For display purposes only right now.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Xenia Ragiadakou <xenia.ragiadakou@amd.com>
CC: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
CC: George Dunlap <george.dunlap@citrix.com>
CC: Andrei Semenov <andrei.semenov@vates.fr>
CC: Vaishali Thakkar <vaishali.thakkar@vates.tech>

This is only half the work to get SEV working nicely.  The other
half (rearranging __start_xen() so we can move the host policy collection
earlier) is still a work-in-progress.
---
 tools/misc/xen-cpuid.c                      | 3 +++
 xen/arch/x86/include/asm/cpufeature.h       | 3 +++
 xen/include/public/arch-x86/cpufeatureset.h | 4 ++++
 xen/tools/gen-cpuid.py                      | 6 +++++-
 4 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index 0d01b0e797f1..1463e0429ba1 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -281,6 +281,9 @@ static const char *const str_eAd[32] =
 
 static const char *const str_e1Fa[32] =
 {
+    [ 0] = "sme",                 [ 1] = "sev",
+    /* 2 */                       [ 3] = "sev-es",
+    [ 4] = "sev-snp",
 };
 
 static const struct {
diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h
index b6fb8c24423c..732f0d2bf758 100644
--- a/xen/arch/x86/include/asm/cpufeature.h
+++ b/xen/arch/x86/include/asm/cpufeature.h
@@ -230,6 +230,9 @@ static inline bool boot_cpu_has(unsigned int feat)
 #define cpu_has_v_gif           boot_cpu_has(X86_FEATURE_V_GIF)
 #define cpu_has_v_spec_ctrl     boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)
 
+/* CPUID level 0x8000001f.eax */
+#define cpu_has_sev             boot_cpu_has(X86_FEATURE_SEV)
+
 /* Synthesized. */
 #define cpu_has_arch_perfmon    boot_cpu_has(X86_FEATURE_ARCH_PERFMON)
 #define cpu_has_cpuid_faulting  boot_cpu_has(X86_FEATURE_CPUID_FAULTING)
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index 80d252a38c2d..7ee0f2329151 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -374,6 +374,10 @@ XEN_CPUFEATURE(NPT_SSS,            18*32+19) /*   NPT Supervisor Shadow Stacks *
 XEN_CPUFEATURE(V_SPEC_CTRL,        18*32+20) /*   Virtualised MSR_SPEC_CTRL */
 
 /* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 19 */
+XEN_CPUFEATURE(SME,                19*32+ 0) /*   Secure Memory Encryption */
+XEN_CPUFEATURE(SEV,                19*32+ 1) /*   Secure Encryped VM */
+XEN_CPUFEATURE(SEV_ES,             19*32+ 3) /*   SEV Encrypted State */
+XEN_CPUFEATURE(SEV_SNP,            19*32+ 4) /*   SEV Secure Nested Paging */
 
 #endif /* XEN_CPUFEATURE */
 
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
index f07b1f4cf905..bff4d9389ff6 100755
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -281,7 +281,7 @@ def crunch_numbers(state):
         _3DNOW: [_3DNOWEXT],
 
         # The SVM bit enumerates the whole SVM leave.
-        SVM: list(range(NPT, NPT + 32)),
+        SVM: list(range(NPT, NPT + 32)) + [SEV],
 
         # This is just the dependency between AVX512 and AVX2 of XSTATE
         # feature flags.  If want to use AVX512, AVX2 must be supported and
@@ -341,6 +341,10 @@ def crunch_numbers(state):
 
         # The behaviour described by RRSBA depend on eIBRS being active.
         EIBRS: [RRSBA],
+
+        SEV: [SEV_ES],
+
+        SEV_ES: [SEV_SNP],
     }
 
     deep_features = tuple(sorted(deps.keys()))
-- 
2.30.2

On 29.04.2024 17:16, Andrew Cooper wrote:
> For display purposes only right now.

And limited to a narrow subset, presumably intentionally.

> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

Jan

On 4/29/24 5:16 PM, Andrew Cooper wrote:
> For display purposes only right now.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Vaishali Thakkar <vaishali.thakkar@vates.tech>

> ---
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Xenia Ragiadakou <xenia.ragiadakou@amd.com>
> CC: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
> CC: George Dunlap <george.dunlap@citrix.com>
> CC: Andrei Semenov <andrei.semenov@vates.fr>
> CC: Vaishali Thakkar <vaishali.thakkar@vates.tech>
> 
> This is only half the work to get SEV working nicely.  The other
> half (rearranging __start_xen() so we can move the host policy collection
> earlier) is still a work-in-progress.
> ---
>   tools/misc/xen-cpuid.c                      | 3 +++
>   xen/arch/x86/include/asm/cpufeature.h       | 3 +++
>   xen/include/public/arch-x86/cpufeatureset.h | 4 ++++
>   xen/tools/gen-cpuid.py                      | 6 +++++-
>   4 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
> index 0d01b0e797f1..1463e0429ba1 100644
> --- a/tools/misc/xen-cpuid.c
> +++ b/tools/misc/xen-cpuid.c
> @@ -281,6 +281,9 @@ static const char *const str_eAd[32] =
>   
>   static const char *const str_e1Fa[32] =
>   {
> +    [ 0] = "sme",                 [ 1] = "sev",
> +    /* 2 */                       [ 3] = "sev-es",
> +    [ 4] = "sev-snp",
>   };
>   
>   static const struct {
> diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h
> index b6fb8c24423c..732f0d2bf758 100644
> --- a/xen/arch/x86/include/asm/cpufeature.h
> +++ b/xen/arch/x86/include/asm/cpufeature.h
> @@ -230,6 +230,9 @@ static inline bool boot_cpu_has(unsigned int feat)
>   #define cpu_has_v_gif           boot_cpu_has(X86_FEATURE_V_GIF)
>   #define cpu_has_v_spec_ctrl     boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)
>   
> +/* CPUID level 0x8000001f.eax */
> +#define cpu_has_sev             boot_cpu_has(X86_FEATURE_SEV)
> +
>   /* Synthesized. */
>   #define cpu_has_arch_perfmon    boot_cpu_has(X86_FEATURE_ARCH_PERFMON)
>   #define cpu_has_cpuid_faulting  boot_cpu_has(X86_FEATURE_CPUID_FAULTING)
> diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
> index 80d252a38c2d..7ee0f2329151 100644
> --- a/xen/include/public/arch-x86/cpufeatureset.h
> +++ b/xen/include/public/arch-x86/cpufeatureset.h
> @@ -374,6 +374,10 @@ XEN_CPUFEATURE(NPT_SSS,            18*32+19) /*   NPT Supervisor Shadow Stacks *
>   XEN_CPUFEATURE(V_SPEC_CTRL,        18*32+20) /*   Virtualised MSR_SPEC_CTRL */
>   
>   /* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 19 */
> +XEN_CPUFEATURE(SME,                19*32+ 0) /*   Secure Memory Encryption */
> +XEN_CPUFEATURE(SEV,                19*32+ 1) /*   Secure Encryped VM */
> +XEN_CPUFEATURE(SEV_ES,             19*32+ 3) /*   SEV Encrypted State */
> +XEN_CPUFEATURE(SEV_SNP,            19*32+ 4) /*   SEV Secure Nested Paging */
>   
>   #endif /* XEN_CPUFEATURE */
>   
> diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
> index f07b1f4cf905..bff4d9389ff6 100755
> --- a/xen/tools/gen-cpuid.py
> +++ b/xen/tools/gen-cpuid.py
> @@ -281,7 +281,7 @@ def crunch_numbers(state):
>           _3DNOW: [_3DNOWEXT],
>   
>           # The SVM bit enumerates the whole SVM leave.
> -        SVM: list(range(NPT, NPT + 32)),
> +        SVM: list(range(NPT, NPT + 32)) + [SEV],
>   
>           # This is just the dependency between AVX512 and AVX2 of XSTATE
>           # feature flags.  If want to use AVX512, AVX2 must be supported and
> @@ -341,6 +341,10 @@ def crunch_numbers(state):
>   
>           # The behaviour described by RRSBA depend on eIBRS being active.
>           EIBRS: [RRSBA],
> +
> +        SEV: [SEV_ES],
> +
> +        SEV_ES: [SEV_SNP],
>       }
>   
>       deep_features = tuple(sorted(deps.keys()))