Re: [PATCH 1/2] crypto: move CCP device driver to misc

Hi Greg, On 01/19/2017 12:18 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:08:01PM -0500, Brijesh Singh wrote: The CCP device is part of the AMD Secure Processor, which is not dedicated solely to crypto. Move the CCP device driver to the misc directory in prepration for expanding the usage

Re: [PATCH 0/2] Introduce AMD Secure Processor device

Hi Greg, On 01/19/2017 12:21 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote: The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor, which is not dedicated solely to crypto. The AMD Secure Processor includes CCP and PSP (Platform Secure

[PATCH 0/2] Introduce AMD Secure Processor device

and Trusted Execution Environment (TEE) services provided by PSP device. http://marc.info/?l=linux-mm=147190938124206=2 Brijesh Singh (2): crypto: move CCP device driver to misc misc: amd-sp: introduce the AMD Secure Processor device drivers/crypto/Kconfig | 11

[PATCH 2/2] misc: amd-sp: introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

Re: [PATCH 0/2] Introduce AMD Secure Processor device

On 01/20/2017 02:45 AM, Greg KH wrote: On Thu, Jan 19, 2017 at 02:03:12PM -0600, Brijesh Singh wrote: Hi Greg, On 01/19/2017 12:21 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote: The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor

[RFC PATCH v1 16/28] x86: Add support to determine if running with SEV enabled

From: Tom Lendacky Early in the boot process, add a check to determine if the kernel is running with Secure Encrypted Virtualization (SEV) enabled. If active, the kernel will perform steps necessary to insure the proper kernel initialization process is performed.

[RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active

From: Tom Lendacky When Secure Encrypted Virtualization is active instruction fetches are always interpreted as being from encrypted memory so the trampoline area must remain encrypted when SEV is active. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 10/28] x86: Change early_ioremap to early_memremap for BOOT data

From: Tom Lendacky Signed-off-by: Tom Lendacky --- arch/x86/kernel/acpi/boot.c |4 ++-- arch/x86/kernel/mpparse.c | 10 +- drivers/sfi/sfi_core.c |6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git

[RFC PATCH v1 20/28] KVM: SVM: prepare for SEV guest management API support

then initialize PSP firmware during hardware probe Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |9 ++ arch/x86/kvm/svm.c | 213 +++ 2 files changed, 221 insertions(+), 1 deletion(-) diff --git a/ar

[RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver

The driver to communicate with Secure Encrypted Virtualization (SEV) firmware running within the AMD secure processor providing a secure key management interface for SEV guests. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command

The command initate the process to launch this guest into SEV-enabled mode. For more information on command structure see [1], section 6.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 06/28] KVM: SVM: Add SEV feature definitions to KVM

From: Tom Lendacky Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV). The kernel will check for the presence of this feature to determine if it is running with SEV active. Define the SEV enable bit for the VMCB control structure. The hypervisor will

[RFC PATCH v1 14/28] x86: Don't set the SME MSR bit when SEV is active

From: Tom Lendacky When SEV is active the virtual machine cannot set the MSR for SME, so don't set the trampoline flag for SME. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

[RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl

, KVM_SEV_ISSUE_CMD, ); On SEV command failure, data.ret_code will contain the firmware error code. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |3 + arch/x86/kvm/x86.c | 13 include/uapi/linux/kvm.h

[RFC PATCH v1 23/28] KVM: SVM: add SEV launch update command

The command is used for encrypting guest memory region. For more information see [1], section 6.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 01/28] kvm: svm: Add support for additional SVM NPF error codes

From: Tom Lendacky AMD hardware adds two additional bits to aid in nested page fault handling. Bit 32 - NPF occurred while translating the guest's final physical address Bit 33 - NPF occurred while translating the guest page tables The guest page tables fault indicator

[RFC PATCH v1 03/28] kvm: svm: Use the hardware provided GPA instead of page walk

From: Tom Lendacky When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to a GPA. This is unnecessary most of the time on AMD hardware since the hardware provides the GPA in EXITINFO2. The only exception

[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)

memory with hypervisor for to support pvclock driver Brijesh Singh (11): crypto: add AMD Platform Security Processor driver KVM: SVM: prepare to reserve asid for SEV guest KVM: SVM: prepare for SEV guest management API support KVM: introduce KVM_SEV_ISSUE_CMD ioctl KVM

