diff options
| author | Martin Radev <martin.b.radev@gmail.com> | 2020-09-07 15:16:13 +0200 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2020-09-10 21:49:25 +0200 |
| commit | f5ed777586e08e09c4b6f1e87161a145ee1431cf (patch) | |
| tree | 91064c42050caa1d751b7f3ee76b8bf3f909b4aa /arch/x86/kernel/sev-es.c | |
| parent | 39336f4ffb2478ad384075cf4ba7ef2e5db2bbd7 (diff) | |
| download | linux-f5ed777586e08e09c4b6f1e87161a145ee1431cf.tar.gz linux-f5ed777586e08e09c4b6f1e87161a145ee1431cf.tar.bz2 linux-f5ed777586e08e09c4b6f1e87161a145ee1431cf.zip | |
x86/sev-es: Check required CPU features for SEV-ES
Make sure the machine supports RDRAND, otherwise there is no trusted
source of randomness in the system.
To also check this in the pre-decompression stage, make has_cpuflag()
not depend on CONFIG_RANDOMIZE_BASE anymore.
Signed-off-by: Martin Radev <martin.b.radev@gmail.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-73-joro@8bytes.org
Diffstat (limited to 'arch/x86/kernel/sev-es.c')
| -rw-r--r-- | arch/x86/kernel/sev-es.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index 8cac9f80bfc3..6fcfdd32769f 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -665,6 +665,9 @@ void __init sev_es_init_vc_handling(void) if (!sev_es_active()) return; + if (!sev_es_check_cpu_features()) + panic("SEV-ES CPU Features missing"); + /* Enable SEV-ES special handling */ static_branch_enable(&sev_es_enable_key); |