Skip to main content

Browse the archive

https://github.com/torvalds/linux
13 July 2024, 08:20:57 UTC
Revision 5abf6dceb066f2b02b225fd561440c98a8062681 authored by Paolo Bonzini on 09 March 2024, 16:24:58 UTC, committed by Paolo Bonzini on 09 March 2024, 16:42:25 UTC 
SEV: disable SEV-ES DebugSwap by default
 
The DebugSwap feature of SEV-ES provides a way for confidential guests to use
data breakpoints.  However, because the status of the DebugSwap feature is
recorded in the VMSA, enabling it by default invalidates the attestation
signatures.  In 6.10 we will introduce a new API to create SEV VMs that
will allow enabling DebugSwap based on what the user tells KVM to do.
Contextually, we will change the legacy KVM_SEV_ES_INIT API to never
enable DebugSwap.

For compatibility with kernels that pre-date the introduction of DebugSwap,
as well as with those where KVM_SEV_ES_INIT will never enable it, do not enable
the feature by default.  If anybody wants to use it, for now they can enable
the sev_es_debug_swap_enabled module parameter, but this will result in a
warning.

Fixes: d1f85fbe836e ("KVM: SEV: Enable data breakpoints in SEV-ES")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 39fee31
History
Tip revision: 5abf6dceb066f2b02b225fd561440c98a8062681 authored by Paolo Bonzini on 09 March 2024, 16:24:58 UTC
SEV: disable SEV-ES DebugSwap by default
Tip revision: 5abf6dc
File Mode Size
Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
init
io_uring
ipc
kernel
lib
mm
net
rust
samples
scripts
security
sound
tools
usr
virt
.clang-format -rw-r--r-- 21.7 KB
.cocciconfig -rw-r--r-- 59 bytes
.editorconfig -rw-r--r-- 672 bytes
.get_maintainer.ignore -rw-r--r-- 151 bytes
.gitattributes -rw-r--r-- 105 bytes
.gitignore -rw-r--r-- 2.0 KB
.mailmap -rw-r--r-- 37.2 KB
.rustfmt.toml -rw-r--r-- 369 bytes
COPYING -rw-r--r-- 496 bytes
CREDITS -rw-r--r-- 101.6 KB
Kbuild -rw-r--r-- 2.5 KB
Kconfig -rw-r--r-- 555 bytes
MAINTAINERS -rw-r--r-- 723.6 KB
Makefile -rw-r--r-- 66.2 KB
README -rw-r--r-- 727 bytes

README

back to top