diff options
author | Tom Lendacky <thomas.lendacky@amd.com> | 2018-01-10 13:26:34 -0600 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2018-01-16 01:50:59 +0100 |
commit | 107cd2532181b96c549e8f224cdcca8631c3076b (patch) | |
tree | 35ab5cd0d8522e363a21738ed69042aa85a6a8cc /arch/x86/kernel/head64.c | |
parent | cc5f01e28d6c60f274fd1e33b245f679f79f543c (diff) | |
download | linux-stable-107cd2532181b96c549e8f224cdcca8631c3076b.tar.gz linux-stable-107cd2532181b96c549e8f224cdcca8631c3076b.tar.bz2 linux-stable-107cd2532181b96c549e8f224cdcca8631c3076b.zip |
x86/mm: Encrypt the initrd earlier for BSP microcode update
Currently the BSP microcode update code examines the initrd very early
in the boot process. If SME is active, the initrd is treated as being
encrypted but it has not been encrypted (in place) yet. Update the
early boot code that encrypts the kernel to also encrypt the initrd so
that early BSP microcode updates work.
Tested-by: Gabriel Craciunescu <nix.or.die@gmail.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20180110192634.6026.10452.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'arch/x86/kernel/head64.c')
-rw-r--r-- | arch/x86/kernel/head64.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 6a5d757b9cfd..7ba5d819ebe3 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -157,8 +157,8 @@ unsigned long __head __startup_64(unsigned long physaddr, p = fixup_pointer(&phys_base, physaddr); *p += load_delta - sme_get_me_mask(); - /* Encrypt the kernel (if SME is active) */ - sme_encrypt_kernel(); + /* Encrypt the kernel and related (if SME is active) */ + sme_encrypt_kernel(bp); /* * Return the SME encryption mask (if SME is active) to be used as a |