Re: AM4 BIOS AGESA Code 1.0.0.4C & Linux Kernel

Hi, The workaround to handle this FW bug has been submitted last month https://marc.info/?l=linux-crypto-vger=153436754612783=2 And patch is accepted in crypto tree https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git/commit/?id=3702a0585e64d70d5bf73bf3e943b8d6005b72c1 It

[PATCH crypto-2.6] crypto: ccp: add PSP cmd timeout

will not apply cleanly hence I will rework a different patch for stable trees after this patch is accepted. Brijesh Singh (1): crypto: ccp: add timeout support in the SEV command drivers/crypto/ccp/psp-dev.c | 46 +++- 1 file changed, 41 insertions(+), 5

Re: [PATCH v1 4/5] crypto: ccp: Support register differences between PSP devices

--- drivers/crypto/ccp/psp-dev.c | 24 drivers/crypto/ccp/psp-dev.h |9 - drivers/crypto/ccp/sp-dev.h |7 ++- drivers/crypto/ccp/sp-pci.c |7 ++- 4 files changed, 24 insertions(+), 23 deletions(-) Reviewed-by: Brijesh Singh diff --git

Re: [PATCH v1 3/5] crypto: ccp: Remove unused #defines

+- drivers/crypto/ccp/psp-dev.h | 10 +- 2 files changed, 2 insertions(+), 10 deletions(-) Reviewed-by: Brijesh Singh diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 91ef6ed..875756d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c

Re: [PATCH v1 1/5] crypto: ccp: Fix command completion detection race

pport") Cc: # 4.16.x- Signed-off-by: Tom Lendacky --- Reviewed-by: Brijesh Singh drivers/crypto/ccp/psp-dev.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index ff478d8..973d683 100644 --- a/driv

Re: [PATCH] crypto: ccp: Use memdup_user() rather than duplicating its implementation

ing the Coccinelle software. > > Signed-off-by: Markus Elfring <elfr...@users.sourceforge.net> > --- > drivers/crypto/ccp/psp-dev.c | 15 +-- > 1 file changed, 1 insertion(+), 14 deletions(-) Reviewed-by: Brijesh Singh <brijesh.si...@amd.com> thanks > d

Re: [PATCH 1/2] crypto: ccp: Fix sparse, use plain integer as NULL pointer

Hi Herbert, On 03/02/2018 10:41 AM, Herbert Xu wrote: On Thu, Feb 15, 2018 at 01:34:44PM -0600, Brijesh Singh wrote: Fix sparse warning: Using plain integer as NULL pointer. Replaces assignment of 0 to pointer with NULL assignment. Fixes: 200664d5237f (Add Secure Encrypted Virtualization

[PATCH v2] crypto: ccp: add check to get PSP master only when PSP is detected

nel crash. Add check to call get master device only when PSP/SEV is detected. Reported-by: Paulian Bogdan Marinca <paul...@marinca.net> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> CC: Gary R Hook <gary.h...@amd.com> Cc: linux-ker...@vger.kernel

[PATCH] crypto: ccp: add check to get PSP master only when PSP is detected

nel crash. Add check to call get master device only when PSP/SEV is detected. Reported-by: Paulian Bogdan Marinca <paul...@marinca.net> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> CC: Gary R Hook <gary.h...@amd.com> Cc: linux-ker...@vger.kernel

[PATCH 1/2] crypto: ccp: Fix sparse, use plain integer as NULL pointer

...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index fcf

[PATCH 2/2] include: psp-sev: Capitalize invalid length enum

..@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> CC: Gary R Hook <gary.h...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/uapi/linux/psp-sev.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/psp-se

[PATCH 0/4] KVM: SVM: kbuild test robot warning fixes

gt; Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: linux-crypto@vger.

[PATCH 1/4] crypto: ccp: Fix sparse, use plain integer as NULL pointer

a.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 8 1 file changed, 4 insert

Re: [Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)

On 12/21/17 9:51 AM, Brijesh Singh wrote: > > On 12/21/17 7:06 AM, Paolo Bonzini wrote: > > > Hi Paolo, >   > >> Hi Brijesh, >> >> I have a couple comments: >> >> 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in >&

Re: [Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)

On 12/21/17 7:06 AM, Paolo Bonzini wrote: Hi Paolo,   > Hi Brijesh, > > I have a couple comments: > > 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in > the manual? It is a non interceptable read-only MSR set by the HW when SEV feature is enabled in VMRUN

Re: [Part2 PATCH v9 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

r (PSP) interface + * + * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * + * Author: Brijesh Singh <brijesh.si...@amd.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published

[Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)

to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (34): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: SVM: Pr

