Index | Thread | Search

From:
Mike Larkin <mlarkin@nested.page>
Subject:
Re: SEV-ES guest: indicate SEV guestmode
To:
tech@openbsd.org
Date:
Thu, 26 Jun 2025 01:44:23 -0700

Download raw body.

Thread 
On Wed, Jun 25, 2025 at 11:47:19AM +0200, Hans-Jörg Höxer wrote:
> Hi,
>
> prompted by bluhm@:  With this diff we show the SEV mode when we are a
> SEV enabled guest.
>
> Looks like this:
>
> ...
> cpu0: cpuid 8000001F eax=30ffffb<SME,SEV,SEVES,SEVSNP,VMPL,RMPQUERY,VMPLSSS,SECT SC,TSCAUXVIRT,HWECACHECOH,REQ64BITHOST,RESTINJ,ALTINJ,DBGSTSW,IBSDISALLOW,VTE,VM GEXITPARAM,VTOMMSR,IBSVIRT,VMSARPROT,SMTPROT> ecx=3ee edx=50
> cpu0: SEV-ES guest mode
> cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> ...
>
> Take care,
> Hans-Joerg

ok mlarkin

> ----------------
> commit aeb3588749276574bf83852b5a862c67700ff99e
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Fri Jul 5 12:33:02 2024 +0200
>
>     SEV-ES guest: indicate SEV guestmode
>
> diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c
> index 923887fc826..b7947a1b897 100644
> --- a/sys/arch/amd64/amd64/identcpu.c
> +++ b/sys/arch/amd64/amd64/identcpu.c
> @@ -712,6 +712,10 @@ identifycpu(struct cpu_info *ci)
>  		    CPUID_AMDSEV_EDX_BITS);
>  		amd64_pos_cbit = (ci->ci_feature_amdsev_ebx & 0x3f);
>  		amd64_min_noes_asid = ci->ci_feature_amdsev_edx;
> +		if (cpu_sev_guestmode && CPU_IS_PRIMARY(ci))
> +			printf("\n%s: SEV%s guest mode", ci->ci_dev->dv_xname,
> +			    ISSET(cpu_sev_guestmode, SEV_STAT_ES_ENABLED) ?
> +			    "-ES" : "");
>  	}
>
>  	printf("\n");
> diff --git a/sys/arch/amd64/amd64/locore0.S b/sys/arch/amd64/amd64/locore0.S
> index 84cdc1f2061..ab8d1d1c978 100644
> --- a/sys/arch/amd64/amd64/locore0.S
> +++ b/sys/arch/amd64/amd64/locore0.S
> @@ -348,8 +348,9 @@ cont:
>  	/* Are we in guest mode with SEV enabled? */
>  	movl	$MSR_SEV_STATUS, %ecx
>  	rdmsr
> -	andl	$SEV_STAT_ENABLED, %eax
> +	testl	$SEV_STAT_ENABLED, %eax
>  	jz	.Lno_sev
> +	movl	%eax, RELOC(cpu_sev_guestmode)	/* we are a SEV-* guest */
>
>  	/* Determine C bit position */
>  	movl	%ebx, %ecx	/* %ebx from previous cpuid */
> @@ -392,8 +393,6 @@ cont:
>  	andl	%eax, RELOC(pg_frame + 4)	/* apply mask */
>  	andl	%eax, RELOC(pg_lgframe + 4)
>
> -	movl	$0x1, RELOC(cpu_sev_guestmode)	/* we are a SEV guest */
> -
>  .Lno_sev:
>
>  	/*
> diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h
> index 8bd9385d4eb..462dcc3abf4 100644
> --- a/sys/arch/amd64/include/specialreg.h
> +++ b/sys/arch/amd64/include/specialreg.h
> @@ -729,6 +729,7 @@
>
>  #define MSR_SEV_STATUS	0xc0010131
>  #define		SEV_STAT_ENABLED	0x00000001
> +#define		SEV_STAT_ES_ENABLED	0x00000002
>
>  #define	MSR_LS_CFG	0xc0011020
>  #define		LS_CFG_DIS_LS2_SQUISH	0x02000000