)	/* we are a SEV-* guest */
 
 	/* Determine C bit position */
 	movl	%ebx, %ecx	/* %ebx from previous cpuid */
@@ -392,8 +393,6 @@ cont:
 	andl	%eax, RELOC(pg_frame + 4)	/* apply mask */
 	andl	%eax, RELOC(pg_lgframe + 4)
 
-	movl	$0x1, RELOC(cpu_sev_guestmode)	/* we are a SEV guest */
-
 .Lno_sev:
 
 	/*
diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h
index 8bd9385d4eb..462dcc3abf4 100644
--- a/sys/arch/amd64/include/specialreg.h
+++ b/sys/arch/amd64/include/specialreg.h
@@ -729,6 +729,7 @@
 
 #define MSR_SEV_STATUS	0xc0010131
 #define		SEV_STAT_ENABLED	0x00000001
+#define		SEV_STAT_ES_ENABLED	0x00000002
 
 #define	MSR_LS_CFG	0xc0011020
 #define		LS_CFG_DIS_LS2_SQUISH	0x02000000