Unverified Commit 4b899b5f authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!5243 [OLK-6.6] Support PSP identification for Hygon 4th CPU and print secure... 

!5243 [OLK-6.6] Support PSP identification for Hygon 4th CPU and print secure features when running on Hygon CPUs

Merge Pull Request from: @hanliyang 
 
Support PSP identification for Hygon 4th CPU and print secure features when running on Hygon CPUs

issue:
https://gitee.com/open_euler/dashboard?issue_id=I98NP1

The PCI device IDs of the Cryptographic Co-Processor contained in the Hygon 4th CPU are different from that of Hygon 2nd/3rd CPUs, so the ID information needs to be added to the id table of the kernel driver.
In addition, Hygon CPUs support many security features, such as SME, CSV, CSV2, CSV3, SM3, SM4. Add patch to print these features in the kernel log so that users can check and utilize these security features easily.

Test:
1. The lspci tool indicates that the Cryptographic Co-Processors are binds to the driver.
2. The host kernel will print SME is active, and the guest kernel will print CSV/CSV2 is active
3. The Cryptographic Co-Processor driver print CSV version info, the KVM module print CSV support info
4. The lscpu tool display csv,csv2 feature flags
5. The lscpu tool display sm3,sm4 feature flags
6. The lscpu tool display csv3 feature flag
7. If the host kernel is not using SME, then the sme feature info is cleared; If the host kernel is using SME, then the sme feature info will be displayed. 
 
Link:https://gitee.com/openeuler/kernel/pulls/5243

 

Reviewed-by: default avatarJason Zeng <jason.zeng@intel.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents f3f94073 8fbff486

Documentation/arch/x86/hygon-secure-virtualization.rst

0 → 100644
+100 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



===========================

HYGON Secure Virtualization

===========================



China Secure Virtualization (CSV) is a key virtualization feature on Hygon

processors.



The 1st generation of CSV (CSV for short) is a secure virtualization technology

to provide memory encryption for the virtual machine (VM), each VM's memory is

encrypted by its unique encryption key which is managed by secure processor.



The 2nd generation of CSV (CSV2 for short) provides security enhancement to CSV

by encrypting not only the VM's memory but also the vCPU's registers of the VM.



The 3rd generation of CSV (CSV3 for short) is a more advanced secure

virtualization technology, it integrates secure processor, memory encryption and

memory isolation to provide the ability to protect guest's private data. The CSV3

guest's context like CPU registers, control block and nested page table is accessed

only by the guest itself and the secure processor. Neither other guests nor the

host can tamper with the guest's context.



The secure processor is a separate processor inside Hygon hardware. The firmware

running inside the secure processor performs activities in a secure way, such as

OVMF encryption, VM launch, secure memory management and nested page table

management etc. For more information, please see CSV spec and CSV3 spec from Hygon.



A CSV guest is running in the memory that is encrypted with a dedicated encrypt

key which is set by the secure processor. And CSV guest's memory encrypt key is

unique from the others. A low latency crypto engine resides on Hygon hardware

to minimize the negative effect on memory bandwidth. In CSV guest, a guest private

page will be automatically decrypted when read from memory and encrypted when

written to memory.



CSV3 provides an enhancement technology named memory isolation to improve the

security. A dedicated memory isolation hardware is built in Hygon hardware. Only

the secure processor has privilege to configure the isolation hardware. The VMM

allocates CMA memory and transfers them to secure processor. The secure processor

maps the memory to secure nested page table and manages them as guest's private

memory. Any memory access (read or write) to CSV3 guest's private memory outside

the guest will be blocked by isolation hardware.



A CSV3 guest may declare some memory regions as shared to share data with the

host. When a page is set as shared, read/write on the page will bypass the

isolation hardware and the guest's shared memory can be accessed by the host. A

method named CSV3 secure call command is designed and CSV3 guest sends the secure

call command to the secure processor to change private memory to shared memory.

In the method, 2 dedicated pages are reserved at early stage of the guest. Any

read/write on the dedicated pages will trigger nested page fault. When NPF

happens, the host helps to issue an external command to the secure processor but

cannot tamper with the data in the guest's private memory. Then the secure

processor checks the fault address and handles the command if the address is

exactly the dedicated pages.



Support for CSV can be determined through the CPUID instruction. The CPUID

function 0x8000001f reports information to CSV::



	0x8000001f[eax]:

		Bit[1]	  indicates support for CSV

		Bit[3]	  indicates support for CSV2

		Bit[30]	  indicates support for CSV3



If CSV is support, MSR 0xc0010131 can be used to determine if CSV is active::



	0xc0010131:

		Bit[0]	  0 = CSV is not active

			  1 = CSV is active

		Bit[1]	  0 = CSV2 is not active

			  1 = CSV2 is active

		Bit[30]	  0 = CSV3 is not active

			  1 = CSV3 is active



All CSV/CSV2's configurations must be enabled in CSV3. Linux can activate CSV3 by

default (CONFIG_HYGON_CSV=y, CONFIG_CMA=y). CSV3 guest's memory is managed by

CMA (Contiguous Memory Allocation). User must specify CSV3 total secure memory on

the linux kernel command line with csv_mem_size or csv_mem_percentage::



	csv_mem_size=nn[MG]

		[KNL,CSV]

		Reserve specified CSV3 memory size in CMA. CSV3's memory will be

		allocated from these CMAs.

