[6.6]HYGON: Print some secure features when running on Hygon CPUs #350
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hygon inclusion category: feature CVE: NA --------------------------- Add the HYGON secure virtualization document describing the secure virtualization features. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
…support into the kernel hygon inclusion category: feature CVE: NA --------------------------- Provide CONFIG_HYGON_CSV to the arch/x86/Kconfig, and build HYGON's specific memory encryption support into the kernel when CONFIG_HYGON_CSV=y. Besides, add arch/x86/include/asm/processor-hygon.h to contains helpers to determine the Hygon CPUs so that we can call functions specific to CSV in the native code and reduce code intruision. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Add CSV and CSV2 to the list of memory encryption features. Also print CPU vendor while printing CSV infos. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The Cryptographic Co-Processor module will print 'SEV API' instead of 'CSV API' on Hygon CPU if CSV is supported. Fix this confused message here. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The KVM will print 'SEV supported' instead of 'CSV supported' on Hygon CPU if CSV is supported. Fix these confused messages here. Fix other 'SEV' messages in arch/x86/kvm/svm/svm.c. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Hygon SME is identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG). Hygon CSV and CSV2 are identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SME, CSV, CSV2 features as available if reported by CPUID and enabled by BIOS. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- This is a pure feature bits leaf. Add SM3 and SM4 feature bits from this leaf on Hygon CPUs. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Add CPU feature detection for Hygon 3rd CSV. This feature enhances CSV2 by also isolating NPT and VMCB, making them in-accessible to the hypervisor. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The commit 08f253e ("x86/cpu: Clear SME feature flag when not in use") will clear SME feature flag if the kernel is not using it on AMD CPUs, this will help userspace to determine if SME is available and in use from /proc/cpuinfo. Apply this change to Hygon CPUs as well. Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Configure CONFIG_HYGON_CSV=y so that Hygon Confidential Computing support will be compiled. Signed-off-by: hanliyang <hanliyang@hygon.cn>
deepin pr auto reviewHygon: Fix SME/CSV feature detection on SMM |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Avenger-285714
requested review from
MingcongBai,
huangbibo and
matrix-wsk
and removed request for
BLumia
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add the HYGON secure virtualization document describing the secure virtualization features. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit e9aaad4) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
added a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
The following commit remove some macro, fix it. commit 8609dd2 Author: Mario Limonciello <mario.limonciello@amd.com> Date: Tue May 28 16:07:08 2024 -0500 crypto: ccp - Represent capabilities register as a union Making the capabilities register a union makes it easier to refer to the members instead of always doing bit shifts. No intended functional changes. Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Link: deepin-community#350 Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add CSV and CSV2 to the list of memory encryption features. Also print CPU vendor while printing CSV infos. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: Link: deepin-community#350 (cherry picked from commit 3a15cca) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/mem_encrypt.h arch/x86/mm/mem_encrypt.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The Cryptographic Co-Processor module will print 'SEV API' instead of 'CSV API' on Hygon CPU if CSV is supported. Fix this confused message here. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 9d1c6b9) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The KVM will print 'SEV supported' instead of 'CSV supported' on Hygon CPU if CSV is supported. Fix these confused messages here. Fix other 'SEV' messages in arch/x86/kvm/svm/svm.c. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 8ab045c) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kvm/svm/sev.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Hygon SME is identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG). Hygon CSV and CSV2 are identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SME, CSV, CSV2 features as available if reported by CPUID and enabled by BIOS. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 54f0805) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kernel/cpu/hygon.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- This is a pure feature bits leaf. Add SM3 and SM4 feature bits from this leaf on Hygon CPUs. Signed-off-by: hanliyang <hanliyang@hygon.cn> [disabled-features.h and required-features.h removed by the commit commit 8f97566 Author: Xin Li (Intel) <xin@zytor.com> Date: Mon Mar 10 08:32:12 2025 +0100 x86/cpufeatures: Remove {disabled,required}-features.h The functionalities of {disabled,required}-features.h have been replaced with the auto-generated generated/<asm/cpufeaturemasks.h> header. Thus they are no longer needed and can be removed. None of the macros defined in {disabled,required}-features.h is used in tools, delete them too. Signed-off-by: Xin Li (Intel) <xin@zytor.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/r/20250305184725.3341760-4-xin@zytor.com] Link: deepin-community#350 (cherry picked from commit 4a0be8d) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeature.h arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/disabled-features.h arch/x86/include/asm/required-features.h
