Download raw body.
[EXT] Re: AMD SEV: confidential autoconf whitelist
Hi,
On Tue, Sep 09, 2025 at 01:20:32PM +0200, Mark Kettenis wrote:
> > Date: Tue, 9 Sep 2025 11:42:38 +0200
> > From: Hans-Jörg Höxer <hshoexer@genua.de>
> >
> > Hi,
>
> Hey,
>
> > this is an updated diff that works well on vmd/vmm and linux/kvm hosts
> > with SEV-ES enabled guests.
> >
> > The previous discussion raised some questions, thanks for your input!
> > All in all we came to the conclusion to proceed with this approach.
> >
> > ok?
>
> Sorry, still a few comments.
no problem, comment inline
> > Take care,
> > HJ.
> > -------------------------------------------------------------------------
> >
> > commit 576036aa72fef155f1584690fab5bdfe018672b8
> > Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> > Date: Sat Aug 2 12:58:50 2025 +0200
> >
> > Whitelist devices in cfdrive for use when SEV is enabled
> >
> > Skip devices, that are not flagged for use with SEV. Hook into
> > config_search() and isascan().
> >
> > diff --git a/sys/arch/amd64/amd64/bios.c b/sys/arch/amd64/amd64/bios.c
> > index 3a264d09d5b..15dec870ba6 100644
> > --- a/sys/arch/amd64/amd64/bios.c
> > +++ b/sys/arch/amd64/amd64/bios.c
> > @@ -50,7 +50,7 @@ const struct cfattach bios_ca = {
> > };
> >
> > struct cfdriver bios_cd = {
> > - NULL, "bios", DV_DULL
> > + NULL, "bios", DV_DULL, CD_COCOVM
> > };
> >
> > struct smbios_entry smbios_entry;
> > diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
> > index 1287c610344..b8ad479cefa 100644
> > --- a/sys/arch/amd64/amd64/cpu.c
> > +++ b/sys/arch/amd64/amd64/cpu.c
> > @@ -445,7 +445,7 @@ const struct cfattach cpu_ca = {
> > };
> >
> > struct cfdriver cpu_cd = {
> > - NULL, "cpu", DV_DULL
> > + NULL, "cpu", DV_DULL, CD_COCOVM
> > };
> >
> > /*
> > diff --git a/sys/arch/amd64/amd64/ioapic.c b/sys/arch/amd64/amd64/ioapic.c
> > index 9989fdfeb29..40af6c4154d 100644
> > --- a/sys/arch/amd64/amd64/ioapic.c
> > +++ b/sys/arch/amd64/amd64/ioapic.c
> > @@ -231,7 +231,7 @@ const struct cfattach ioapic_ca = {
> > };
> >
> > struct cfdriver ioapic_cd = {
> > - NULL, "ioapic", DV_DULL
> > + NULL, "ioapic", DV_DULL, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
> > index 3462ac54559..7c540328d98 100644
> > --- a/sys/arch/amd64/amd64/machdep.c
> > +++ b/sys/arch/amd64/amd64/machdep.c
> > @@ -1474,6 +1474,8 @@ init_x86_64(paddr_t first_avail)
> > cpu_init_early_vctrap(first_avail);
> > first_avail += 2 * NBPG;
> > }
> > + if (ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED))
> > + boothowto |= RB_COCOVM;
> >
> > /*
> > * locore0 mapped 3 pages for use before the pmap is initialized
> > diff --git a/sys/arch/amd64/amd64/mainbus.c b/sys/arch/amd64/amd64/mainbus.c
> > index 030f0b1212f..f77a67f5517 100644
> > --- a/sys/arch/amd64/amd64/mainbus.c
> > +++ b/sys/arch/amd64/amd64/mainbus.c
> > @@ -83,7 +83,7 @@ const struct cfattach mainbus_ca = {
> > };
> >
> > struct cfdriver mainbus_cd = {
> > - NULL, "mainbus", DV_DULL
> > + NULL, "mainbus", DV_DULL, CD_COCOVM
> > };
> >
> > int mainbus_print(void *, const char *);
> > diff --git a/sys/arch/amd64/pci/acpipci.c b/sys/arch/amd64/pci/acpipci.c
> > index 5b07e2d3aba..81d8ad3ced0 100644
> > --- a/sys/arch/amd64/pci/acpipci.c
> > +++ b/sys/arch/amd64/pci/acpipci.c
> > @@ -76,7 +76,7 @@ const struct cfattach acpipci_ca = {
> > };
> >
> > struct cfdriver acpipci_cd = {
> > - NULL, "acpipci", DV_DULL
> > + NULL, "acpipci", DV_DULL, CD_COCOVM
> > };
> >
> > const char *acpipci_hids[] = {
> > diff --git a/sys/arch/amd64/pci/pchb.c b/sys/arch/amd64/pci/pchb.c
> > index 9b10011e2db..eb06df06b19 100644
> > --- a/sys/arch/amd64/pci/pchb.c
> > +++ b/sys/arch/amd64/pci/pchb.c
> > @@ -122,7 +122,7 @@ const struct cfattach pchb_ca = {
> > };
> >
> > struct cfdriver pchb_cd = {
> > - NULL, "pchb", DV_DULL
> > + NULL, "pchb", DV_DULL, CD_COCOVM
> > };
> >
> > int pchb_print(void *, const char *);
> > diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c
> > index 7bcf56cab49..bb3645528c9 100644
> > --- a/sys/dev/acpi/acpi.c
> > +++ b/sys/dev/acpi/acpi.c
> > @@ -184,7 +184,7 @@ struct acpi_softc *acpi_softc;
> > extern struct aml_node aml_root;
> >
> > struct cfdriver acpi_cd = {
> > - NULL, "acpi", DV_DULL
> > + NULL, "acpi", DV_DULL, CD_COCOVM
> > };
>
> I still think that by including acpi(4) in the list of allowed drivers
> you have included the driver with the largest possible attack surface.
