Message ID | 20240205154602.21411-1-bp@alien8.de |
---|---|
State | Accepted |
Commit | 6e031ef2c201cea07bea3b286ed151378c4099f3 |
Headers | show |
Series | crypto: ccp - State in dmesg that TSME is enabled | expand |
On 2/5/24 09:46, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > In the case when only TSME is enabled, it is useful to state that fact > too, so that users are aware that memory encryption is still enabled > even when the corresponding software variant of memory encryption is not > enabled. > > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> > --- > drivers/crypto/ccp/psp-dev.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index 124a2e0c8999..56bf832c2947 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -156,11 +156,14 @@ static unsigned int psp_get_capability(struct psp_device *psp) > } > psp->capability = val; > > - /* Detect if TSME and SME are both enabled */ > + /* Detect TSME and/or SME status */ > if (PSP_CAPABILITY(psp, PSP_SECURITY_REPORTING) && > - psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET) && > - cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) > - dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); > + psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET)) { > + if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) > + dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); > + else > + dev_notice(psp->dev, "psp: TSME enabled\n"); > + } > > return 0; > }
Borislav Petkov <bp@alien8.de> wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > In the case when only TSME is enabled, it is useful to state that fact > too, so that users are aware that memory encryption is still enabled > even when the corresponding software variant of memory encryption is not > enabled. > > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> > --- > drivers/crypto/ccp/psp-dev.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) Patch applied. Thanks.
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 124a2e0c8999..56bf832c2947 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -156,11 +156,14 @@ static unsigned int psp_get_capability(struct psp_device *psp) } psp->capability = val; - /* Detect if TSME and SME are both enabled */ + /* Detect TSME and/or SME status */ if (PSP_CAPABILITY(psp, PSP_SECURITY_REPORTING) && - psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET) && - cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) - dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); + psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET)) { + if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) + dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); + else + dev_notice(psp->dev, "psp: TSME enabled\n"); + } return 0; }