| Message ID | 20240829053748.8283-2-nikunj@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Enable Secure TSC for SEV-SNP | expand |
On Thu, Aug 29, 2024 at 11:07:44AM +0530, Nikunj A Dadhania wrote: > The Secure TSC feature for SEV-SNP allows guests to securely use the RDTSC > and RDTSCP instructions, ensuring that the parameters used cannot be > altered by the hypervisor once the guest is launched. More details in the > AMD64 APM Vol 2, Section "Secure TSC". > > Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> > --- > arch/x86/include/asm/cpufeatures.h | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index dd4682857c12..ed61549e8a11 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -444,6 +444,7 @@ > #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* VM Page Flush MSR is supported */ > #define X86_FEATURE_SEV_ES (19*32+ 3) /* "sev_es" AMD Secure Encrypted Virtualization - Encrypted State */ > #define X86_FEATURE_SEV_SNP (19*32+ 4) /* "sev_snp" AMD Secure Encrypted Virtualization - Secure Nested Paging */ > +#define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* "" AMD SEV-SNP Secure TSC */ There's a newline here on purpose - keep it. Also, you don't need "" anymore.
On 8/29/2024 6:52 PM, Borislav Petkov wrote: > On Thu, Aug 29, 2024 at 11:07:44AM +0530, Nikunj A Dadhania wrote: >> The Secure TSC feature for SEV-SNP allows guests to securely use the RDTSC >> and RDTSCP instructions, ensuring that the parameters used cannot be >> altered by the hypervisor once the guest is launched. More details in the >> AMD64 APM Vol 2, Section "Secure TSC". >> >> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> >> --- >> arch/x86/include/asm/cpufeatures.h | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h >> index dd4682857c12..ed61549e8a11 100644 >> --- a/arch/x86/include/asm/cpufeatures.h >> +++ b/arch/x86/include/asm/cpufeatures.h >> @@ -444,6 +444,7 @@ >> #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* VM Page Flush MSR is supported */ >> #define X86_FEATURE_SEV_ES (19*32+ 3) /* "sev_es" AMD Secure Encrypted Virtualization - Encrypted State */ >> #define X86_FEATURE_SEV_SNP (19*32+ 4) /* "sev_snp" AMD Secure Encrypted Virtualization - Secure Nested Paging */ >> +#define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* "" AMD SEV-SNP Secure TSC */ > > There's a newline here on purpose - keep it. Sure > Also, you don't need "" anymore. Ok, do we need to add an entry to tools/arch/x86/kcpuid/cpuid.csv ? Regards Nikunj
On Mon, Sep 02, 2024 at 09:46:57AM +0530, Nikunj A. Dadhania wrote:
> Ok, do we need to add an entry to tools/arch/x86/kcpuid/cpuid.csv ?
Already there:
# Leaf 8000001FH
# AMD encrypted memory capabilities enumeration (SME/SEV)
0x8000001f, 0, eax, 0, sme , Secure Memory Encryption supported
0x8000001f, 0, eax, 1, sev , Secure Encrypted Virtualization supported
0x8000001f, 0, eax, 2, vm_page_flush , VM Page Flush MSR (0xc001011e) available
0x8000001f, 0, eax, 3, sev_es , SEV Encrypted State supported
0x8000001f, 0, eax, 4, sev_nested_paging , SEV secure nested paging supported
0x8000001f, 0, eax, 5, vm_permission_levels , VMPL supported
0x8000001f, 0, eax, 6, rpmquery , RPMQUERY instruction supported
0x8000001f, 0, eax, 7, vmpl_sss , VMPL supervisor shadwo stack supported
0x8000001f, 0, eax, 8, secure_tsc , Secure TSC supported
^^^^
but in general if it is not there, most definitely.
This list should contain *all* CPUID definitions.
Thx.
On 9/2/2024 10:12 PM, Borislav Petkov wrote: > On Mon, Sep 02, 2024 at 09:46:57AM +0530, Nikunj A. Dadhania wrote: >> Ok, do we need to add an entry to tools/arch/x86/kcpuid/cpuid.csv ? > > Already there: Ah ok, in tip/master > 0x8000001f, 0, eax, 8, secure_tsc , Secure TSC supported > ^^^^ > > but in general if it is not there, most definitely. > > This list should contain *all* CPUID definitions. Sure Regards Nikunj
On Tue, Sep 03, 2024 at 11:13:45AM +0530, Nikunj A. Dadhania wrote:
> Ah ok, in tip/master
What else?
See, we document these things not to waste space on people's hdds:
Documentation/process/maintainer-tip.rst
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index dd4682857c12..ed61549e8a11 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -444,6 +444,7 @@ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* "sev_es" AMD Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_SEV_SNP (19*32+ 4) /* "sev_snp" AMD Secure Encrypted Virtualization - Secure Nested Paging */ +#define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* "" AMD SEV-SNP Secure TSC */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* AMD hardware-enforced cache coherency */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" AMD SEV-ES full debug state swap support */
The Secure TSC feature for SEV-SNP allows guests to securely use the RDTSC and RDTSCP instructions, ensuring that the parameters used cannot be altered by the hypervisor once the guest is launched. More details in the AMD64 APM Vol 2, Section "Secure TSC". Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+)