> And our the AML interpreter code certainly isn't the best quality code
> in our tree.
I agree. However, right now we depend on acpi(4) to run on linux/kvm
hosts. It's ugly, but this configuration serves as a compromise for now.
> > uint8_t
> > diff --git a/sys/dev/acpi/acpicmos.c b/sys/dev/acpi/acpicmos.c
> > index 6e424e26530..068787c1922 100644
> > --- a/sys/dev/acpi/acpicmos.c
> > +++ b/sys/dev/acpi/acpicmos.c
> > @@ -37,7 +37,7 @@ const struct cfattach acpicmos_ca = {
> > };
> >
> > struct cfdriver acpicmos_cd = {
> > - NULL, "acpicmos", DV_DULL
> > + NULL, "acpicmos", DV_DULL, CD_COCOVM
> > };
> >
> > const char *acpicmos_hids[] = {
> > diff --git a/sys/dev/acpi/acpicpu_x86.c b/sys/dev/acpi/acpicpu_x86.c
> > index 15f0ceeaeae..a5ddc55b1b3 100644
> > --- a/sys/dev/acpi/acpicpu_x86.c
> > +++ b/sys/dev/acpi/acpicpu_x86.c
> > @@ -183,7 +183,7 @@ const struct cfattach acpicpu_ca = {
> > };
> >
> > struct cfdriver acpicpu_cd = {
> > - NULL, "acpicpu", DV_DULL
> > + NULL, "acpicpu", DV_DULL, CD_COCOVM
> > };
> >
> > const char *acpicpu_hids[] = {
> > diff --git a/sys/dev/acpi/acpihpet.c b/sys/dev/acpi/acpihpet.c
> > index dd992132678..dd25309c1c5 100644
> > --- a/sys/dev/acpi/acpihpet.c
> > +++ b/sys/dev/acpi/acpihpet.c
> > @@ -79,7 +79,7 @@ const struct cfattach acpihpet_ca = {
> > };
> >
> > struct cfdriver acpihpet_cd = {
> > - NULL, "acpihpet", DV_DULL
> > + NULL, "acpihpet", DV_DULL, CD_COCOVM
> > };
> >
> > uint64_t
> > diff --git a/sys/dev/acpi/acpimadt.c b/sys/dev/acpi/acpimadt.c
> > index 3faed32b355..6359ffd925b 100644
> > --- a/sys/dev/acpi/acpimadt.c
> > +++ b/sys/dev/acpi/acpimadt.c
> > @@ -48,7 +48,7 @@ const struct cfattach acpimadt_ca = {
> > };
> >
> > struct cfdriver acpimadt_cd = {
> > - NULL, "acpimadt", DV_DULL
> > + NULL, "acpimadt", DV_DULL, CD_COCOVM
> > };
> >
> > int acpimadt_validate(struct acpi_madt *);
> > diff --git a/sys/dev/acpi/acpimcfg.c b/sys/dev/acpi/acpimcfg.c
> > index f3e520882aa..b7df8a297a0 100644
> > --- a/sys/dev/acpi/acpimcfg.c
> > +++ b/sys/dev/acpi/acpimcfg.c
> > @@ -31,7 +31,7 @@ const struct cfattach acpimcfg_ca = {
> > };
> >
> > struct cfdriver acpimcfg_cd = {
> > - NULL, "acpimcfg", DV_DULL
> > + NULL, "acpimcfg", DV_DULL, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/dev/acpi/acpiprt.c b/sys/dev/acpi/acpiprt.c
> > index 39de79dcfca..1011ec68600 100644
> > --- a/sys/dev/acpi/acpiprt.c
> > +++ b/sys/dev/acpi/acpiprt.c
> > @@ -77,7 +77,7 @@ const struct cfattach acpiprt_ca = {
> > };
> >
> > struct cfdriver acpiprt_cd = {
> > - NULL, "acpiprt", DV_DULL
> > + NULL, "acpiprt", DV_DULL, CD_COCOVM
> > };
> >
> > void acpiprt_prt_add(struct acpiprt_softc *, struct aml_value *);
> > diff --git a/sys/dev/acpi/acpitimer.c b/sys/dev/acpi/acpitimer.c
> > index 11a8b9eccf3..498146a592e 100644
> > --- a/sys/dev/acpi/acpitimer.c
> > +++ b/sys/dev/acpi/acpitimer.c
> > @@ -55,7 +55,7 @@ const struct cfattach acpitimer_ca = {
> > };
> >
> > struct cfdriver acpitimer_cd = {
> > - NULL, "acpitimer", DV_DULL
> > + NULL, "acpitimer", DV_DULL, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/dev/efi/efi.c b/sys/dev/efi/efi.c
> > index 43a774253fa..e600a3b1e47 100644
> > --- a/sys/dev/efi/efi.c
> > +++ b/sys/dev/efi/efi.c
> > @@ -24,7 +24,7 @@
> > #include <machine/efivar.h>
> >
> > struct cfdriver efi_cd = {
> > - NULL, "efi", DV_DULL
> > + NULL, "efi", DV_DULL, CD_COCOVM
> > };
>
> What do you need efi(4) for? This driver will potentilly make runtime
> services calls that run code provided by the firmware. This is done
> with a somewhat restricted pmap. But the contents of that pmap are
> determined by the memory map provided by the firmware.