[RFC PATCH v1 25/28] KVM: SVM: add KVM_SEV_GUEST_STATUS command

The command is used to query the SEV guest status. For more information see [1], section 6.10 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 41 +

[RFC PATCH v1 27/28] KVM: SVM: add KVM_SEV_DEBUG_ENCRYPT command

The command encrypts a region of guest memory for debugging purposes. For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 28/28] KVM: SVM: add command to query SEV API version

Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 4af195d..88b8f89 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5779,6 +5

[RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support

From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 12/28] x86: DMA support for SEV memory encryption

From: Tom Lendacky DMA access to memory mapped as encrypted while SEV is active can not be encrypted during device write or decrypted during device read. In order for DMA to properly work when SEV is active, the swiotlb bounce buffers must be used. Signed-off-by: Tom

[RFC PATCH v1 05/28] KVM: SVM: prepare for new bit definition in nested_ctl

From: Tom Lendacky Currently the nested_ctl variable in the vmcb_control_area structure is used to indicate nested paging support. The nested paging support field is actually defined as bit 0 of the this field. In order to support a new feature flag the usage of the

[RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is enabled

From: Tom Lendacky When running under SEV, some memory areas that were originally not encrypted under SME are already encrypted. In these situations do not attempt to encrypt them. Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c |

[RFC PATCH v1 17/28] KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature

From: Tom Lendacky Modify the SVM cpuid update function to indicate if Secure Encrypted Virtualization (SEV) is active by setting the SEV KVM cpu features bit if SEV is active. SEV is active if Secure Memory Encryption is active in the host and the SEV_ENABLE bit of the

[RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 14

[RFC PATCH v1 19/28] KVM: SVM: prepare to reserve asid for SEV guest

In current implementation, asid allocation starts from 1, this patch adds a min_asid variable in svm_vcpu structure to allow starting asid from something other than 1. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c |4 +++- 1 file changed, 3 insertions

[RFC PATCH v1 26/28] KVM: SVM: add KVM_SEV_DEBUG_DECRYPT command

The command decrypts a page of guest memory for debugging purposes. For more information see [1], section 7.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

Re: [RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot

Hi Boris, On 03/24/2017 12:12 PM, Borislav Petkov wrote: } +static inline int __init early_set_memory_decrypted(void *addr, + unsigned long size) +{ + return 1; return 1 when !CONFIG_AMD_MEM_ENCRYPT ? The non-early

Re: [RFC PATCH v2 18/32] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Boris, On 03/29/2017 10:14 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:16:05AM -0500, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to

Re: [RFC PATCH v2 32/32] x86: kvm: Pin the guest memory when SEV is active

On 03/16/2017 05:38 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: The SEV memory encryption engine uses a tweak such that two identical plaintexts at different location will have a different ciphertexts. So swapping or moving ciphertexts of two pages will not result

Re: [RFC PATCH v2 30/32] kvm: svm: Add support for SEV DEBUG_ENCRYPT command

On 03/16/2017 06:03 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: + data = (void *) get_zeroed_page(GFP_KERNEL); The page does not need to be zeroed, does it? No, we don't have to zero it. I will fix it. + + if ((len & 15) || (dst_addr

Re: [RFC PATCH v2 26/32] kvm: svm: Add support for SEV LAUNCH_UPDATE_DATA command

On 03/16/2017 05:48 AM, Paolo Bonzini wrote: On 02/03/2017 16:17, Brijesh Singh wrote: +static struct page **sev_pin_memory(unsigned long uaddr, unsigned long ulen, + unsigned long *n) +{ + struct page **pages; + int first, last; + unsigned

Re: [RFC PATCH v2 29/32] kvm: svm: Add support for SEV DEBUG_DECRYPT command

On 03/16/2017 05:54 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: +static int __sev_dbg_decrypt_page(struct kvm *kvm, unsigned long src, + void *dst, int *error) +{ + inpages = sev_pin_memory(src, PAGE_SIZE, ); + if (!inpages

[RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot

code. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/mem_encrypt.h | 15 + arch/x86/mm/mem_encrypt.c | 63 2 files changed, 78 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/i

[RFC PATCH v2 14/32] x86: mm: Provide support to use memblock when spliting large pages

in Secure Encrypted Virtualization (SEV) mode, where we may need to change the memory region attributes in early boot process. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/mm/pageattr.c | 51 1 file changed, 42 insertions