[Part2 PATCH v9 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-of

[Part2 PATCH v9 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by

[Part2 PATCH v9 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 105 +++

[Part2 PATCH v9 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh

[Part2 PATCH v9 10/38] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd

[Part2 PATCH v9 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav

[Part2 PATCH v9 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v9 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v9 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: G

[Part2 PATCH v9 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v9 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Improvements-by: Borislav Petkov <

[Part2 PATCH v9 11/38] crypto: ccp: Define SEV key management command id

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- include/linux/psp-sev.h | 465 1 file change

[Part2 PATCH v8 10/38] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd

[Part2 PATCH v8 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: G

[Part2 PATCH v8 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by

[Part2 PATCH v8 11/38] crypto: ccp: Define SEV key management command id

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- include/linux/psp-sev.h | 465 1 file change

[Part2 PATCH v8 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh

[Part2 PATCH v8 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-of

[Part2 PATCH v8 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 105 +++

[Part2 PATCH v8 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v8 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v8 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Improvements-by: Borislav Petkov <

[Part2 PATCH v8 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav

[Part2 PATCH v8 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v8 00/38] x86: Secure Encrypted Virtualization (AMD)

tkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (34): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: SVM: Prepare to reserve asid for SEV guest KVM: X86: Extend CPUID range to include new leaf KV

Re: [Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

On 11/05/2017 05:34 AM, Borislav Petkov wrote: ... Fixes ontop: * !input.cert_chain_address test was repeated. I saw that by aligning them vertically, i.e., after making it more readable, the repetition became obvious. * Do the lengths checks first and the access_ok after, in each PDH and

Re: [Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On 11/3/17 2:42 PM, Borislav Petkov wrote: ... >> +if (psp_master->sev_state == SEV_STATE_UNINIT) { >> +ret = __sev_platform_init_locked(psp_master->sev_init, >> >error); > Right, you're passing psp_master->sev_init (or whatever you're going to > end up calling it) down but

Re: [Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)

Hi Herbert, On 10/24/2017 07:14 AM, Brijesh Singh wrote: Hi Herbert and Paolo, Since the PSP patches touches both the CCP and KVM driver, hence I was wondering if you guys have any thought on how PSP patches will be merged? I am talking about Patch 9 to 20 from this series. I have

[Part2 PATCH v7 00/38] x86: Secure Encrypted Virtualization (AMD)

umber of calls to AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (34): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: SVM: Prepare to reserve

[Part2 PATCH v7 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: G

[Part2 PATCH v7 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh

[Part2 PATCH v7 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 105 +++

[Part2 PATCH v7 11/38] crypto: ccp: Define SEV key management command id

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- include/linux/psp-sev.h | 494 1 file change

[Part2 PATCH v7 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed

[Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v7 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v7 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav

[Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v7 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Improvements-by: Borislav Petkov <

[Part2 PATCH v7 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-of

[Part2 PATCH v7 10/38] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd

Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/30/17 12:57 PM, Borislav Petkov wrote: > On Mon, Oct 30, 2017 at 12:49:14PM -0500, Brijesh Singh wrote: >> If the buffer is allocated on the stack then there is no guarantee that > static global is not allocated on the stack. Okay, Just tried static global with CONFIG_VMAP_S

Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/30/2017 12:21 PM, Borislav Petkov wrote: ... Useless forward declarations. Actually its helpful in other patches. I was trying to avoid making too many code movement in other patches to eliminate the forward declarations. I guess I can fix in v7. static struct psp_device

[Part2 PATCH v6.2 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh &

[Part2 PATCH v6.1 15/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Improvements-by: Borislav Petkov <

[Part2 PATCH v6.1 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed

Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

I just realized that this should be marked as "PATCH v6.1 13/38 ...". I had some  debug patch before this hence it was pushed below in the stack. On 10/29/17 3:48 PM, Brijesh Singh wrote: > AMD's new Secure Encrypted Virtualization (SEV) feature allows the > memory contents of

[Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Boris, I have tried to

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/27/17 7:00 PM, Borislav Petkov wrote: > On Fri, Oct 27, 2017 at 05:59:23PM -0500, Brijesh Singh wrote: >> Yes it is typo. PEK_GEN wants FW to be in INIT state hence someone need >> to transition from UNINIT -> INIT. > Which, once you've done it once on driver init,

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/27/17 3:27 PM, Borislav Petkov wrote: > On Fri, Oct 27, 2017 at 03:25:24PM -0500, Brijesh Singh wrote: >> Yep, we are doing state transition only when we really need to. At least >> so far I have tried to avoid making any unnecessary state transitions. > So change all t

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/27/17 3:15 PM, Borislav Petkov wrote: > On Fri, Oct 27, 2017 at 06:28:38AM -0500, Brijesh Singh wrote: >> ... User can retry the command sometime later when nobody else is >> using the PSP. > That still doesn't prevent you from doing two things: > > * make that fw_

