Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 597cfe48 authored Sep 07, 2020 by Joerg Roedel Committed by Borislav Petkov Sep 07, 2020

x86/boot/compressed/64: Setup a GHCB-based VC Exception handler



Install an exception handler for #VC exception that uses a GHCB. Also
add the infrastructure for handling different exit-codes by decoding
the instruction that caused the exception and error handling.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200907131613.12703-24-joro@8bytes.org

parent c81d6002

arch/x86/Kconfig

+1 −0

Original line number	Diff line number	Diff line
		@@ -1521,6 +1521,7 @@ config AMD_MEM_ENCRYPT
		select DYNAMIC_PHYSICAL_MASK
		select ARCH_USE_MEMREMAP_PROT
		select ARCH_HAS_FORCE_DMA_UNENCRYPTED
		select INSTRUCTION_DECODER
		help
		Say yes to enable support for the encryption of system memory.
		This requires an AMD processor that supports Secure Memory

arch/x86/boot/compressed/Makefile

+5 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,11 @@ KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
		KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
		KBUILD_CFLAGS += -D__DISABLE_EXPORTS

		# sev-es.c indirectly inludes inat-table.h which is generated during
		# compilation and stored in $(objtree). Add the directory to the includes so
		# that the compiler finds it even with out-of-tree builds (make O=/some/path).
		CFLAGS_sev-es.o += -I$(objtree)/arch/x86/lib/

		KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
		GCOV_PROFILE := n
		UBSAN_SANITIZE :=n

arch/x86/boot/compressed/idt_64.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -46,5 +46,9 @@ void load_stage2_idt(void)

		set_idt_entry(X86_TRAP_PF, boot_page_fault);

		#ifdef CONFIG_AMD_MEM_ENCRYPT
		set_idt_entry(X86_TRAP_VC, boot_stage2_vc);
		#endif

		load_boot_idt(&boot_idt_desc);
		}

arch/x86/boot/compressed/idt_handlers_64.S

+2 −1

Original line number	Diff line number	Diff line
		@@ -73,4 +73,5 @@ EXCEPTION_HANDLER boot_page_fault do_boot_page_fault error_code=1

		#ifdef CONFIG_AMD_MEM_ENCRYPT
		EXCEPTION_HANDLER boot_stage1_vc do_vc_no_ghcb error_code=1
		EXCEPTION_HANDLER boot_stage2_vc do_boot_stage2_vc error_code=1
		#endif

arch/x86/boot/compressed/misc.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -442,6 +442,13 @@ asmlinkage __visible void extract_kernel(void rmode, memptr heap,
		parse_elf(output);
		handle_relocations(output, output_len, virt_addr);
		debug_putstr("done.\nBooting the kernel.\n");

		/*
		* Flush GHCB from cache and map it encrypted again when running as
		* SEV-ES guest.
		*/
		sev_es_shutdown_ghcb();

		return output;
		}

CRA Git | Maintained and supported by SUSTech CRA and CCSE