[RFC PATCH v2 10/32] x86: DMA support for SEV memory encryption

From: Tom Lendacky DMA access to memory mapped as encrypted while SEV is active can not be encrypted during device write or decrypted during device read. In order for DMA to properly work when SEV is active, the swiotlb bounce buffers must be used. Signed-off-by: Tom

[RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

From: Tom Lendacky Early in the boot process, add checks to determine if the kernel is running with Secure Encrypted Virtualization (SEV) active by issuing a CPUID instruction. During early compressed kernel booting, if SEV is active the pagetables are updated so that

[RFC PATCH v2 13/32] KVM: SVM: Enable SEV by setting the SEV_ENABLE CPU feature

From: Tom Lendacky Modify the SVM cpuid update function to indicate if Secure Encrypted Virtualization (SEV) is active in the guest by setting the SEV KVM CPU features bit. SEV is active if Secure Memory Encryption is enabled in the host and the SEV_ENABLE bit of the

[RFC PATCH v2 00/32] x86: Secure Encrypted Virtualization (AMD)

add APIs to support sharing the guest physical address with hypervisor - update kvm pvclock driver to use the shared buffer when SEV is active - pin the SEV guest memory Brijesh Singh (18): x86: mm: Provide support to use memblock when spliting large pages x86: Add support for changi

Re: [RFC PATCH v2 01/32] x86: Add the Secure Encrypted Virtualization CPU feature

Hi Boris, On 03/03/2017 10:59 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:12:09AM -0500, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> Update the CPU features to include identifying and reporting on the Secure Encrypted Virtualization (SEV) feature

Re: [RFC PATCH v2 00/32] x86: Secure Encrypted Virtualization (AMD)

Hi Bjorn, On 03/03/2017 02:33 PM, Bjorn Helgaas wrote: On Thu, Mar 02, 2017 at 10:12:01AM -0500, Brijesh Singh wrote: This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. This RFC is build upon Secure Memory Encryption (SME) RFCv4 [1]. What kernel

Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

Hi Boris and Paolo, On 03/09/2017 10:29 AM, Borislav Petkov wrote: On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote: This is not how you check if running under a hypervisor; you should check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn tells you if leaf

Re: [RFC PATCH v2 14/32] x86: mm: Provide support to use memblock when spliting large pages

Hi Boris, On 03/10/2017 05:06 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:15:15AM -0500, Brijesh Singh wrote: If kernel_maps_pages_in_pgd is called early in boot process to change the kernel_map_pages_in_pgd() memory attributes then it fails to allocate memory when spliting large

Re: [RFC PATCH v2 01/32] x86: Add the Secure Encrypted Virtualization CPU feature

On 03/04/2017 04:11 AM, Borislav Petkov wrote: > On Fri, Mar 03, 2017 at 03:01:23PM -0600, Brijesh Singh wrote: > > This looks like a wraparound... > > $ test-apply.sh /tmp/brijesh.singh.delta > checking file Documentation/admin-guide/kernel-parameters.txt > Hunk #1 succeed

[RFC PATCH v2 27/32] kvm: svm: Add support for SEV LAUNCH_FINISH command

The command is used for finializing the SEV guest launch process. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 36 1 file changed, 36 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 62c2b22..c

[RFC PATCH v2 17/32] x86: kvmclock: Clear encryption attribute when SEV is active

hypervisor and guest can access the data. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kernel/kvmclock.c | 65 ++-- 1 file changed, 56 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmc

Re: [RFC PATCH v2 19/32] crypto: ccp: Introduce the AMD Secure Processor device

Hi Mark, On 03/02/2017 11:39 AM, Mark Rutland wrote: On Thu, Mar 02, 2017 at 10:16:15AM -0500, Brijesh Singh wrote: The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD

[RFC PATCH v2 04/32] KVM: SVM: Add SEV feature definitions to KVM

From: Tom Lendacky Define a new KVM CPU feature for Secure Encrypted Virtualization (SEV). The kernel will check for the presence of this feature to determine if it is running with SEV active. Define the SEV enable bit for the VMCB control structure. The hypervisor will

[RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV

From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data, setup data) is encrypted and needs to be accessed as such when mapped. Update the architecture override in early_memremap to keep the encryption attribute when

[RFC PATCH v2 30/32] kvm: svm: Add support for SEV DEBUG_ENCRYPT command

The command copies a plain text into guest memory and encrypts it using the VM encryption key. The command will be used for debug purposes (e.g setting breakpoint through gdbserver) Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v2 06/32] x86/pci: Use memremap when walking setup data

