Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Efi mem crypto v2 #2

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Efi mem crypto v2 #2

wants to merge 5 commits into from

Commits on Oct 25, 2021

  1. Extend memblock to support memory encryption 

    Add the capability to mark regions of the memory memory_type able of
hardware memory encryption.

Also add the capability to query if all regions of a memory node are
able to do hardware memory encryption.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
    Martin Fernandez committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    7d9af91 View commit details
    Browse the repository at this point in the history

  2. Extend pg_data_t to hold information about memory encryption 

    Add a new member in the pg_data_t struct tell whether the node
corresponding to that pg_data_t is able to do hardware memory encryption.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
    Martin Fernandez committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    8fe7029 View commit details
    Browse the repository at this point in the history

  3. Extend e820_table to hold information about memory encryption 

    Add a new member in e820_entry to hold whether an entry is able to do
hardware memory encryption or not.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
    Martin Fernandez committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    952654e View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2021

  1. Mark e820_entries as crypto capable from EFI memmap 

    Iterate over the EFI memmap finding the contiguous regions that are
able to do hardware encryption (ie, those who have the
EFI_MEMORY_CPU_CRYPTO enabled) and mark those in the e820_table.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
    Martin Fernandez committed Oct 26, 2021
    Configuration menu
    Copy the full SHA
    e555720 View commit details
    Browse the repository at this point in the history

  2. Show in sysfs if a memory node is able to do memory encryption 

    Show in each node in sysfs if its memory is able to do hardware memory
encryption, ie. if all its memory is marked with EFI_MEMORY_CPU_CRYPTO
in the EFI memory map.

This value will only be shown if the memory is local to at least one
CPU, since otherwise it won't be able to be encrypted by CPU's
cryptographic capabilities. This check is done against the ACPI's SRAT
table.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
    Martin Fernandez committed Oct 26, 2021
    Configuration menu
    Copy the full SHA
    04e35fc View commit details
    Browse the repository at this point in the history