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/27/17 2:56 AM, Borislav Petkov wrote: > On Thu, Oct 26, 2017 at 03:59:32PM -0500, Brijesh Singh wrote: >> we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP >> initialization routines after pci_register_driver() is done but #2 can get >

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/26/2017 03:13 PM, Borislav Petkov wrote: On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote: SHUTDOWN command unconditionally transitions a platform to uninitialized state. The command does not care how many processes are actively using the PSP. We don't want to shutdown

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/26/2017 12:44 PM, Borislav Petkov wrote: On Thu, Oct 26, 2017 at 11:56:57AM -0500, Brijesh Singh wrote: The variable is used as ref counter. ... and it can't be converted to a boolean because...? SHUTDOWN command unconditionally transitions a platform to uninitialized state

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/26/2017 08:56 AM, Borislav Petkov wrote: On Mon, Oct 23, 2017 at 02:57:04PM -0500, Brijesh Singh wrote: Calling PLATFORM_GET_STATUS is not required, we can manage the state through a simple ref count variable. Issuing PSP commands will always be much more expensive compare to accessing

Re: [Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)

Hi Herbert and Paolo, On 10/19/17 9:33 PM, Brijesh Singh wrote: > This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM > changes required to create and manage SEV guests. > > SEV is an extension to the AMD-V architecture which supports running encrypted >

[Part2 PATCH v6.1 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Changes since v6: *

[Part2 PATCH v6.1 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Changes since v6: *

[Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Changes since v6: *

[Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Changes since v6: *

[Part2 PATCH v6.1 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Changes since v6: *

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/23/2017 02:34 AM, Borislav Petkov wrote: ... Just minor cleanups: Thanks Boris, I have applied your cleanups. -Brijesh --- diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index e9966d5fc6c4..f9a9a6e6ab99 100644 --- a/drivers/crypto/ccp/psp-dev.c +++

Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/23/2017 09:10 AM, Borislav Petkov wrote: On Mon, Oct 23, 2017 at 08:32:57AM -0500, Brijesh Singh wrote: If both the command fails then we return status from the last command. IIRC, in my previous patches I was returning status from sev_do_cmd() instead of sev_platform_shutdown

Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/23/2017 04:20 AM, Borislav Petkov wrote: On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote: +static int __sev_platform_init(struct sev_data_init *data, int *error) +{ + int rc = 0; + + mutex_lock(_init_mutex); + + if (!fw_init_count) { I still don't like

Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/23/17 7:32 AM, Borislav Petkov wrote: > On Mon, Oct 23, 2017 at 07:15:30AM -0500, Brijesh Singh wrote: >> I am not sure if I am able to understand your feedback. The >> sev_platform_shutdown() is called unconditionally. > How's that: > > If sev_do_cm

Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/23/17 4:32 AM, Borislav Petkov wrote: ... >> +static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) >> +{ >> +int ret, err; >> + >> +ret = sev_platform_init(NULL, >error); >> +if (ret) >> +return ret; >> + >> +ret = sev_do_cmd(cmd, 0, >error);

[Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)

AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (34): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: SVM: Prepare to reserve

[Part2 PATCH v6 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Cc: Brijesh

[Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh

[Part2 PATCH v6 10/38] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si

[Part2 PATCH v6 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by

[Part2 PATCH v6 11/38] crypto: ccp: Define SEV key management command id

Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- include/linux/psp-sev.h | 494 1 file changed, 494 insertions(+) create mode 100644

[Part2 PATCH v6 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de>

[Part2 PATCH v6 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

[Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-

[Part2 PATCH v6 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 105 +++

[Part2 PATCH v6 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-

[Part2 PATCH v6 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

[Part2 PATCH v6 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

Re: [Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

On 10/13/2017 09:53 AM, Borislav Petkov wrote: ... - if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len)) + if (copy_from_user(data, (void __user *)uaddr, len)) goto e_free; IIRC, typecast was needed for i386 build, but now we have depends on X86_64

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On 10/12/17 9:24 PM, Brijesh Singh wrote: > > On 10/12/17 2:53 PM, Borislav Petkov wrote: > ... > >> Ok, a couple of things here: >> >> * Move the checks first and the allocations second so that you allocate >> memory only after all checks have been passed a

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On 10/12/17 2:53 PM, Borislav Petkov wrote: ... > Ok, a couple of things here: > > * Move the checks first and the allocations second so that you allocate > memory only after all checks have been passed and you don't allocate > pointlessly. I assume you mean performing the SEV state check

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 4:41 PM, Borislav Petkov wrote: > On Thu, Oct 12, 2017 at 04:11:18PM -0500, Brijesh Singh wrote: >> The sev_exit() will be called for all the psp_device instance. we need >> to set psp_misc_dev = NULL after deregistering the device. >> >> if (psp_misc_

  1   2   3   >