From: Tom Lendacky The use of ioremap will force the setup data to be mapped decrypted even though setup data is encrypted. Switch to using memremap which will be able to perform the proper mapping. Signed-off-by: Tom Lendacky ---

[RFC PATCH v2 32/32] x86: kvm: Pin the guest memory when SEV is active

the KVM code to remove the pinning logical without making any changes into userspace (qemu). The patch pins userspace memory when a new slot is created and unpin the memory when slot is removed. [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh

[RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command

The command is used to retrieve the measurement of memory encrypted through the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation purposes. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v2 11/32] x86: Unroll string I/O when SEV is active

From: Tom Lendacky Secure Encrypted Virtualization (SEV) does not support string I/O, so unroll the string I/O operation into a loop operating on one element at a time. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 26

[RFC PATCH v2 19/32] crypto: ccp: Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

[RFC PATCH v2 09/32] x86: Change early_ioremap to early_memremap for BOOT data

From: Tom Lendacky In order to map BOOT data with the proper encryption bit, the early_ioremap() function calls are changed to early_memremap() calls. This allows the proper access for both SME and SEV. Signed-off-by: Tom Lendacky ---

[RFC PATCH v2 02/32] x86: Secure Encrypted Virtualization (SEV) support

From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines a flag that is used by the kernel to determine if it is running with SEV active. Signed-off-by: Tom Lendacky ---

[RFC PATCH v2 24/32] kvm: x86: prepare for SEV guest management API support

have asid value within asid range obtained through CPUID. - SEV guest must have the same asid for all vcpu's. A TLB flush is required if different vcpu for the same ASID is to be run on the same host CPU. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_

[RFC PATCH v2 18/32] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |1 + arch/x86/include/asm/kvm_host.h|3 ++ arch/x86/kvm/emulate.c | 20 +--- arch/x86/kvm/svm.

[RFC PATCH v2 01/32] x86: Add the Secure Encrypted Virtualization CPU feature

From: Tom Lendacky Update the CPU features to include identifying and reporting on the Secure Encrypted Virtualization (SEV) feature. SME is identified by CPUID 0x801f, but requires BIOS support to enable it (set bit 23 of MSR_K8_SYSCFG and set bit 0 of

[RFC PATCH v2 03/32] KVM: SVM: prepare for new bit definition in nested_ctl

From: Tom Lendacky Currently the nested_ctl variable in the vmcb_control_area structure is used to indicate nested paging support. The nested paging support field is actually defined as bit 0 of the field. In order to support a new feature flag the usage of the

[RFC PATCH v2 23/32] kvm: introduce KVM_MEMORY_ENCRYPT_OP ioctl

If hardware supports encrypting then KVM_MEMORY_ENCRYPT_OP ioctl can be used by qemu to issue platform specific memory encryption commands. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |2 ++ arch/x86/kvm/x86.c

[RFC PATCH v2 22/32] kvm: svm: prepare to reserve asid for SEV guest

In current implementation, asid allocation starts from 1, this patch adds a min_asid variable in svm_vcpu structure to allow starting asid from something other than 1. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> --- arch/x

[RFC PATCH v2 16/32] x86: kvm: Provide support to create Guest and HV shared per-CPU variables

-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kernel/kvm.c | 43 +++-- include/asm-generic/vmlinux.lds.h |3 +++ include/linux/percpu-defs.h |9 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/arch/x86/

[RFC PATCH v2 29/32] kvm: svm: Add support for SEV DEBUG_DECRYPT command

The command is used to decrypt guest memory region for debug purposes. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 76 1 file changed, 76 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm

[RFC PATCH v2 25/32] kvm: svm: Add support for SEV LAUNCH_START command

The command is used to bootstrap SEV guest from unencrypted boot images. The command creates a new VM encryption key (VEK) using the guest owner's public DH certificates, and session data. The VEK will be used to encrypt the guest memory. Signed-off-by: Brijesh Singh <brijesh.si...@amd.

