xenbits.xensource.com Git - xen.git/commit

author	Norbert Kamiński <norbert.kaminski@3mdeb.com>
	Tue, 12 Jan 2021 20:27:43 +0000 (21:27 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 29 Jan 2021 12:04:01 +0000 (12:04 +0000)
commit	e4283bf38aae6c2f88cdbdaeef0f005a1a5f6c78
tree	731104cd8b090f811d80640b0acd36d8c8a662df	tree
parent	9a0d5c6e04bfa742401598d5c41c10943109f83d	commit \| diff

x86: Support booting under Secure Startup via SKINIT

For now, this is simply enough logic to let Xen come up after the bootloader
has executed an SKINIT instruction to begin a Secure Startup.

During a Secure Startup, the BSP operates with the GIF clear (blocks all
external interrupts, even SMI/NMI), and INIT_REDIRECTION active (converts INIT
IPIs to #SX exceptions, if e.g. the platform needs to scrub secrets before
resetting). To afford APs the same Secure Startup protections as the BSP, the
INIT IPI must be skipped, and SIPI must be the first interrupt seen.

Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"

Introduce skinit_enable_intr() and call it from cpu_init(), next to the
enable_nmis() which performs a related function for tboot startups.

Also introduce ap_boot_method to control the sequence of actions for AP boot.

Signed-off-by: Marek Kasiewicz <marek.kasiewicz@3mdeb.com>
Signed-off-by: Norbert Kamiński <norbert.kaminski@3mdeb.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/cpu/common.c		diff \| blob \| blame \| history
xen/arch/x86/smpboot.c		diff \| blob \| blame \| history
xen/include/asm-x86/cpufeature.h		diff \| blob \| blame \| history
xen/include/asm-x86/msr-index.h		diff \| blob \| blame \| history
xen/include/asm-x86/processor.h		diff \| blob \| blame \| history