x86/sev-es: Print SEV-ES info into the kernel log

Refactor the message printed to the kernel log which indicates whether
SEV or SME, etc is active. This will scale better in the future when
more memory encryption features might be added. Also add SEV-ES to the
list of features.

 [ bp: Massage. ]

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-38-joro@8bytes.org

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index a38f556..ebb7edc 100644 (file)
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -407,6 +407,31 @@ void __init mem_encrypt_free_decrypted_mem(void)
        free_init_pages("unused decrypted", vaddr, vaddr_end);
 }
 
+static void print_mem_encrypt_feature_info(void)
+{
+       pr_info("AMD Memory Encryption Features active:");
+
+       /* Secure Memory Encryption */
+       if (sme_active()) {
+               /*
+                * SME is mutually exclusive with any of the SEV
+                * features below.
+                */
+               pr_cont(" SME\n");
+               return;
+       }
+
+       /* Secure Encrypted Virtualization */
+       if (sev_active())
+               pr_cont(" SEV");
+
+       /* Encrypted Register State */
+       if (sev_es_active())
+               pr_cont(" SEV-ES");
+
+       pr_cont("\n");
+}
+
 /* Architecture __weak replacement functions */
 void __init mem_encrypt_init(void)
 {
@@ -422,8 +447,6 @@ void __init mem_encrypt_init(void)
        if (sev_active())
                static_branch_enable(&sev_enable_key);
 
-       pr_info("AMD %s active\n",
-               sev_active() ? "Secure Encrypted Virtualization (SEV)"
-                            : "Secure Memory Encryption (SME)");
+       print_mem_encrypt_feature_info();
 }