Right now, we need efi(4) to allow installboot(8) to use EFIIOC_VAR_SET.
efi(4) will be required for SEV-SNP in order to retrieve data from
SEV-enabled firmware, such as OVMF.
Again, this is somewhat a compromise to be able to move on.
> > int efiioc_get_table(struct efi_softc *sc, void *);
> > diff --git a/sys/dev/ic/com.c b/sys/dev/ic/com.c
> > index dd45e3c901c..da29f82243b 100644
> > --- a/sys/dev/ic/com.c
> > +++ b/sys/dev/ic/com.c
> > @@ -96,7 +96,7 @@ void compwroff(struct com_softc *);
> > void cominit(bus_space_tag_t, bus_space_handle_t, int, int);
> >
> > struct cfdriver com_cd = {
> > - NULL, "com", DV_TTY
> > + NULL, "com", DV_TTY, CD_COCOVM
> > };
> >
> > int comdefaultrate = TTYDEF_SPEED;
> > diff --git a/sys/dev/isa/isa.c b/sys/dev/isa/isa.c
> > index 2d11dc33a84..2a799f8a82a 100644
> > --- a/sys/dev/isa/isa.c
> > +++ b/sys/dev/isa/isa.c
> > @@ -62,6 +62,7 @@
> > #include <sys/malloc.h>
> > #include <sys/device.h>
> > #include <sys/extent.h>
> > +#include <sys/reboot.h>
> >
> > #include <dev/isa/isareg.h>
> > #include <dev/isa/isavar.h>
> > @@ -84,7 +85,7 @@ const struct cfattach isa_ca = {
> > };
> >
> > struct cfdriver isa_cd = {
> > - NULL, "isa", DV_DULL, CD_INDIRECT
> > + NULL, "isa", DV_DULL, CD_INDIRECT | CD_COCOVM
> > };
> >
> > int
> > @@ -218,6 +219,10 @@ isascan(struct device *parent, void *match)
> > ia.ipa_ndrq = 2;
> > ia.ia_delaybah = sc->sc_delaybah;
> >
> > + if (ISSET(boothowto, RB_COCOVM) &&
> > + !ISSET(cf->cf_driver->cd_mode, CD_COCOVM))
> > + return;
> > +
> > if (cf->cf_fstate == FSTATE_STAR) {
> > struct isa_attach_args ia2 = ia;
> >
> > diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c
> > index c0376842914..d7601dd976e 100644
> > --- a/sys/dev/pci/pci.c
> > +++ b/sys/dev/pci/pci.c
> > @@ -90,7 +90,7 @@ const struct cfattach pci_ca = {
> > };
> >
> > struct cfdriver pci_cd = {
> > - NULL, "pci", DV_DULL
> > + NULL, "pci", DV_DULL, CD_COCOVM
> > };
> >
> > int pci_ndomains;
> > diff --git a/sys/dev/pci/ppb.c b/sys/dev/pci/ppb.c
> > index cf7cb120cc1..f6ab05f9168 100644
> > --- a/sys/dev/pci/ppb.c
> > +++ b/sys/dev/pci/ppb.c
> > @@ -113,7 +113,7 @@ const struct cfattach ppb_ca = {
> > };
> >
> > struct cfdriver ppb_cd = {
> > - NULL, "ppb", DV_DULL
> > + NULL, "ppb", DV_DULL, CD_COCOVM
> > };
> >
> > void ppb_alloc_busrange(struct ppb_softc *, struct pci_attach_args *,
> > diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c
> > index a94945a8ea0..458f98c6a7a 100644
> > --- a/sys/dev/pv/if_vio.c
> > +++ b/sys/dev/pv/if_vio.c
> > @@ -382,7 +382,7 @@ const struct cfattach vio_ca = {
> > };
> >
> > struct cfdriver vio_cd = {
> > - NULL, "vio", DV_IFNET
> > + NULL, "vio", DV_IFNET, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/dev/pv/pvbus.c b/sys/dev/pv/pvbus.c
> > index 165fcc9fbff..a482072de4b 100644
> > --- a/sys/dev/pv/pvbus.c
> > +++ b/sys/dev/pv/pvbus.c
> > @@ -68,7 +68,8 @@ const struct cfattach pvbus_ca = {
> > struct cfdriver pvbus_cd = {
> > NULL,
> > "pvbus",
> > - DV_DULL
> > + DV_DULL,
> > + CD_COCOVM
> > };
> >
> > struct pvbus_type {
> > diff --git a/sys/dev/pv/pvclock.c b/sys/dev/pv/pvclock.c
> > index 89eff0ce248..fd69960ddda 100644
> > --- a/sys/dev/pv/pvclock.c
> > +++ b/sys/dev/pv/pvclock.c
> > @@ -125,7 +125,8 @@ const struct cfattach pvclock_ca = {
> > struct cfdriver pvclock_cd = {
> > NULL,
> > "pvclock",
> > - DV_DULL
> > + DV_DULL,
> > + CD_COCOVM
> > };
> >
> > struct timecounter pvclock_timecounter = {
> > diff --git a/sys/dev/pv/vioblk.c b/sys/dev/pv/vioblk.c
> > index 7f7a518332f..761ce73a847 100644
> > --- a/sys/dev/pv/vioblk.c
> > +++ b/sys/dev/pv/vioblk.c
> > @@ -146,7 +146,7 @@ const struct cfattach vioblk_ca = {
> > };
> >
> > struct cfdriver vioblk_cd = {
> > - NULL, "vioblk", DV_DULL
> > + NULL, "vioblk", DV_DULL, CD_COCOVM
> > };
> >
> > const struct scsi_adapter vioblk_switch = {
> > diff --git a/sys/dev/pv/viocon.c b/sys/dev/pv/viocon.c
> > index 95a1e875579..1d24074c54d 100644
> > --- a/sys/dev/pv/viocon.c
> > +++ b/sys/dev/pv/viocon.c
> > @@ -144,7 +144,7 @@ const struct cfattach viocon_ca = {
> > };
> >
> > struct cfdriver viocon_cd = {
> > - NULL, "viocon", DV_TTY
