diff options
| author | Kirill A. Shutemov <kirill.shutemov@linux.intel.com> | 2022-02-22 21:57:40 +0300 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2022-02-23 21:14:29 +0300 |
| commit | b577f542f93cbba57f8d6185ef1fb13a41ddf162 (patch) | |
| tree | d64dab5aa4ad840955371fc024c3e0037929f682 /arch/x86/mm/mem_encrypt_amd.c | |
| parent | 655a0fa34b4f7ac6e2b1406fab15e52a7b6accb1 (diff) | |
| download | linux-b577f542f93cbba57f8d6185ef1fb13a41ddf162.tar.xz | |
x86/coco: Add API to handle encryption mask
AMD SME/SEV uses a bit in the page table entries to indicate that the
page is encrypted and not accessible to the VMM.
TDX uses a similar approach, but the polarity of the mask is opposite to
AMD: if the bit is set the page is accessible to VMM.
Provide vendor-neutral API to deal with the mask: cc_mkenc() and
cc_mkdec() modify given address to make it encrypted/decrypted. It can
be applied to phys_addr_t, pgprotval_t or page table entry value.
pgprot_encrypted() and pgprot_decrypted() reimplemented using new
helpers.
The implementation will be extended to cover TDX.
pgprot_decrypted() is used by drivers (i915, virtio_gpu, vfio).
cc_mkdec() called by pgprot_decrypted(). Export cc_mkdec().
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20220222185740.26228-5-kirill.shutemov@linux.intel.com
Diffstat (limited to 'arch/x86/mm/mem_encrypt_amd.c')
0 files changed, 0 insertions, 0 deletions