tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

x86/sev-es: Check required CPU features for SEV-ES

Make sure the machine supports RDRAND, otherwise there is no trusted
source of randomness in the system.

To also check this in the pre-decompression stage, make has_cpuflag()
not depend on CONFIG_RANDOMIZE_BASE anymore.

Signed-off-by: Martin Radev <martin.b.radev@gmail.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-73-joro@8bytes.org

authored by

Martin Radev and committed by
Borislav Petkov f5ed7775 39336f4f

+24 -6
-4
arch/x86/boot/compressed/cpuflags.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 - #ifdef CONFIG_RANDOMIZE_BASE 3 - 4 2 #include "../cpuflags.c" 5 3 6 4 bool has_cpuflag(int flag) ··· 7 9 8 10 return test_bit(flag, cpu.flags); 9 11 } 10 - 11 - #endif
+3 -2
arch/x86/boot/compressed/misc.h
··· 85 85 unsigned long *output, 86 86 unsigned long output_size, 87 87 unsigned long *virt_addr); 88 - /* cpuflags.c */ 89 - bool has_cpuflag(int flag); 90 88 #else 91 89 static inline void choose_random_location(unsigned long input, 92 90 unsigned long input_size, ··· 94 96 { 95 97 } 96 98 #endif 99 + 100 + /* cpuflags.c */ 101 + bool has_cpuflag(int flag); 97 102 98 103 #ifdef CONFIG_X86_64 99 104 extern int set_page_decrypted(unsigned long address);
+3
arch/x86/boot/compressed/sev-es.c
··· 145 145 if (!boot_ghcb) 146 146 return; 147 147 148 + if (!sev_es_check_cpu_features()) 149 + error("SEV-ES CPU Features missing."); 150 + 148 151 /* 149 152 * GHCB Page must be flushed from the cache and mapped encrypted again. 150 153 * Otherwise the running kernel will see strange cache effects when
+15
arch/x86/kernel/sev-es-shared.c
··· 9 9 * and is included directly into both code-bases. 10 10 */ 11 11 12 + #ifndef __BOOT_COMPRESSED 13 + #define error(v) pr_err(v) 14 + #define has_cpuflag(f) boot_cpu_has(f) 15 + #endif 16 + 17 + static bool __init sev_es_check_cpu_features(void) 18 + { 19 + if (!has_cpuflag(X86_FEATURE_RDRAND)) { 20 + error("RDRAND instruction not supported - no trusted source of randomness available\n"); 21 + return false; 22 + } 23 + 24 + return true; 25 + } 26 + 12 27 static void sev_es_terminate(unsigned int reason) 13 28 { 14 29 u64 val = GHCB_SEV_TERMINATE;
+3
arch/x86/kernel/sev-es.c
··· 665 665 if (!sev_es_active()) 666 666 return; 667 667 668 + if (!sev_es_check_cpu_features()) 669 + panic("SEV-ES CPU Features missing"); 670 + 668 671 /* Enable SEV-ES special handling */ 669 672 static_branch_enable(&sev_es_enable_key); 670 673