> > + NULL, "viocon", DV_TTY, CD_COCOVM
> > };
> >
> > static inline struct viocon_softc *
> > diff --git a/sys/dev/pv/viornd.c b/sys/dev/pv/viornd.c
> > index 484f7ce1be0..9eeb6115f3e 100644
> > --- a/sys/dev/pv/viornd.c
> > +++ b/sys/dev/pv/viornd.c
> > @@ -66,7 +66,7 @@ const struct cfattach viornd_ca = {
> > };
> >
> > struct cfdriver viornd_cd = {
> > - NULL, "viornd", DV_DULL
> > + NULL, "viornd", DV_DULL, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/dev/pv/virtio.c b/sys/dev/pv/virtio.c
> > index ac0432dc9f9..4a8d140f797 100644
> > --- a/sys/dev/pv/virtio.c
> > +++ b/sys/dev/pv/virtio.c
> > @@ -48,7 +48,7 @@ void vq_free_entry(struct virtqueue *, struct vq_entry *);
> > struct vq_entry *vq_alloc_entry(struct virtqueue *);
> >
> > struct cfdriver virtio_cd = {
> > - NULL, "virtio", DV_DULL
> > + NULL, "virtio", DV_DULL, CD_COCOVM
> > };
> >
> > static const char * const virtio_device_name[] = {
> > diff --git a/sys/dev/pv/vmmci.c b/sys/dev/pv/vmmci.c
> > index 984626393cd..18930c62766 100644
> > --- a/sys/dev/pv/vmmci.c
> > +++ b/sys/dev/pv/vmmci.c
> > @@ -72,7 +72,7 @@ const struct cfattach vmmci_ca = {
> > #define VMMCI_F_SYNCRTC (1ULL<<2)
> >
> > struct cfdriver vmmci_cd = {
> > - NULL, "vmmci", DV_DULL
> > + NULL, "vmmci", DV_DULL, CD_COCOVM
> > };
> >
> > int
> > diff --git a/sys/dev/softraid.c b/sys/dev/softraid.c
> > index c10ebeaaa93..41929692397 100644
> > --- a/sys/dev/softraid.c
> > +++ b/sys/dev/softraid.c
> > @@ -88,7 +88,7 @@ const struct cfattach softraid_ca = {
> > };
> >
> > struct cfdriver softraid_cd = {
> > - NULL, "softraid", DV_DULL
> > + NULL, "softraid", DV_DULL, CD_COCOVM
> > };
> >
> > /* scsi & discipline */
> > diff --git a/sys/dev/vscsi.c b/sys/dev/vscsi.c
> > index 31885a6b9c9..2e2deb25b1f 100644
> > --- a/sys/dev/vscsi.c
> > +++ b/sys/dev/vscsi.c
> > @@ -89,7 +89,8 @@ const struct cfattach vscsi_ca = {
> > struct cfdriver vscsi_cd = {
> > NULL,
> > "vscsi",
> > - DV_DULL
> > + DV_DULL,
> > + CD_COCOVM
> > };
> >
> > void vscsi_cmd(struct scsi_xfer *);
> > diff --git a/sys/kern/subr_autoconf.c b/sys/kern/subr_autoconf.c
> > index 41633140dc6..eec9eef15ce 100644
> > --- a/sys/kern/subr_autoconf.c
> > +++ b/sys/kern/subr_autoconf.c
> > @@ -216,6 +216,9 @@ config_search(cfmatch_t fn, struct device *parent, void *aux)
> > if (cf->cf_driver->cd_class == DV_TAPE)
> > continue;
> > }
> > + if (ISSET(boothowto, RB_COCOVM) &&
> > + !ISSET(cf->cf_driver->cd_mode, CD_COCOVM))
> > + continue;
> > for (p = cf->cf_parents; *p >= 0; p++)
> > if (parent->dv_cfdata == &cfdata[*p])
> > mapply(&m, cf);
> > diff --git a/sys/scsi/mpath.c b/sys/scsi/mpath.c
> > index c94a4ff5cf7..090c78c35f1 100644
> > --- a/sys/scsi/mpath.c
> > +++ b/sys/scsi/mpath.c
> > @@ -79,7 +79,8 @@ const struct cfattach mpath_ca = {
> > struct cfdriver mpath_cd = {
> > NULL,
> > "mpath",
> > - DV_DULL
> > + DV_DULL,
> > + CD_COCOVM
> > };
> >
> > void mpath_cmd(struct scsi_xfer *);
> > diff --git a/sys/scsi/scsiconf.c b/sys/scsi/scsiconf.c
> > index 495020a23a3..2f9ab1b15d0 100644
> > --- a/sys/scsi/scsiconf.c
> > +++ b/sys/scsi/scsiconf.c
> > @@ -102,7 +102,7 @@ const struct cfattach scsibus_ca = {
> > };
> >
> > struct cfdriver scsibus_cd = {
> > - NULL, "scsibus", DV_DULL
> > + NULL, "scsibus", DV_DULL, CD_COCOVM
> > };
> >
> > struct scsi_quirk_inquiry_pattern {
> > diff --git a/sys/scsi/sd.c b/sys/scsi/sd.c
> > index 9b02314c679..085ad01cd78 100644
> > --- a/sys/scsi/sd.c
> > +++ b/sys/scsi/sd.c
> > @@ -116,7 +116,7 @@ const struct cfattach sd_ca = {
> > };
> >
> > struct cfdriver sd_cd = {
> > - NULL, "sd", DV_DISK
> > + NULL, "sd", DV_DISK, CD_COCOVM
> > };
> >
> > const struct scsi_inquiry_pattern sd_patterns[] = {
> > diff --git a/sys/sys/device.h b/sys/sys/device.h
> > index 5dccec16cf8..2c4171017ec 100644
> > --- a/sys/sys/device.h
> > +++ b/sys/sys/device.h
> > @@ -139,6 +139,7 @@ struct cfattach {
> > /* For cd_mode, below */
> > #define CD_INDIRECT 1
> > #define CD_SKIPHIBERNATE 2
> > +#define CD_COCOVM 4
>
> VMs defenitely taste better with chocolate, but can we maybe have a
> comment here as well like you have for RB_COCOVM?
