[Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)

This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM changes required to create and manage SEV guests. SEV is an extension to the AMD-V architecture which supports running encrypted virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have their pages

[Part2 PATCH v6 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

From: Borislav Petkov This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov Signed-off-by: Brijesh Singh Cc: Brijesh Singh

[Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

AMD's new Secure Encrypted Virtualization (SEV) feature allows the memory contents of virtual machines to be transparently encrypted with a key unique to the VM. The programming and management of the encryption keys are handled by the AMD Secure Processor (AMD-SP) which exposes the commands for

[Part2 PATCH v6 10/38] crypto: ccp: Define SEV userspace ioctl and command id

Add a include file which defines the ioctl and command id used for issuing SEV platform management specific commands. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook

[Part2 PATCH v6 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

The SEV_FACTORY_RESET command can be used by the platform owner to reset the non-volatile SEV related data. The command is defined in SEV spec section 5.4 Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu

[Part2 PATCH v6 11/38] crypto: ccp: Define SEV key management command id

Define Secure Encrypted Virtualization (SEV) key management command id and structure. The command definition is available in SEV KM [1] spec 0.14. [1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf Cc: Paolo Bonzini Cc: "Radim Krčmář"

[Part2 PATCH v6 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

The SEV_PLATFORM_STATUS command can be used by the platform owner to get the current status of the platform. The command is defined in SEV spec section 5.5. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu

[Part2 PATCH v6 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu

[Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

The SEV_PEK_GEN command is used to generate a new Platform Endorsement Key (PEK). The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc:

[Part2 PATCH v6 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

The Platform Security Processor (PSP) is part of the AMD Secure Processor (AMD-SP) functionality. The PSP is a dedicated processor that provides support for key management commands in Secure Encrypted Virtualization (SEV) mode, along with software-based Trusted Execution Environment (TEE) to

[Part2 PATCH v6 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

The SEV_PDH_GEN command is used to re-generate the Platform Diffie-Hellman (PDH) key. The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc:

[Part2 PATCH v6 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK certificate. The command is defined in SEV spec section 5.8. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc:

[Part2 PATCH v6 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc:

Re: [PATCH 1/2] random: always call random ready function

Good tips, thanks. I'll wait for more comments before resubmitting v2, but in-progress changes live here: https://git.zx2c4.com/linux-dev/log/?h=jd/cleaner-add-random-ready

Re: [PATCH 1/2] random: always call random ready function

On Thu, Oct 19, 2017 at 1:45 PM, Jason A. Donenfeld wrote: > As this interface becomes more heavily used, it will be painful for > callers to always need to check for -EALREADY. > > Signed-off-by: Jason A. Donenfeld > --- > drivers/char/random.c | 24

[PATCH 2/2] crypto/drbg: account for no longer returning -EALREADY

We now structure things in a way that assumes the seeding function is always eventually called. Signed-off-by: Jason A. Donenfeld --- crypto/drbg.c | 20 +--- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index

Re: [PATCH 1/2] random: always call random ready function

These are mostly untested, but I wanted to spec it out for a taste of what it looks like.

[PATCH 1/2] random: always call random ready function

As this interface becomes more heavily used, it will be painful for callers to always need to check for -EALREADY. Signed-off-by: Jason A. Donenfeld --- drivers/char/random.c | 24 1 file changed, 16 insertions(+), 8 deletions(-) diff --git

[PATCH v5 2/2] crypto: stm32 - Support for STM32 CRYP crypto module

This module registers block cipher algorithms that make use of the STMicroelectronics STM32 crypto "CRYP1" hardware. The following algorithms are supported: - aes: ecb, cbc, ctr - des: ecb, cbc - tdes: ecb, cbc Signed-off-by: Fabien Dessenne ---

[PATCH v5 1/2] dt-bindings: Document STM32 CRYP bindings

Document device tree bindings for the STM32 CRYP. Signed-off-by: Fabien Dessenne Acked-by: Rob Herring --- .../devicetree/bindings/crypto/st,stm32-cryp.txt | 19 +++ 1 file changed, 19 insertions(+) create mode 100644

[PATCH v5 0/2] STM32 CRYP crypto driver

This set of patches adds a new crypto driver for STMicroelectronics stm32 HW. This drivers uses the crypto API and provides with HW-enabled block cipher algorithms. This driver was successfully tested with tcrypt / testmgr. Changes since v5: -add timeout in wait_busy function -clear key after

Re: [PATCH v4 2/2] crypto: stm32 - Support for STM32 CRYP crypto module

On 19/10/2017 15:01, Fabien DESSENNE wrote: > Hi Corentin > > > Thank you for your comments. I will fix according to them. See also me > answers/questions below > > While we are at it, do you plan to deliver a new version of the > crypto_engine update? (I had to remove the AEAD part of this

Re: [PATCH v4 2/2] crypto: stm32 - Support for STM32 CRYP crypto module

Hi Corentin Thank you for your comments. I will fix according to them. See also me answers/questions below While we are at it, do you plan to deliver a new version of the crypto_engine update? (I had to remove the AEAD part of this new driver since it depends on that pending update) BR

Re: [PATCH v4 2/2] crypto: stm32 - Support for STM32 CRYP crypto module

Hello I have some minor comment below On Thu, Oct 19, 2017 at 11:03:59AM +0200, Fabien Dessenne wrote: > This module registers block cipher algorithms that make use of the > STMicroelectronics STM32 crypto "CRYP1" hardware. > The following algorithms are supported: > - aes: ecb, cbc, ctr > -

Re: [PATCH v7 2/2] crypto: s5p-sss: Add HASH support for Exynos

On Tue, Oct 17, 2017 at 1:28 PM, Kamil Konieczny wrote: > Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW. > It uses the crypto framework asynchronous hash api. > It is based on omap-sham.c driver. > S5P has some HW differencies and is not

Re: [PATCH v7 1/2] crypto: s5p-sss: change spaces into tabs in defines

On Tue, Oct 17, 2017 at 1:28 PM, Kamil Konieczny wrote: > change spaces into tabs in defines > > Signed-off-by: Kamil Konieczny > --- > drivers/crypto/s5p-sss.c | 190 > +++ > 1 file

[PATCH v4 1/2] dt-bindings: Document STM32 CRYP bindings

Document device tree bindings for the STM32 CRYP. Signed-off-by: Fabien Dessenne Acked-by: Rob Herring --- .../devicetree/bindings/crypto/st,stm32-cryp.txt | 19 +++ 1 file changed, 19 insertions(+) create mode 100644

[PATCH v4 2/2] crypto: stm32 - Support for STM32 CRYP crypto module

This module registers block cipher algorithms that make use of the STMicroelectronics STM32 crypto "CRYP1" hardware. The following algorithms are supported: - aes: ecb, cbc, ctr - des: ecb, cbc - tdes: ecb, cbc Signed-off-by: Fabien Dessenne ---

[PATCH v4 0/2] STM32 CRYP crypto driver

This set of patches adds a new crypto driver for STMicroelectronics stm32 HW. This drivers uses the crypto API and provides with HW-enabled block cipher algorithms. This driver was successfully tested with tcrypt / testmgr. Changes since v4: - remove AEAD support from crypto engine as proposed

Re: [PATCH v3] staging: ccree: fix boolreturn.cocci warning

On Thursday 19 October 2017 02:24 AM, Tobin C. Harding wrote: > Hi Suniel, > > Well done with you continued versions. I am being particularly nit picky here > but since we are > striving for perfection I'm sure will humour me. If English is not your first > language please > forgive me for