[RFC PATCH v2 20/32] crypto: ccp: Add Platform Security Processor (PSP) interface support

-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/Kconfig |7 + drivers/crypto/ccp/Makefile |1 drivers/crypto/ccp/psp-dev.c | 211 ++ drivers/crypto/ccp/psp-dev.h | 102 drivers/crypto/ccp/sp-dev.c

[RFC PATCH v2 21/32] crypto: ccp: Add Secure Encrypted Virtualization (SEV) interface support

the userspace. - in-kernel API's to encrypt the guest memory region. The in-kernel APIs will be used by KVM to bootstrap and debug the SEV guest. SEV key management spec is available here [1] [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Signed-off-by: Brijesh Singh

[RFC PATCH v2 28/32] kvm: svm: Add support for SEV GUEST_STATUS command

The command is used for querying the SEV guest status. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 37 + 1 file changed, 37 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index c108064..977aa22

[RFC PATCH v2 26/32] kvm: svm: Add support for SEV LAUNCH_UPDATE_DATA command

The command is used for encrypting the guest memory region using the VM encryption key (VEK) created from LAUNCH_START. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 150 1 file changed, 150 insertions(+)

Re: [RFC Part2 PATCH v3 02/26] crypto: ccp: Add Platform Security Processor (PSP) device support

On 07/25/2017 03:29 AM, Kamil Konieczny wrote: Hi, minor misspelling, On 24.07.2017 22:02, Brijesh Singh wrote: Platform Security Processor (PSP) is part of AMD Secure Processor (AMD-SP), PSP is a dedicated processor that provides the support for key management commands in a Secure Encrypted

[RFC Part2 PATCH v3 03/26] crypto: ccp: Add Secure Encrypted Virtualization (SEV) device support

encryption context for the SEV guests. - a userspace IOCTL to manage the platform certificates etc Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: David S. Miller <da...@davemloft.net> Cc: Gary Hook <gary.h...@amd.com> Cc: linux-crypto@vger.kernel.org Signed-off-by: Brijesh

[RFC Part2 PATCH v3 02/26] crypto: ccp: Add Platform Security Processor (PSP) device support

tursted applications. Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: David S. Miller <da...@davemloft.net> Cc: Gary Hook <gary.h...@amd.com> Cc: linux-crypto@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/Kconfig | 9 ++ dri

[RFC Part2 PATCH v3 00/26] x86: Secure Encrypted Virtualization (AMD)

he number of calls to AMD-SP driver * Changes to address v2 feedbacks Brijesh Singh (24): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) crypto: ccp: Add Platform Security Processor (PSP) device support crypto: ccp: Add Secure Encrypted Virtualization (SEV) device

[PATCH] crypto: ccp: remove duplicate module version and author entry

; Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: David S. Miller <da...@davemloft.net> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/ccp-dev.c | 7 --- 1 file changed, 7 deletions(-) diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c ind

Re: [PATCH v2 2/3] crypto: ccp - Introduce the AMD Secure Processor device

On 06/28/2017 12:47 PM, Tom Lendacky wrote: diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0528a62..418f991 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -512,14 +512,14 @@ config CRYPTO_DEV_ATMEL_SHA To compile this driver as a module, choose

Re: [PATCH v2 2/3] crypto: ccp - Introduce the AMD Secure Processor device

On 06/28/2017 02:53 PM, Tom Lendacky wrote: In this I am leaving the top level config as-is and adding CONFIG_CRYPTO_DEV_SP_CCP to enable the CCP device support inside the SP device driver. [*] Support for AMD Secure Processor Secure Processor device driver Encryption and hashing

[PATCH v3 2/5] crypto: ccp - Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.

[PATCH v3 1/5] crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup

Update pci and platform files to use devres interface to allocate the PCI and iomap resources. Also add helper functions to consolicate module init, exit and power mangagement code duplication. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/ccp-dev-v3.c

[PATCH v3 4/5] crypto: ccp - rename ccp driver initialize files as sp device

ed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/Makefile| 4 +- drivers/crypto/ccp/ccp-dev.h | 6 -- drivers/crypto/ccp/sp-dev.c| 12 ++-- drivers/crypto/ccp/{ccp-pci.c => sp-pci.

[PATCH v3 RESEND 3/5] crypto: cpp - Abstract interrupt registeration

The CCP and PSP devices part of AMD Secure Procesor may share the same interrupt. Hence we expand the SP device to register a common interrupt handler and provide functions to CCP and PSP devices to register their interrupt callback which will be invoked upon interrupt. Signed-off-by: Brijesh

[PATCH v3 RESEND 2/5] crypto: ccp - Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.