heh, for sure! Updated diff below.
> > struct cfdriver {
> > void **cd_devs; /* devices found */
> > diff --git a/sys/sys/reboot.h b/sys/sys/reboot.h
> > index bf3e7f82680..1998f21691b 100644
> > --- a/sys/sys/reboot.h
> > +++ b/sys/sys/reboot.h
> > @@ -59,6 +59,7 @@
> > #define RB_RESET 0x08000 /* just reset, no cleanup */
> > #define RB_GOODRANDOM 0x10000 /* excellent random seed loaded */
> > #define RB_UNHIBERNATE 0x20000 /* unhibernate */
> > +#define RB_COCOVM 0x40000 /* VM booting with SEV enabled */
> >
> > /*
> > * Constants for converting boot-style device number to type,
> >
------------------------------------------------------------------
commit 336adc09ff764a02b44c771b81f7bec639b7365d
Author: Hans-Joerg Hoexer <hshoexer@genua.de>
Date: Sat Aug 2 12:58:50 2025 +0200
Whitelist devices in cfdriver for use when SEV is enabled
Skip devices, that are not flagged for use with SEV. Hook into
config_search() and isascan().
To be a bit more generic prefer "COCO" (confidential computing)
over "SEV" (AMD specific term).
diff --git a/sys/arch/amd64/amd64/bios.c b/sys/arch/amd64/amd64/bios.c
index 3a264d09d5b..15dec870ba6 100644
--- a/sys/arch/amd64/amd64/bios.c
+++ b/sys/arch/amd64/amd64/bios.c
@@ -50,7 +50,7 @@ const struct cfattach bios_ca = {
};
struct cfdriver bios_cd = {
- NULL, "bios", DV_DULL
+ NULL, "bios", DV_DULL, CD_COCOVM
};
struct smbios_entry smbios_entry;
diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
index 1287c610344..b8ad479cefa 100644
--- a/sys/arch/amd64/amd64/cpu.c
+++ b/sys/arch/amd64/amd64/cpu.c
@@ -445,7 +445,7 @@ const struct cfattach cpu_ca = {
};
struct cfdriver cpu_cd = {
- NULL, "cpu", DV_DULL
+ NULL, "cpu", DV_DULL, CD_COCOVM
};
/*
diff --git a/sys/arch/amd64/amd64/ioapic.c b/sys/arch/amd64/amd64/ioapic.c
index e85934c8c8d..7a52d443336 100644
--- a/sys/arch/amd64/amd64/ioapic.c
+++ b/sys/arch/amd64/amd64/ioapic.c
@@ -224,7 +224,7 @@ const struct cfattach ioapic_ca = {
};
struct cfdriver ioapic_cd = {
- NULL, "ioapic", DV_DULL
+ NULL, "ioapic", DV_DULL, CD_COCOVM
};
int
diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index 3462ac54559..7c540328d98 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -1474,6 +1474,8 @@ init_x86_64(paddr_t first_avail)
cpu_init_early_vctrap(first_avail);
first_avail += 2 * NBPG;
}
+ if (ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED))
+ boothowto |= RB_COCOVM;
/*
* locore0 mapped 3 pages for use before the pmap is initialized
diff --git a/sys/arch/amd64/amd64/mainbus.c b/sys/arch/amd64/amd64/mainbus.c
index 030f0b1212f..f77a67f5517 100644
--- a/sys/arch/amd64/amd64/mainbus.c
+++ b/sys/arch/amd64/amd64/mainbus.c
@@ -83,7 +83,7 @@ const struct cfattach mainbus_ca = {
};
struct cfdriver mainbus_cd = {
- NULL, "mainbus", DV_DULL
+ NULL, "mainbus", DV_DULL, CD_COCOVM
};
int mainbus_print(void *, const char *);
diff --git a/sys/arch/amd64/pci/acpipci.c b/sys/arch/amd64/pci/acpipci.c
index 5b07e2d3aba..81d8ad3ced0 100644
--- a/sys/arch/amd64/pci/acpipci.c
+++ b/sys/arch/amd64/pci/acpipci.c
@@ -76,7 +76,7 @@ const struct cfattach acpipci_ca = {
};
struct cfdriver acpipci_cd = {
- NULL, "acpipci", DV_DULL
+ NULL, "acpipci", DV_DULL, CD_COCOVM
};
const char *acpipci_hids[] = {
diff --git a/sys/arch/amd64/pci/pchb.c b/sys/arch/amd64/pci/pchb.c
index 9b10011e2db..eb06df06b19 100644
--- a/sys/arch/amd64/pci/pchb.c
+++ b/sys/arch/amd64/pci/pchb.c
@@ -122,7 +122,7 @@ const struct cfattach pchb_ca = {
};
struct cfdriver pchb_cd = {
- NULL, "pchb", DV_DULL
+ NULL, "pchb", DV_DULL, CD_COCOVM