		For instance, csv_mem_size=40G, 40G memory is reserved for CSV3.



	csv_mem_percentage=nn

		[KNL,CSV]

		Reserve specified memory size which is prorated according to the

		whole system memory size. CSV3 guest's memory will be allocated

		from these CMAs.

		For instance, csv_mem_percentage=60, means 60% system memory is

		reserved for CSV3.

		The maximum percentage is 80. And the default percentage is 0.



Limitations

The reserved CSV3 memory within CMA cannot be used by kernel or any application that

may pin memory using long term gup during the application's life time.

For instance, if the whole system memory is 64G and 32G is reserved for CSV3 with

kernel command line csv_mem_percentage=50, only 32G memory is available for CSV/CSV2.

As a result, user will fail to run a CSV/CSV2 guest with memory size which exceeds

32G.

arch/x86/Kconfig

+23 −0
Original line number Diff line number Diff line
@@ -2070,6 +2070,29 @@ config EFI_RUNTIME_MAP 


	  See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.



config HYGON_CSV

	bool "Hygon secure virtualization CSV support"

	default y

	depends on CPU_SUP_HYGON && AMD_MEM_ENCRYPT

	help

	  Hygon CSV integrates secure processor, memory encryption and

	  memory isolation to provide the ability to protect guest's private

	  data. It has evolved from CSV, CSV2 to CSV3.



	  For CSV, the guest's memory is encrypted.



	  For CSV2, not only the guest's memory, but also the guest's vCPU

	  registers are encrypted, neither other guests nor the host can tamper

	  with the vCPU registers.



	  For CSV3, the guest's context like vCPU registers, control block and

	  nested page table is accessed only by the guest itself and the secure

	  processor. Neither other guests nor the host can tamper with the

	  guest's context.



	  Say Y here to enable support for the whole capbilities of Hygon secure

	  virtualization on hygon processor.



source "kernel/Kconfig.hz"



config ARCH_SUPPORTS_KEXEC

arch/x86/configs/openeuler_defconfig

+1 −0
Original line number Diff line number Diff line
@@ -485,6 +485,7 @@ CONFIG_EFI_HANDOVER_PROTOCOL=y 
CONFIG_EFI_MIXED=y

# CONFIG_EFI_FAKE_MEMMAP is not set

CONFIG_EFI_RUNTIME_MAP=y

CONFIG_HYGON_CSV=y

# CONFIG_HZ_100 is not set

# CONFIG_HZ_250 is not set

# CONFIG_HZ_300 is not set

arch/x86/include/asm/cpufeature.h

+1 −1
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ enum cpuid_leafs 
	CPUID_RESERVED_6,

	CPUID_RESERVED_7,

	CPUID_RESERVED_8,

	CPUID_RESERVED_9,

	CPUID_8C86_0000_EDX,

	CPUID_C000_0006_EAX,

};

arch/x86/include/asm/cpufeatures.h

+6 −0
Original line number Diff line number Diff line
@@ -463,6 +463,8 @@ 
#define X86_FEATURE_V_TSC_AUX		(19*32+ 9) /* "" Virtual TSC_AUX */

#define X86_FEATURE_SME_COHERENT	(19*32+10) /* "" AMD hardware-enforced cache coherency */

#define X86_FEATURE_DEBUG_SWAP		(19*32+14) /* AMD SEV-ES full debug state swap support */

/* HYGON 3rd CSV */

#define X86_FEATURE_CSV3		(19*32 + 30) /* HYGON 3rd CSV */



/* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */

#define X86_FEATURE_NO_NESTED_DATA_BP	(20*32+ 0) /* "" No Nested Data Breakpoints */
@@ -487,6 +489,10 @@ 
#define X86_FEATURE_CLEAR_BHB_HW	(21*32+ 3) /* "" BHI_DIS_S HW control enabled */

#define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */



/* HYGON-defined CPU features, CPUID level 0x8c860000:0 (EDX), word 29 */

#define X86_FEATURE_SM3			(29*32 + 1) /* SM3 instructions */

#define X86_FEATURE_SM4			(29*32 + 2) /* SM4 instructions */



/* VIA/Cyrix/Centaur/Zhaoxin-defined CPU features, CPUID level 0xC0000006, word 21 */

#define X86_FEATURE_ZXPAUSE		(30*32 + 0) /* Zhaoxin ZXPAUSE */