From patchwork Tue May 31 19:39:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 12866080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2091DC433F5 for ; Tue, 31 May 2022 19:42:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347452AbiEaTme (ORCPT ); Tue, 31 May 2022 15:42:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347465AbiEaTl6 (ORCPT ); Tue, 31 May 2022 15:41:58 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A1919E9D3; Tue, 31 May 2022 12:41:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654026089; x=1685562089; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NVT6yPYXMw0rM3TBx6UWcRjC7iRWD3RVO0AAOiyEaeY=; b=V23rHj+rzwES/cwkD2BfIJ/uttiTF0SNWvF2rSxHrUpjCIwNTfXWpzh1 m5RKBvkFj2nJatC9X6yi1PQcfJGdK8oLE3Mt49MLLe8XkPKU75tSfROoo gG7NIiNzcqgz8+xGVPVf8N7lrTnACW1CevBusQa4wslZBM7Zh+V8v7y5j zRrA8ba65AcHd2Bv7zp5iAK5u2R9+8i03u8RBIlzFox4/1l7n9lyIkIzT CVPf+ETmUuldH8cPMyUVGb8w38/8Q7ih/atKgh3EXVFhdB3tlycEwZKn3 GhclrUDlYG0im7ROQsoFEF2LiQziN+KEIIWm3gTFt7usom9Sz5QRz2ol0 A==; X-IronPort-AV: E=McAfee;i="6400,9594,10364"; a="272935235" X-IronPort-AV: E=Sophos;i="5.91,266,1647327600"; d="scan'208";a="272935235" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2022 12:40:52 -0700 X-IronPort-AV: E=Sophos;i="5.91,266,1647327600"; d="scan'208";a="645164656" Received: from maciejwo-mobl1.ger.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.36.207]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2022 12:40:49 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com, kai.huang@intel.com Subject: [PATCH v4 17/22] x86/virt/tdx: Reserve TDX module global KeyID Date: Wed, 1 Jun 2022 07:39:40 +1200 Message-Id: <75a338a8625d42f4090c4e60aee59cb977ebabb4.1654025431.git.kai.huang@intel.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org TDX module initialization requires to use one TDX private KeyID as the global KeyID to protect the TDX module metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Keep the global KeyID as a static variable as KVM will need to use it too. Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 8d1a9ff7e7b5..7e5f685139fe 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -55,6 +55,9 @@ static struct tdsysinfo_struct tdx_sysinfo; static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT); static int tdx_cmr_num; +/* TDX module global KeyID. Used in TDH.SYS.CONFIG ABI. */ +static u32 tdx_global_keyid; + /* Detect whether CPU supports SEAM */ static int detect_seam(void) { @@ -996,6 +999,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EINVAL until all steps of TDX module initialization * process are done.