};
int pchb_print(void *, const char *);
diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c
index 1a69176e6f7..b9931e25344 100644
--- a/sys/dev/acpi/acpi.c
+++ b/sys/dev/acpi/acpi.c
@@ -184,7 +184,7 @@ struct acpi_softc *acpi_softc;
extern struct aml_node aml_root;
struct cfdriver acpi_cd = {
- NULL, "acpi", DV_DULL
+ NULL, "acpi", DV_DULL, CD_COCOVM
};
uint8_t
diff --git a/sys/dev/acpi/acpicmos.c b/sys/dev/acpi/acpicmos.c
index 6e424e26530..068787c1922 100644
--- a/sys/dev/acpi/acpicmos.c
+++ b/sys/dev/acpi/acpicmos.c
@@ -37,7 +37,7 @@ const struct cfattach acpicmos_ca = {
};
struct cfdriver acpicmos_cd = {
- NULL, "acpicmos", DV_DULL
+ NULL, "acpicmos", DV_DULL, CD_COCOVM
};
const char *acpicmos_hids[] = {
diff --git a/sys/dev/acpi/acpicpu_x86.c b/sys/dev/acpi/acpicpu_x86.c
index 15f0ceeaeae..a5ddc55b1b3 100644
--- a/sys/dev/acpi/acpicpu_x86.c
+++ b/sys/dev/acpi/acpicpu_x86.c
@@ -183,7 +183,7 @@ const struct cfattach acpicpu_ca = {
};
struct cfdriver acpicpu_cd = {
- NULL, "acpicpu", DV_DULL
+ NULL, "acpicpu", DV_DULL, CD_COCOVM
};
const char *acpicpu_hids[] = {
diff --git a/sys/dev/acpi/acpihpet.c b/sys/dev/acpi/acpihpet.c
index dd992132678..dd25309c1c5 100644
--- a/sys/dev/acpi/acpihpet.c
+++ b/sys/dev/acpi/acpihpet.c
@@ -79,7 +79,7 @@ const struct cfattach acpihpet_ca = {
};
struct cfdriver acpihpet_cd = {
- NULL, "acpihpet", DV_DULL
+ NULL, "acpihpet", DV_DULL, CD_COCOVM
};
uint64_t
diff --git a/sys/dev/acpi/acpimadt.c b/sys/dev/acpi/acpimadt.c
index c78a482f51b..6cf314d662d 100644
--- a/sys/dev/acpi/acpimadt.c
+++ b/sys/dev/acpi/acpimadt.c
@@ -48,7 +48,7 @@ const struct cfattach acpimadt_ca = {
};
struct cfdriver acpimadt_cd = {
- NULL, "acpimadt", DV_DULL
+ NULL, "acpimadt", DV_DULL, CD_COCOVM
};
int acpimadt_validate(struct acpi_madt *);
diff --git a/sys/dev/acpi/acpimcfg.c b/sys/dev/acpi/acpimcfg.c
index f3e520882aa..b7df8a297a0 100644
--- a/sys/dev/acpi/acpimcfg.c
+++ b/sys/dev/acpi/acpimcfg.c
@@ -31,7 +31,7 @@ const struct cfattach acpimcfg_ca = {
};
struct cfdriver acpimcfg_cd = {
- NULL, "acpimcfg", DV_DULL
+ NULL, "acpimcfg", DV_DULL, CD_COCOVM
};
int
diff --git a/sys/dev/acpi/acpiprt.c b/sys/dev/acpi/acpiprt.c
index 39de79dcfca..1011ec68600 100644
--- a/sys/dev/acpi/acpiprt.c
+++ b/sys/dev/acpi/acpiprt.c
@@ -77,7 +77,7 @@ const struct cfattach acpiprt_ca = {
};
struct cfdriver acpiprt_cd = {
- NULL, "acpiprt", DV_DULL
+ NULL, "acpiprt", DV_DULL, CD_COCOVM
};
void acpiprt_prt_add(struct acpiprt_softc *, struct aml_value *);
diff --git a/sys/dev/acpi/acpitimer.c b/sys/dev/acpi/acpitimer.c
index 11a8b9eccf3..498146a592e 100644
--- a/sys/dev/acpi/acpitimer.c
+++ b/sys/dev/acpi/acpitimer.c
@@ -55,7 +55,7 @@ const struct cfattach acpitimer_ca = {
};
struct cfdriver acpitimer_cd = {
- NULL, "acpitimer", DV_DULL
+ NULL, "acpitimer", DV_DULL, CD_COCOVM
};
int
diff --git a/sys/dev/efi/efi.c b/sys/dev/efi/efi.c
index 43a774253fa..e600a3b1e47 100644
--- a/sys/dev/efi/efi.c
+++ b/sys/dev/efi/efi.c
@@ -24,7 +24,7 @@
#include <machine/efivar.h>
struct cfdriver efi_cd = {
- NULL, "efi", DV_DULL
+ NULL, "efi", DV_DULL, CD_COCOVM
};
int efiioc_get_table(struct efi_softc *sc, void *);
diff --git a/sys/dev/ic/com.c b/sys/dev/ic/com.c
index dd45e3c901c..da29f82243b 100644
--- a/sys/dev/ic/com.c
+++ b/sys/dev/ic/com.c
@@ -96,7 +96,7 @@ void compwroff(struct com_softc *);
void cominit(bus_space_tag_t, bus_space_handle_t, int, int);
struct cfdriver com_cd = {
- NULL, "com", DV_TTY
+ NULL, "com", DV_TTY, CD_COCOVM
};
int comdefaultrate = TTYDEF_SPEED;
