Xen project Mailing List

[PATCH v3 21/22] x86/cpu: report SMX, TXT and SKINIT capabilities

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Fri, 30 May 2025 16:18:03 +0300

Authentication-results: garm.ovh; auth=pass (GARM-98R0024bd3e58b-6ef2-461f-a919-a86e5b2b2194, A4E380CC922F0B59227EC5DCC46884561651840B) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Fri, 30 May 2025 13:20:51 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Michał Żygowski <michal.zygowski@xxxxxxxxx> Report TXT capabilities so that dom0 can query the Intel TXT or AMD SKINIT support information using xl dmesg. Signed-off-by: Michał Żygowski <michal.zygowski@xxxxxxxxx> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx> --- xen/arch/x86/cpu/amd.c | 16 ++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 1 + xen/arch/x86/cpu/intel.c | 46 ++++++++++++++++++++++++++++ xen/arch/x86/include/asm/intel-txt.h | 5 +++ 5 files changed, 69 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 27ae167808..e630a0bb2a 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -688,6 +688,21 @@ void amd_log_freq(const struct cpuinfo_x86 *c) #undef FREQ } +void amd_log_skinit(const struct cpuinfo_x86 *c) +{ + /* + * Run only on BSP and not during resume to report the capability only once. + */ + if ( system_state != SYS_STATE_resume && smp_processor_id() ) + return; + + printk("CPU: SKINIT capability "); + if ( !test_bit(X86_FEATURE_SKINIT, &boot_cpu_data.x86_capability) ) + printk("not supported\n"); + else + printk("supported\n"); +} + void cf_check early_init_amd(struct cpuinfo_x86 *c) { if (c == &boot_cpu_data) @@ -1337,6 +1352,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) check_syscfg_dram_mod_en(); amd_log_freq(c); + amd_log_skinit(c); } const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index cbb434f3a2..94132394aa 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -24,6 +24,7 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_log_skinit(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index f7508cc8fc..6ebb8b5fab 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -85,6 +85,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) } amd_log_freq(c); + amd_log_skinit(c); } const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index ef9368167a..ed9cdd064f 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,7 @@ #include <asm/apic.h> #include <asm/i387.h> #include <asm/trampoline.h> +#include <asm/intel-txt.h> #include "cpu.h" @@ -633,6 +634,49 @@ static void init_intel_perf(struct cpuinfo_x86 *c) } } +/* + * Print out the SMX and TXT capabilties, so that dom0 can determine if the + * system is DRTM-capable. + */ +static void intel_log_smx_txt(void) +{ + unsigned long cr4_val, getsec_caps; + + /* + * Run only on BSP and not during resume to report the capability only once. + */ + if ( system_state != SYS_STATE_resume && smp_processor_id() ) + return; + + printk("CPU: SMX capability "); + if ( !test_bit(X86_FEATURE_SMX, &boot_cpu_data.x86_capability) ) + { + printk("not supported\n"); + return; + } + printk("supported\n"); + + /* Can't run GETSEC without VMX and SMX */ + if ( !test_bit(X86_FEATURE_VMX, &boot_cpu_data.x86_capability) ) + return; + + cr4_val = read_cr4(); + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val | X86_CR4_SMXE); + + asm volatile ("getsec\n" + : "=a" (getsec_caps) + : "a" (GETSEC_CAPABILITIES), "b" (0) :); + + if ( getsec_caps & GETSEC_CAP_TXT_CHIPSET ) + printk("Chipset supports TXT\n"); + else + printk("Chipset does not support TXT\n"); + + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val & ~X86_CR4_SMXE); +} + static void cf_check init_intel(struct cpuinfo_x86 *c) { /* Detect the extended topology information if available */ @@ -647,6 +691,8 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) detect_ht(c); } + intel_log_smx_txt(); + /* Work around errata */ Intel_errata_workarounds(c); diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/asm/intel-txt.h index c032ebb2e1..af388ade02 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -94,6 +94,11 @@ #define TXT_AP_BOOT_CS 0x0030 #define TXT_AP_BOOT_DS 0x0038 +/* EAX value for GETSEC leaf functions. Intel SDM: GETSEC[CAPABILITIES] */ +#define GETSEC_CAPABILITIES 0 +/* Intel SDM: GETSEC Capability Result Encoding */ +#define GETSEC_CAP_TXT_CHIPSET 1 + #ifndef __ASSEMBLY__ #include <xen/slr-table.h> -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.