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add CPU feature detection for Hygon 3rd CSV. This feature enhances CSV2 by also isolating NPT and VMCB, making them in-accessible to the hypervisor. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 00a1c40) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeatures.h
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The commit 08f253e ("x86/cpu: Clear SME feature flag when not in use") will clear SME feature flag if the kernel is not using it on AMD CPUs, this will help userspace to determine if SME is available and in use from /proc/cpuinfo. Apply this change to Hygon CPUs as well. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 941989f) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Configure CONFIG_HYGON_CSV=y so that Hygon Confidential Computing support will be compiled. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit b0567bb) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/configs/deepin_x86_desktop_defconfig
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add the HYGON secure virtualization document describing the secure virtualization features. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit e9aaad4) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
added a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
The following commit remove some macro, fix it. commit 8609dd2 Author: Mario Limonciello <mario.limonciello@amd.com> Date: Tue May 28 16:07:08 2024 -0500 crypto: ccp - Represent capabilities register as a union Making the capabilities register a union makes it easier to refer to the members instead of always doing bit shifts. No intended functional changes. Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Link: deepin-community#350 Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add CSV and CSV2 to the list of memory encryption features. Also print CPU vendor while printing CSV infos. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: Link: deepin-community#350 (cherry picked from commit 3a15cca) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/mem_encrypt.h arch/x86/mm/mem_encrypt.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The Cryptographic Co-Processor module will print 'SEV API' instead of 'CSV API' on Hygon CPU if CSV is supported. Fix this confused message here. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 9d1c6b9) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The KVM will print 'SEV supported' instead of 'CSV supported' on Hygon CPU if CSV is supported. Fix these confused messages here. Fix other 'SEV' messages in arch/x86/kvm/svm/svm.c. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 8ab045c) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kvm/svm/sev.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Hygon SME is identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG). Hygon CSV and CSV2 are identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SME, CSV, CSV2 features as available if reported by CPUID and enabled by BIOS. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 54f0805) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kernel/cpu/hygon.c
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- This is a pure feature bits leaf. Add SM3 and SM4 feature bits from this leaf on Hygon CPUs. Signed-off-by: hanliyang <hanliyang@hygon.cn> [disabled-features.h and required-features.h removed by the commit commit 8f97566 Author: Xin Li (Intel) <xin@zytor.com> Date: Mon Mar 10 08:32:12 2025 +0100 x86/cpufeatures: Remove {disabled,required}-features.h The functionalities of {disabled,required}-features.h have been replaced with the auto-generated generated/<asm/cpufeaturemasks.h> header. Thus they are no longer needed and can be removed. None of the macros defined in {disabled,required}-features.h is used in tools, delete them too. Signed-off-by: Xin Li (Intel) <xin@zytor.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/r/20250305184725.3341760-4-xin@zytor.com] Link: deepin-community#350 (cherry picked from commit 4a0be8d) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeature.h arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/disabled-features.h arch/x86/include/asm/required-features.h
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Add CPU feature detection for Hygon 3rd CSV. This feature enhances CSV2 by also isolating NPT and VMCB, making them in-accessible to the hypervisor. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 00a1c40) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeatures.h
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- The commit 08f253e ("x86/cpu: Clear SME feature flag when not in use") will clear SME feature flag if the kernel is not using it on AMD CPUs, this will help userspace to determine if SME is available and in use from /proc/cpuinfo. Apply this change to Hygon CPUs as well. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 941989f) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
pushed a commit
to opsiff/UOS-kernel
that referenced
this pull request
Jan 5, 2026
hygon inclusion category: feature CVE: NA --------------------------- Configure CONFIG_HYGON_CSV=y so that Hygon Confidential Computing support will be compiled. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit b0567bb) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/configs/deepin_x86_desktop_defconfig
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hygon CPUs support many security features, such as SME, CSV, CSV2, CSV3, SM3, SM4. Add patch to print these features in the kernel log so that users can check and utilize these security features easily.
Reference:
https://gitee.com/openeuler/kernel/pulls/5243
https://gitee.com/openeuler/kernel/issues/I98NP1
Link: https://gitee.com/deepin-kernelsig/kernel/pulls/1