diff --git a/sys/dev/isa/isa.c b/sys/dev/isa/isa.c
index 2d11dc33a84..2a799f8a82a 100644
--- a/sys/dev/isa/isa.c
+++ b/sys/dev/isa/isa.c
@@ -62,6 +62,7 @@
#include <sys/malloc.h>
#include <sys/device.h>
#include <sys/extent.h>
+#include <sys/reboot.h>
#include <dev/isa/isareg.h>
#include <dev/isa/isavar.h>
@@ -84,7 +85,7 @@ const struct cfattach isa_ca = {
};
struct cfdriver isa_cd = {
- NULL, "isa", DV_DULL, CD_INDIRECT
+ NULL, "isa", DV_DULL, CD_INDIRECT | CD_COCOVM
};
int
@@ -218,6 +219,10 @@ isascan(struct device *parent, void *match)
ia.ipa_ndrq = 2;
ia.ia_delaybah = sc->sc_delaybah;
+ if (ISSET(boothowto, RB_COCOVM) &&
+ !ISSET(cf->cf_driver->cd_mode, CD_COCOVM))
+ return;
+
if (cf->cf_fstate == FSTATE_STAR) {
struct isa_attach_args ia2 = ia;
diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c
index c0376842914..d7601dd976e 100644
--- a/sys/dev/pci/pci.c
+++ b/sys/dev/pci/pci.c
@@ -90,7 +90,7 @@ const struct cfattach pci_ca = {
};
struct cfdriver pci_cd = {
- NULL, "pci", DV_DULL
+ NULL, "pci", DV_DULL, CD_COCOVM
};
int pci_ndomains;
diff --git a/sys/dev/pci/ppb.c b/sys/dev/pci/ppb.c
index cf7cb120cc1..f6ab05f9168 100644
--- a/sys/dev/pci/ppb.c
+++ b/sys/dev/pci/ppb.c
@@ -113,7 +113,7 @@ const struct cfattach ppb_ca = {
};
struct cfdriver ppb_cd = {
- NULL, "ppb", DV_DULL
+ NULL, "ppb", DV_DULL, CD_COCOVM
};
void ppb_alloc_busrange(struct ppb_softc *, struct pci_attach_args *,
diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c
index a94945a8ea0..458f98c6a7a 100644
--- a/sys/dev/pv/if_vio.c
+++ b/sys/dev/pv/if_vio.c
@@ -382,7 +382,7 @@ const struct cfattach vio_ca = {
};
struct cfdriver vio_cd = {
- NULL, "vio", DV_IFNET
+ NULL, "vio", DV_IFNET, CD_COCOVM
};
int
diff --git a/sys/dev/pv/pvbus.c b/sys/dev/pv/pvbus.c
index 165fcc9fbff..a482072de4b 100644
--- a/sys/dev/pv/pvbus.c
+++ b/sys/dev/pv/pvbus.c
@@ -68,7 +68,8 @@ const struct cfattach pvbus_ca = {
struct cfdriver pvbus_cd = {
NULL,
"pvbus",
- DV_DULL
+ DV_DULL,
+ CD_COCOVM
};
struct pvbus_type {
diff --git a/sys/dev/pv/pvclock.c b/sys/dev/pv/pvclock.c
index 89eff0ce248..fd69960ddda 100644
--- a/sys/dev/pv/pvclock.c
+++ b/sys/dev/pv/pvclock.c
@@ -125,7 +125,8 @@ const struct cfattach pvclock_ca = {
struct cfdriver pvclock_cd = {
NULL,
"pvclock",
- DV_DULL
+ DV_DULL,
+ CD_COCOVM
};
struct timecounter pvclock_timecounter = {
diff --git a/sys/dev/pv/vioblk.c b/sys/dev/pv/vioblk.c
index 7f7a518332f..761ce73a847 100644
--- a/sys/dev/pv/vioblk.c
+++ b/sys/dev/pv/vioblk.c
@@ -146,7 +146,7 @@ const struct cfattach vioblk_ca = {
};
struct cfdriver vioblk_cd = {
- NULL, "vioblk", DV_DULL
+ NULL, "vioblk", DV_DULL, CD_COCOVM
};
const struct scsi_adapter vioblk_switch = {
diff --git a/sys/dev/pv/viocon.c b/sys/dev/pv/viocon.c
index 95a1e875579..1d24074c54d 100644
--- a/sys/dev/pv/viocon.c
+++ b/sys/dev/pv/viocon.c
@@ -144,7 +144,7 @@ const struct cfattach viocon_ca = {
};
struct cfdriver viocon_cd = {
- NULL, "viocon", DV_TTY
+ NULL, "viocon", DV_TTY, CD_COCOVM
};
static inline struct viocon_softc *
diff --git a/sys/dev/pv/viornd.c b/sys/dev/pv/viornd.c
index 484f7ce1be0..9eeb6115f3e 100644
--- a/sys/dev/pv/viornd.c
+++ b/sys/dev/pv/viornd.c
@@ -66,7 +66,7 @@ const struct cfattach viornd_ca = {
};
struct cfdriver viornd_cd = {
- NULL, "viornd", DV_DULL
+ NULL, "viornd", DV_DULL, CD_COCOVM
};
int
diff --git a/sys/dev/pv/virtio.c b/sys/dev/pv/virtio.c
index ac0432dc9f9..4a8d140f797 100644
--- a/sys/dev/pv/virtio.c
+++ b/sys/dev/pv/virtio.c
@@ -48,7 +48,7 @@ void vq_free_entry(struct virtqueue *, struct vq_entry *);
