x86/sev-es: Print SEV-ES info into the kernel log

Refactor the message printed to the kernel log which indicates whether
SEV or SME, etc is active. This will scale better in the future when
more memory encryption features might be added. Also add SEV-ES to the
list of features.

 [ bp: Massage. ]

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-38-joro@8bytes.org

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index a38f55676bb7a965684af37d9af1443887d4f89c..ebb7edc8bc0ab15bf90ffcfda5d0a5b7ce2502fb 100644 (file)
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -407,6 +407,31 @@ void __init mem_encrypt_free_decrypted_mem(void)
        free_init_pages("unused decrypted", vaddr, vaddr_end);
 }
 
+static void print_mem_encrypt_feature_info(void)
+{
+       pr_info("AMD Memory Encryption Features active:");
+
+       /* Secure Memory Encryption */
+       if (sme_active()) {
+               /*
+                * SME is mutually exclusive with any of the SEV
+                * features below.
+                */
+               pr_cont(" SME\n");
+               return;
+       }
+
+       /* Secure Encrypted Virtualization */
+       if (sev_active())
+               pr_cont(" SEV");
+
+       /* Encrypted Register State */
+       if (sev_es_active())
+               pr_cont(" SEV-ES");
+
+       pr_cont("\n");
+}
+
 /* Architecture __weak replacement functions */
 void __init mem_encrypt_init(void)
 {
@@ -422,8 +447,6 @@ void __init mem_encrypt_init(void)
        if (sev_active())
                static_branch_enable(&sev_enable_key);
 
-       pr_info("AMD %s active\n",
-               sev_active() ? "Secure Encrypted Virtualization (SEV)"
-                            : "Secure Memory Encryption (SME)");
+       print_mem_encrypt_feature_info();
 }