summaryrefslogtreecommitdiff
path: root/arch/x86/kernel/sev-es-shared.c
diff options
context:
space:
mode:
authorMartin Radev <martin.b.radev@gmail.com>2020-09-07 15:16:13 +0200
committerBorislav Petkov <bp@suse.de>2020-09-10 21:49:25 +0200
commitf5ed777586e08e09c4b6f1e87161a145ee1431cf (patch)
tree91064c42050caa1d751b7f3ee76b8bf3f909b4aa /arch/x86/kernel/sev-es-shared.c
parent39336f4ffb2478ad384075cf4ba7ef2e5db2bbd7 (diff)
x86/sev-es: Check required CPU features for SEV-ES
Make sure the machine supports RDRAND, otherwise there is no trusted source of randomness in the system. To also check this in the pre-decompression stage, make has_cpuflag() not depend on CONFIG_RANDOMIZE_BASE anymore. Signed-off-by: Martin Radev <martin.b.radev@gmail.com> Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lkml.kernel.org/r/20200907131613.12703-73-joro@8bytes.org
Diffstat (limited to 'arch/x86/kernel/sev-es-shared.c')
-rw-r--r--arch/x86/kernel/sev-es-shared.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/x86/kernel/sev-es-shared.c b/arch/x86/kernel/sev-es-shared.c
index 4be8af2f9c57..5f83ccaab877 100644
--- a/arch/x86/kernel/sev-es-shared.c
+++ b/arch/x86/kernel/sev-es-shared.c
@@ -9,6 +9,21 @@
* and is included directly into both code-bases.
*/
+#ifndef __BOOT_COMPRESSED
+#define error(v) pr_err(v)
+#define has_cpuflag(f) boot_cpu_has(f)
+#endif
+
+static bool __init sev_es_check_cpu_features(void)
+{
+ if (!has_cpuflag(X86_FEATURE_RDRAND)) {
+ error("RDRAND instruction not supported - no trusted source of randomness available\n");
+ return false;
+ }
+
+ return true;
+}
+
static void sev_es_terminate(unsigned int reason)
{
u64 val = GHCB_SEV_TERMINATE;
generated by cgit (git 2.34.1) at 2024-06-13 21:24:21 +0000