This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.
SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have
their
pages
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Cc: Brijesh Singh
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM [1] spec
0.14.
[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc:
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to
The SEV_PDH_GEN command is used to re-generate the Platform
Diffie-Hellman (PDH) key. The command is defined in SEV spec section
5.6.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc:
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc:
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc:
Good tips, thanks. I'll wait for more comments before resubmitting v2,
but in-progress changes live here:
https://git.zx2c4.com/linux-dev/log/?h=jd/cleaner-add-random-ready
On Thu, Oct 19, 2017 at 1:45 PM, Jason A. Donenfeld wrote:
> As this interface becomes more heavily used, it will be painful for
> callers to always need to check for -EALREADY.
>
> Signed-off-by: Jason A. Donenfeld
> ---
> drivers/char/random.c | 24
We now structure things in a way that assumes the seeding function is
always eventually called.
Signed-off-by: Jason A. Donenfeld
---
crypto/drbg.c | 20 +---
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index
These are mostly untested, but I wanted to spec it out for a taste of
what it looks like.
As this interface becomes more heavily used, it will be painful for
callers to always need to check for -EALREADY.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 24
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git
This module registers block cipher algorithms that make use of the
STMicroelectronics STM32 crypto "CRYP1" hardware.
The following algorithms are supported:
- aes: ecb, cbc, ctr
- des: ecb, cbc
- tdes: ecb, cbc
Signed-off-by: Fabien Dessenne
---
Document device tree bindings for the STM32 CRYP.
Signed-off-by: Fabien Dessenne
Acked-by: Rob Herring
---
.../devicetree/bindings/crypto/st,stm32-cryp.txt | 19 +++
1 file changed, 19 insertions(+)
create mode 100644
This set of patches adds a new crypto driver for STMicroelectronics stm32 HW.
This drivers uses the crypto API and provides with HW-enabled block cipher
algorithms.
This driver was successfully tested with tcrypt / testmgr.
Changes since v5:
-add timeout in wait_busy function
-clear key after
On 19/10/2017 15:01, Fabien DESSENNE wrote:
> Hi Corentin
>
>
> Thank you for your comments. I will fix according to them. See also me
> answers/questions below
>
> While we are at it, do you plan to deliver a new version of the
> crypto_engine update? (I had to remove the AEAD part of this
Hi Corentin
Thank you for your comments. I will fix according to them. See also me
answers/questions below
While we are at it, do you plan to deliver a new version of the
crypto_engine update? (I had to remove the AEAD part of this new driver
since it depends on that pending update)
BR
Hello
I have some minor comment below
On Thu, Oct 19, 2017 at 11:03:59AM +0200, Fabien Dessenne wrote:
> This module registers block cipher algorithms that make use of the
> STMicroelectronics STM32 crypto "CRYP1" hardware.
> The following algorithms are supported:
> - aes: ecb, cbc, ctr
> -
On Tue, Oct 17, 2017 at 1:28 PM, Kamil Konieczny
wrote:
> Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW.
> It uses the crypto framework asynchronous hash api.
> It is based on omap-sham.c driver.
> S5P has some HW differencies and is not
On Tue, Oct 17, 2017 at 1:28 PM, Kamil Konieczny
wrote:
> change spaces into tabs in defines
>
> Signed-off-by: Kamil Konieczny
> ---
> drivers/crypto/s5p-sss.c | 190
> +++
> 1 file
Document device tree bindings for the STM32 CRYP.
Signed-off-by: Fabien Dessenne
Acked-by: Rob Herring
---
.../devicetree/bindings/crypto/st,stm32-cryp.txt | 19 +++
1 file changed, 19 insertions(+)
create mode 100644
This module registers block cipher algorithms that make use of the
STMicroelectronics STM32 crypto "CRYP1" hardware.
The following algorithms are supported:
- aes: ecb, cbc, ctr
- des: ecb, cbc
- tdes: ecb, cbc
Signed-off-by: Fabien Dessenne
---
This set of patches adds a new crypto driver for STMicroelectronics stm32 HW.
This drivers uses the crypto API and provides with HW-enabled block cipher
algorithms.
This driver was successfully tested with tcrypt / testmgr.
Changes since v4:
- remove AEAD support from crypto engine as proposed
On Thursday 19 October 2017 02:24 AM, Tobin C. Harding wrote:
> Hi Suniel,
>
> Well done with you continued versions. I am being particularly nit picky here
> but since we are
> striving for perfection I'm sure will humour me. If English is not your first
> language please
> forgive me for
30 matches
Mail list logo