[PATCH v3 RESEND 1/5] crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup

Update pci and platform files to use devres interface to allocate the PCI and iomap resources. Also add helper functions to consolicate module init, exit and power mangagement code duplication. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/ccp-dev-v3.c

[PATCH v3 RESEND 5/5] crypto: ccp - remove ccp_present() check from device initialize

Since SP device driver supports multiples devices (e.g CCP, PSP), we should not fail the driver init just because CCP device is not found. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/sp-dev.c | 12 1 file changed, 12 deletions(-) diff --git a/d

[PATCH v3 RESEND 4/5] crypto: ccp - rename ccp driver initialize files as sp device

ed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/Makefile| 4 +- drivers/crypto/ccp/ccp-dev.h | 6 -- drivers/crypto/ccp/sp-dev.c| 12 ++-- drivers/crypto/ccp/{ccp-pci.c => sp-pci.

[PATCH v3 RESEND 0/5] Introduce AMD Secure Processor device

ain the original Kconfig hierarchy - rename ccp-{pci,platform}.c -> sp-{pci,platform}.c - do not fail the module_init() when ccp device is not found Changes since v1: - remove unused function [sp_get_device()] Brijesh Singh (5): crypto: ccp - Use devres interface to allocate PCI/iomap and c

[PATCH v3 0/5] Introduce AMD Secure Processor device

fig hierarchy - rename ccp-{pci,platform}.c -> sp-{pci,platform}.c - do not fail the module_init() when ccp device is not found Changes since v1: - remove unused function [sp_get_device()] Brijesh Singh (5): crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup crypt

[PATCH v3 5/5] crypto: ccp - remove ccp_present() check from device initialize

Since SP device driver supports multiples devices (e.g CCP, PSP), we should not fail the driver init just because CCP device is not found. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/sp-dev.c | 12 1 file changed, 12 deletions(-) diff --git a/d

[PATCH v3 3/5] crypto: cpp - Abstract interrupt registeration

The CCP and PSP devices part of AMD Secure Procesor may share the same interrupt. Hence we expand the SP device to register a common interrupt handler and provide functions to CCP and PSP devices to register their interrupt callback which will be invoked upon interrupt. Signed-off-by: Brijesh

Re: [PATCH v2 2/3] crypto: ccp - Introduce the AMD Secure Processor device

e the system] > > url: > https://github.com/0day-ci/linux/commits/Brijesh-Singh/Introduce-AMD-Secure-Processor-device/20170625-064400 > base: > https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git > master > config: x86_64-randconfig-x016-07060921 (attached as

[PATCH v4 0/5] Introduce AMD Secure Processor device

nction [sp_get_device()] Brijesh Singh (5): crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup crypto: ccp - Introduce the AMD Secure Processor device crypto: cpp - Abstract interrupt registeration crypto: ccp - rename ccp driver initialize files as sp device crypto: ccp -

[PATCH v4 3/5] crypto: cpp - Abstract interrupt registeration

The CCP and PSP devices part of AMD Secure Procesor may share the same interrupt. Hence we expand the SP device to register a common interrupt handler and provide functions to CCP and PSP devices to register their interrupt callback which will be invoked upon interrupt. Signed-off-by: Brijesh

[PATCH v4 5/5] crypto: ccp - remove ccp_present() check from device initialize

Since SP device driver supports multiples devices (e.g CCP, PSP), we should not fail the driver init just because CCP device is not found. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Acked-by: Gary R Hook <gary.h...@amd.com> --- drivers/crypto/ccp/sp-dev.c | 12

[PATCH v4 2/5] crypto: ccp - Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

[PATCH v4 4/5] crypto: ccp - rename ccp driver initialize files as sp device

ed-off-by: Brijesh Singh <brijesh.si...@amd.com> Acked-by: Gary R Hook <gary.h...@amd.com> --- drivers/crypto/ccp/Makefile| 4 +- drivers/crypto/ccp/ccp-dev.h | 6 -- drivers/crypto/ccp/sp-dev.c| 12 ++-- drivers/cry

[PATCH v4 1/5] crypto: ccp - Use devres interface to allocate PCI/iomap and cleanup

Update pci and platform files to use devres interface to allocate the PCI and iomap resources. Also add helper functions to consolicate module init, exit and power mangagement code duplication. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Acked-by: Gary R Hook <gary.h..

[PATCH 3/3] crypto: cpp - Abstract interrupt registeration

The CCP and PSP devices part of AMD Secure Procesor may share the same interrupt. Hence we expand the SP device to register a common interrupt handler and provide functions to CCP and PSP devices to register their interrupt callback which will be invoked upon interrupt. Signed-off-by: Brijesh

[PATCH 2/3] crypto: ccp - Introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.

  1   2   3   >