struct vq_entry *vq_alloc_entry(struct virtqueue *);
struct cfdriver virtio_cd = {
- NULL, "virtio", DV_DULL
+ NULL, "virtio", DV_DULL, CD_COCOVM
};
static const char * const virtio_device_name[] = {
diff --git a/sys/dev/pv/vmmci.c b/sys/dev/pv/vmmci.c
index 984626393cd..18930c62766 100644
--- a/sys/dev/pv/vmmci.c
+++ b/sys/dev/pv/vmmci.c
@@ -72,7 +72,7 @@ const struct cfattach vmmci_ca = {
#define VMMCI_F_SYNCRTC (1ULL<<2)
struct cfdriver vmmci_cd = {
- NULL, "vmmci", DV_DULL
+ NULL, "vmmci", DV_DULL, CD_COCOVM
};
int
diff --git a/sys/dev/softraid.c b/sys/dev/softraid.c
index c10ebeaaa93..41929692397 100644
--- a/sys/dev/softraid.c
+++ b/sys/dev/softraid.c
@@ -88,7 +88,7 @@ const struct cfattach softraid_ca = {
};
struct cfdriver softraid_cd = {
- NULL, "softraid", DV_DULL
+ NULL, "softraid", DV_DULL, CD_COCOVM
};
/* scsi & discipline */
diff --git a/sys/dev/vscsi.c b/sys/dev/vscsi.c
index 31885a6b9c9..2e2deb25b1f 100644
--- a/sys/dev/vscsi.c
+++ b/sys/dev/vscsi.c
@@ -89,7 +89,8 @@ const struct cfattach vscsi_ca = {
struct cfdriver vscsi_cd = {
NULL,
"vscsi",
- DV_DULL
+ DV_DULL,
+ CD_COCOVM
};
void vscsi_cmd(struct scsi_xfer *);
diff --git a/sys/kern/subr_autoconf.c b/sys/kern/subr_autoconf.c
index 41633140dc6..eec9eef15ce 100644
--- a/sys/kern/subr_autoconf.c
+++ b/sys/kern/subr_autoconf.c
@@ -216,6 +216,9 @@ config_search(cfmatch_t fn, struct device *parent, void *aux)
if (cf->cf_driver->cd_class == DV_TAPE)
continue;
}
+ if (ISSET(boothowto, RB_COCOVM) &&
+ !ISSET(cf->cf_driver->cd_mode, CD_COCOVM))
+ continue;
for (p = cf->cf_parents; *p >= 0; p++)
if (parent->dv_cfdata == &cfdata[*p])
mapply(&m, cf);
diff --git a/sys/scsi/mpath.c b/sys/scsi/mpath.c
index c94a4ff5cf7..090c78c35f1 100644
--- a/sys/scsi/mpath.c
+++ b/sys/scsi/mpath.c
@@ -79,7 +79,8 @@ const struct cfattach mpath_ca = {
struct cfdriver mpath_cd = {
NULL,
"mpath",
- DV_DULL
+ DV_DULL,
+ CD_COCOVM
};
void mpath_cmd(struct scsi_xfer *);
diff --git a/sys/scsi/scsiconf.c b/sys/scsi/scsiconf.c
index 495020a23a3..2f9ab1b15d0 100644
--- a/sys/scsi/scsiconf.c
+++ b/sys/scsi/scsiconf.c
@@ -102,7 +102,7 @@ const struct cfattach scsibus_ca = {
};
struct cfdriver scsibus_cd = {
- NULL, "scsibus", DV_DULL
+ NULL, "scsibus", DV_DULL, CD_COCOVM
};
struct scsi_quirk_inquiry_pattern {
diff --git a/sys/scsi/sd.c b/sys/scsi/sd.c
index 9b02314c679..085ad01cd78 100644
--- a/sys/scsi/sd.c
+++ b/sys/scsi/sd.c
@@ -116,7 +116,7 @@ const struct cfattach sd_ca = {
};
struct cfdriver sd_cd = {
- NULL, "sd", DV_DISK
+ NULL, "sd", DV_DISK, CD_COCOVM
};
const struct scsi_inquiry_pattern sd_patterns[] = {
diff --git a/sys/sys/device.h b/sys/sys/device.h
index 5dccec16cf8..43b5f79bed5 100644
--- a/sys/sys/device.h
+++ b/sys/sys/device.h
@@ -139,6 +139,9 @@ struct cfattach {
/* For cd_mode, below */
#define CD_INDIRECT 1
#define CD_SKIPHIBERNATE 2
+#define CD_COCOVM 4 /* Allow a device on a VM employing
+ * confidential computing methods,
+ * e.g. AMD SEV. */
struct cfdriver {
void **cd_devs; /* devices found */
diff --git a/sys/sys/reboot.h b/sys/sys/reboot.h
index bf3e7f82680..ae150e5ed60 100644
--- a/sys/sys/reboot.h
+++ b/sys/sys/reboot.h
@@ -59,6 +59,7 @@
#define RB_RESET 0x08000 /* just reset, no cleanup */
#define RB_GOODRANDOM 0x10000 /* excellent random seed loaded */
#define RB_UNHIBERNATE 0x20000 /* unhibernate */
+#define RB_COCOVM 0x40000 /* confidential VM booting (e.g. SEV enabled)
/*
* Constants for converting boot-style device number to type,
[EXT] Re: AMD SEV: confidential autoconf whitelist