diff options
| author | Ashish Kalra <ashish.kalra@amd.com> | 2022-10-07 19:24:31 +0000 |
|---|---|---|
| committer | Ashish Kalra <ashish.kalra@amd.com> | 2022-10-07 20:12:50 +0000 |
| commit | e056906564c361da3e2f5454dd8e9906a0348f6e (patch) | |
| tree | 1dfc70a02f0ac70b2f1aa49ca54484158b25f09a /scripts/stackusage | |
| parent | cef6e5b1b2f2f895cec9cf886f282e10cffcc2ab (diff) | |
| download | cachepc-linux-e056906564c361da3e2f5454dd8e9906a0348f6e.tar.gz cachepc-linux-e056906564c361da3e2f5454dd8e9906a0348f6e.zip | |
crypto: ccp: Add SNP_INIT_EX support to initialize the AMD-SP for SEV-SNP
During the execution of SNP_INIT command, the firmware configures
and enables SNP security policy enforcement in many system components.
Some system components write to regions of memory reserved by early
x86 firmware (e.g. UEFI). Other system components write to regions
provided by the operation system, hypervisor, or x86 firmware.
Such system components can only write to HV-fixed pages or Default pages.
They will error when attempting to write to other page states after
SNP_INIT enables their SNP enforcement.
Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list of
system physical address ranges to convert into the HV-fixed page states
during the RMP initialization. If INIT_RMP is 1, hypervisors should
provide all system physical address ranges that the hypervisor will
never assign to a guest until the next RMP re-initialization.
For instance, the memory that UEFI reserves should be included in the
range list. This allows system components that occasionally write to
memory (e.g. logging to UEFI reserved regions) to not fail due to
RMP initialization and SNP enablement.
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Diffstat (limited to 'scripts/stackusage')
0 files changed, 0 insertions, 0 deletions