Xen project Mailing List

[PATCH 21/21] x86/cpu: report SMX, TXT and SKINIT capabilities

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Tue, 22 Apr 2025 18:06:55 +0300

Authentication-results: garm.ovh; auth=pass (GARM-108S002681ac38e-e960-4b16-b2af-646d803af872, 7E508E014E7E7C169EB13C6E22C3C4EBF1F0FDD7) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Tue, 22 Apr 2025 15:10:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Michał Żygowski <michal.zygowski@xxxxxxxxx> Report TXT capabilities so that dom0 can query the Intel TXT or AMD SKINIT support information using xl dmesg. Signed-off-by: Michał Żygowski <michal.zygowski@xxxxxxxxx> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx> --- xen/arch/x86/cpu/amd.c | 14 +++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 1 + xen/arch/x86/cpu/intel.c | 44 ++++++++++++++++++++++++++++ xen/arch/x86/include/asm/intel_txt.h | 5 ++++ 5 files changed, 65 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index ce4e1df710..8be135dbc1 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -671,6 +671,19 @@ void amd_log_freq(const struct cpuinfo_x86 *c) #undef FREQ } +void amd_log_skinit(const struct cpuinfo_x86 *c) +{ + /* Run only on BSP to report the capability only once */ + if ( smp_processor_id() ) + return; + + printk("CPU: SKINIT capability "); + if ( !test_bit(X86_FEATURE_SKINIT, &boot_cpu_data.x86_capability) ) + printk("not supported\n"); + else + printk("supported\n"); +} + void cf_check early_init_amd(struct cpuinfo_x86 *c) { if (c == &boot_cpu_data) @@ -1320,6 +1333,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) check_syscfg_dram_mod_en(); amd_log_freq(c); + amd_log_skinit(c); } const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 8be65e975a..5bcf118a93 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,6 +20,7 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_log_skinit(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index f7508cc8fc..6ebb8b5fab 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -85,6 +85,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) } amd_log_freq(c); + amd_log_skinit(c); } const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 6a680ba38d..618bd5540e 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -13,6 +13,7 @@ #include <asm/apic.h> #include <asm/i387.h> #include <asm/trampoline.h> +#include <asm/intel_txt.h> #include "cpu.h" @@ -571,6 +572,47 @@ static void init_intel_perf(struct cpuinfo_x86 *c) } } +/* + * Print out the SMX and TXT capabilties, so that dom0 can determine if the + * system is DRTM-capable. + */ +static void intel_log_smx_txt(struct cpuinfo_x86 *c) +{ + unsigned long cr4_val, getsec_caps; + + /* Run only on BSP to report the SMX/TXT caps only once */ + if ( smp_processor_id() ) + return; + + printk("CPU: SMX capability "); + if ( !test_bit(X86_FEATURE_SMX, &boot_cpu_data.x86_capability) ) + { + printk("not supported\n"); + return; + } + printk("supported\n"); + + /* Can't run GETSEC without VMX and SMX */ + if ( !test_bit(X86_FEATURE_VMX, &boot_cpu_data.x86_capability) ) + return; + + cr4_val = read_cr4(); + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val | X86_CR4_SMXE); + + asm volatile ("getsec\n" + : "=a" (getsec_caps) + : "a" (GETSEC_CAPABILITIES), "b" (0) :); + + if ( getsec_caps & GETSEC_CAP_TXT_CHIPSET ) + printk("Chipset supports TXT\n"); + else + printk("Chipset does not support TXT\n"); + + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val & ~X86_CR4_SMXE); +} + static void cf_check init_intel(struct cpuinfo_x86 *c) { /* Detect the extended topology information if available */ @@ -585,6 +627,8 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) detect_ht(c); } + intel_log_smx_txt(c); + /* Work around errata */ Intel_errata_workarounds(c); diff --git a/xen/arch/x86/include/asm/intel_txt.h b/xen/arch/x86/include/asm/intel_txt.h index af997c9da6..76ec651b11 100644 --- a/xen/arch/x86/include/asm/intel_txt.h +++ b/xen/arch/x86/include/asm/intel_txt.h @@ -82,6 +82,11 @@ #define TXT_AP_BOOT_CS 0x0030 #define TXT_AP_BOOT_DS 0x0038 +/* EAX value for GETSEC leaf functions. Intel SDM: GETSEC[CAPABILITIES] */ +#define GETSEC_CAPABILITIES 0 +/* Intel SDM: GETSEC Capability Result Encoding */ +#define GETSEC_CAP_TXT_CHIPSET 1 + #ifndef __ASSEMBLY__ #include <xen/slr_table.h> -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.