Commit 59bd54a8 authored by Kuppuswamy Sathyanarayanan's avatar Kuppuswamy Sathyanarayanan Committed by Dave Hansen
Browse files

x86/tdx: Detect running as a TDX guest in early boot 



In preparation of extending cc_platform_has() API to support TDX guest,
use CPUID instruction to detect support for TDX guests in the early
boot code (via tdx_early_init()). Since copy_bootdata() is the first
user of cc_platform_has() API, detect the TDX guest status before it.

Define a synthetic feature flag (X86_FEATURE_TDX_GUEST) and set this
bit in a valid TDX guest platform.

Signed-off-by: default avatarKuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarAndi Kleen <ak@linux.intel.com>
Reviewed-by: default avatarTony Luck <tony.luck@intel.com>
Reviewed-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20220405232939.73860-2-kirill.shutemov@linux.intel.com
parent 31231092

arch/x86/Kconfig

+12 −0
Original line number Diff line number Diff line
@@ -878,6 +878,18 @@ config ACRN_GUEST 
	  IOT with small footprint and real-time features. More details can be

	  found in https://projectacrn.org/.



config INTEL_TDX_GUEST

	bool "Intel TDX (Trust Domain Extensions) - Guest Support"

	depends on X86_64 && CPU_SUP_INTEL

	depends on X86_X2APIC

	help

	  Support running as a guest under Intel TDX.  Without this support,

	  the guest kernel can not boot or run under TDX.

	  TDX includes memory encryption and integrity capabilities

	  which protect the confidentiality and integrity of guest

	  memory contents and CPU state. TDX guests are protected from

	  some attacks from the VMM.



endif #HYPERVISOR_GUEST



source "arch/x86/Kconfig.cpu"

arch/x86/coco/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -4,3 +4,5 @@ KASAN_SANITIZE_core.o := n 
CFLAGS_core.o		+= -fno-stack-protector



obj-y += core.o



obj-$(CONFIG_INTEL_TDX_GUEST)	+= tdx/

arch/x86/coco/tdx/Makefile

0 → 100644
+3 −0
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0



obj-y += tdx.o

arch/x86/coco/tdx/tdx.c

0 → 100644
+22 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/* Copyright (C) 2021-2022 Intel Corporation */



#undef pr_fmt

#define pr_fmt(fmt)     "tdx: " fmt



#include <linux/cpufeature.h>

#include <asm/tdx.h>



void __init tdx_early_init(void)

{

	u32 eax, sig[3];



	cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[2],  &sig[1]);



	if (memcmp(TDX_IDENT, sig, sizeof(sig)))

		return;



	setup_force_cpu_cap(X86_FEATURE_TDX_GUEST);



	pr_info("Guest detected\n");

}

arch/x86/include/asm/cpufeatures.h

+1 −0
Original line number Diff line number Diff line
@@ -238,6 +238,7 @@ 
#define X86_FEATURE_VMW_VMMCALL		( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */

#define X86_FEATURE_PVUNLOCK		( 8*32+20) /* "" PV unlock function */

#define X86_FEATURE_VCPUPREEMPT		( 8*32+21) /* "" PV vcpu_is_preempted function */

#define X86_FEATURE_TDX_GUEST		( 8*32+22) /* Intel Trust Domain Extensions Guest */



/* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */

#define X86_FEATURE_FSGSBASE		( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/