Commit 4ecb66b3 authored by hanliyang's avatar hanliyang
Browse files

x86/mm: Provide a Kconfig entry to build the HYGON memory encryption support into the kernel 

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I98NP1


CVE: NA

---------------------------

Provide CONFIG_HYGON_CSV to the arch/x86/Kconfig, and build HYGON's
specific memory encryption support into the kernel when
CONFIG_HYGON_CSV=y.

Besides, add arch/x86/include/asm/processor-hygon.h to contains
helpers to determine the Hygon CPUs so that we can call functions
specific to CSV in the native code and reduce code intruision.

Signed-off-by: default avatarhanliyang <hanliyang@hygon.cn>
parent fd6f5445

arch/x86/Kconfig

+23 −0
Original line number Diff line number Diff line
@@ -2070,6 +2070,29 @@ config EFI_RUNTIME_MAP 


	  See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.



config HYGON_CSV

	bool "Hygon secure virtualization CSV support"

	default y

	depends on CPU_SUP_HYGON && AMD_MEM_ENCRYPT

	help

	  Hygon CSV integrates secure processor, memory encryption and

	  memory isolation to provide the ability to protect guest's private

	  data. It has evolved from CSV, CSV2 to CSV3.



	  For CSV, the guest's memory is encrypted.



	  For CSV2, not only the guest's memory, but also the guest's vCPU

	  registers are encrypted, neither other guests nor the host can tamper

	  with the vCPU registers.



	  For CSV3, the guest's context like vCPU registers, control block and

	  nested page table is accessed only by the guest itself and the secure

	  processor. Neither other guests nor the host can tamper with the

	  guest's context.



	  Say Y here to enable support for the whole capbilities of Hygon secure

	  virtualization on hygon processor.



source "kernel/Kconfig.hz"



config ARCH_SUPPORTS_KEXEC

arch/x86/include/asm/processor-hygon.h

0 → 100644
+23 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * The helpers to support Hygon CPU specific code path.

 *

 * Copyright (C) 2024 Hygon Info Technologies Ltd.

 *

 * Author: Liyang Han <hanliyang@hygon.cn>

 */



#ifndef _ASM_X86_PROCESSOR_HYGON_H

#define _ASM_X86_PROCESSOR_HYGON_H



#include <asm/processor.h>



/*

 * helper to determine HYGON CPU

 */

static inline bool is_x86_vendor_hygon(void)

{

	return boot_cpu_data.x86_vendor == X86_VENDOR_HYGON;

}



#endif	/* _ASM_X86_PROCESSOR_HYGON_H */

arch/x86/mm/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -67,3 +67,5 @@ obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_amd.o 


obj-$(CONFIG_AMD_MEM_ENCRYPT)	+= mem_encrypt_identity.o

obj-$(CONFIG_AMD_MEM_ENCRYPT)	+= mem_encrypt_boot.o



obj-$(CONFIG_HYGON_CSV)		+= mem_encrypt_hygon.o

arch/x86/mm/mem_encrypt_hygon.c

0 → 100644
+16 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * HYGON Memory Encryption Support

 *

 * Copyright (C) 2024 Hygon Info Technologies Ltd.

 *

 * Author: Liyang Han <hanliyang@hygon.cn>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */



#define DISABLE_BRANCH_PROFILING



#include <linux/cc_platform.h>