diff options
author | Joerg Roedel <jroedel@suse.de> | 2020-10-28 19:46:57 +0300 |
---|---|---|
committer | Borislav Petkov <bp@suse.de> | 2020-10-29 20:06:52 +0300 |
commit | 86ce43f7dde81562f58b24b426cef068bd9f7595 (patch) | |
tree | f3042a795cff8aa037faa8c7d77e61d003af12d7 /arch/x86/boot/compressed/misc.h | |
parent | ed7b895f3efb5df184722f5a30f8164fcaffceb1 (diff) | |
download | linux-86ce43f7dde81562f58b24b426cef068bd9f7595.tar.xz |
x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
Check whether the hypervisor reported the correct C-bit when running as
an SEV guest. Using a wrong C-bit position could be used to leak
sensitive data from the guest to the hypervisor.
The check function is in a separate file:
arch/x86/kernel/sev_verify_cbit.S
so that it can be re-used in the running kernel image.
[ bp: Massage. ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20201028164659.27002-4-joro@8bytes.org
Diffstat (limited to 'arch/x86/boot/compressed/misc.h')
-rw-r--r-- | arch/x86/boot/compressed/misc.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 6d31f1b4c4d1..d9a631c5973c 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -159,4 +159,6 @@ void boot_page_fault(void); void boot_stage1_vc(void); void boot_stage2_vc(void); +unsigned long sev_verify_cbit(unsigned long cr3); + #endif /* BOOT_COMPRESSED_MISC_H */ |