xref: /openbmc/linux/arch/x86/mm/mem_encrypt.c (revision 4f2c0a4acffbec01079c28f839422e64ddeff004) 
120f07a04SKirill A. Shutemov // SPDX-License-Identifier: GPL-2.0-only
220f07a04SKirill A. Shutemov /*
320f07a04SKirill A. Shutemov  * Memory Encryption Support Common Code
420f07a04SKirill A. Shutemov  *
520f07a04SKirill A. Shutemov  * Copyright (C) 2016 Advanced Micro Devices, Inc.
620f07a04SKirill A. Shutemov  *
720f07a04SKirill A. Shutemov  * Author: Tom Lendacky <thomas.lendacky@amd.com>
820f07a04SKirill A. Shutemov  */
920f07a04SKirill A. Shutemov 
1020f07a04SKirill A. Shutemov #include <linux/dma-direct.h>
1120f07a04SKirill A. Shutemov #include <linux/dma-mapping.h>
1220f07a04SKirill A. Shutemov #include <linux/swiotlb.h>
1320f07a04SKirill A. Shutemov #include <linux/cc_platform.h>
1420f07a04SKirill A. Shutemov #include <linux/mem_encrypt.h>
1520f07a04SKirill A. Shutemov 
1620f07a04SKirill A. Shutemov /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
force_dma_unencrypted(struct device * dev)1720f07a04SKirill A. Shutemov bool force_dma_unencrypted(struct device *dev)
1820f07a04SKirill A. Shutemov {
1920f07a04SKirill A. Shutemov 	/*
2020f07a04SKirill A. Shutemov 	 * For SEV, all DMA must be to unencrypted addresses.
2120f07a04SKirill A. Shutemov 	 */
2220f07a04SKirill A. Shutemov 	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
2320f07a04SKirill A. Shutemov 		return true;
2420f07a04SKirill A. Shutemov 
2520f07a04SKirill A. Shutemov 	/*
2620f07a04SKirill A. Shutemov 	 * For SME, all DMA must be to unencrypted addresses if the
2720f07a04SKirill A. Shutemov 	 * device does not support DMA to addresses that include the
2820f07a04SKirill A. Shutemov 	 * encryption mask.
2920f07a04SKirill A. Shutemov 	 */
3020f07a04SKirill A. Shutemov 	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
3120f07a04SKirill A. Shutemov 		u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
3220f07a04SKirill A. Shutemov 		u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
3320f07a04SKirill A. Shutemov 						dev->bus_dma_limit);
3420f07a04SKirill A. Shutemov 
3520f07a04SKirill A. Shutemov 		if (dma_dev_mask <= dma_enc_mask)
3620f07a04SKirill A. Shutemov 			return true;
3720f07a04SKirill A. Shutemov 	}
3820f07a04SKirill A. Shutemov 
3920f07a04SKirill A. Shutemov 	return false;
4020f07a04SKirill A. Shutemov }
4120f07a04SKirill A. Shutemov 
print_mem_encrypt_feature_info(void)4220f07a04SKirill A. Shutemov static void print_mem_encrypt_feature_info(void)
4320f07a04SKirill A. Shutemov {
44*968b4931SKirill A. Shutemov 	pr_info("Memory Encryption Features active:");
45*968b4931SKirill A. Shutemov 
46*968b4931SKirill A. Shutemov 	if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
47*968b4931SKirill A. Shutemov 		pr_cont(" Intel TDX\n");
48*968b4931SKirill A. Shutemov 		return;
49*968b4931SKirill A. Shutemov 	}
50*968b4931SKirill A. Shutemov 
51*968b4931SKirill A. Shutemov 	pr_cont(" AMD");
5220f07a04SKirill A. Shutemov 
5320f07a04SKirill A. Shutemov 	/* Secure Memory Encryption */
5420f07a04SKirill A. Shutemov 	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
5520f07a04SKirill A. Shutemov 		/*
5620f07a04SKirill A. Shutemov 		 * SME is mutually exclusive with any of the SEV
5720f07a04SKirill A. Shutemov 		 * features below.
5820f07a04SKirill A. Shutemov 		 */
5920f07a04SKirill A. Shutemov 		pr_cont(" SME\n");
6020f07a04SKirill A. Shutemov 		return;
6120f07a04SKirill A. Shutemov 	}
6220f07a04SKirill A. Shutemov 
6320f07a04SKirill A. Shutemov 	/* Secure Encrypted Virtualization */
6420f07a04SKirill A. Shutemov 	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
6520f07a04SKirill A. Shutemov 		pr_cont(" SEV");
6620f07a04SKirill A. Shutemov 
6720f07a04SKirill A. Shutemov 	/* Encrypted Register State */
6820f07a04SKirill A. Shutemov 	if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
6920f07a04SKirill A. Shutemov 		pr_cont(" SEV-ES");
7020f07a04SKirill A. Shutemov 
71f742b90eSBrijesh Singh 	/* Secure Nested Paging */
72f742b90eSBrijesh Singh 	if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
73f742b90eSBrijesh Singh 		pr_cont(" SEV-SNP");
74f742b90eSBrijesh Singh 
7520f07a04SKirill A. Shutemov 	pr_cont("\n");
7620f07a04SKirill A. Shutemov }
7720f07a04SKirill A. Shutemov 
7820f07a04SKirill A. Shutemov /* Architecture __weak replacement functions */
mem_encrypt_init(void)7920f07a04SKirill A. Shutemov void __init mem_encrypt_init(void)
8020f07a04SKirill A. Shutemov {
8120f07a04SKirill A. Shutemov 	if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT))
8220f07a04SKirill A. Shutemov 		return;
8320f07a04SKirill A. Shutemov 
8420f07a04SKirill A. Shutemov 	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
8520f07a04SKirill A. Shutemov 	swiotlb_update_mem_attributes();
8620f07a04SKirill A. Shutemov 
8720f07a04SKirill A. Shutemov 	print_mem_encrypt_feature_info();
8820f07a04SKirill A. Shutemov }
89