Skip to content

Commit ccd51e9

Browse files
katexochenkatexochen
committed
abi: parse PlatformInfo with badram mitigation
Signed-off-by: Paul Meyer <[email protected]>
1 parent d30defa commit ccd51e9

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

abi/abi.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ const (
7373
policyDebugBit = 19
7474
policySingleSocketBit = 20
7575

76-
maxPlatformInfoBit = 4
76+
maxPlatformInfoBit = 5
7777

7878
signatureOffset = 0x2A0
7979
ecdsaRSsize = 72 // From the ECDSA-P384-SHA384 format in SEV SNP API specification.
@@ -193,6 +193,9 @@ type SnpPlatformInfo struct {
193193
RAPLDisabled bool
194194
// CiphertextHidingDRAMEnabled indicates cypher text hiding is enabled for DRAM.
195195
CiphertextHidingDRAMEnabled bool
196+
// AliasCheckComplete indicates that alias detection has completed since the last system reset and there are no aliasing addresses.
197+
// Mitigation for https://badram.eu/, see https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html#mitigation.
198+
AliasCheckComplete bool
196199
}
197200

198201
// SnpPolicy represents the bitmask guest policy that governs the VM's behavior from launch.
@@ -256,6 +259,7 @@ func ParseSnpPlatformInfo(platformInfo uint64) (SnpPlatformInfo, error) {
256259
ECCEnabled: (platformInfo & (1 << 2)) != 0,
257260
RAPLDisabled: (platformInfo & (1 << 3)) != 0,
258261
CiphertextHidingDRAMEnabled: (platformInfo & (1 << 4)) != 0,
262+
AliasCheckComplete: (platformInfo & (1 << 5)) != 0,
259263
}
260264
reserved := platformInfo & ^uint64((1<<(maxPlatformInfoBit+1))-1)
261265
if reserved != 0 {

abi/abi_test.go

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -244,8 +244,27 @@ func TestSnpPlatformInfo(t *testing.T) {
244244
},
245245
},
246246
{
247-
input: 32,
248-
wantErr: "unrecognized platform info bit(s): 0x20",
247+
input: 42,
248+
want: SnpPlatformInfo{
249+
TSMEEnabled: true,
250+
RAPLDisabled: true,
251+
AliasCheckComplete: true,
252+
},
253+
},
254+
{
255+
input: 63,
256+
want: SnpPlatformInfo{
257+
TSMEEnabled: true,
258+
SMTEnabled: true,
259+
ECCEnabled: true,
260+
RAPLDisabled: true,
261+
CiphertextHidingDRAMEnabled: true,
262+
AliasCheckComplete: true,
263+
},
264+
},
265+
{
266+
input: 64,
267+
wantErr: "unrecognized platform info bit(s): 0x40",
249268
},
250269
}
251270
for _, tc := range tests {

0 commit comments

Comments
 (0)