Re: AM4 BIOS AGESA Code 1.0.0.4C & Linux Kernel
Hi, The workaround to handle this FW bug has been submitted last month https://marc.info/?l=linux-crypto-vger=153436754612783=2 And patch is accepted in crypto tree https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git/commit/?id=3702a0585e64d70d5bf73bf3e943b8d6005b72c1 It will soon show up in Linus tree. After that we will work to get it backport to stable tree's. -Brijesh On 9/15/18 3:57 AM, ng0...@gmail.com wrote: > Hi, please find below a list of related bugs to a blocker that affects > existing systems and even prevents the installation of several Linux > distributions: > > https://bugzilla.kernel.org/show_bug.cgi?id=199267 > https://bugzilla.kernel.org/show_bug.cgi?id=201129 > https://bugzilla.redhat.com/show_bug.cgi?id=1608242 > > I read about an upstream fix to 4.20 but this is a long way to go. I guess > that anyone who keeps their AM4 BIOS AGESA Code update-to-date and would > like to run Linux is affected. > > A co-operation between AMD & Linux Kernel experts to achieve a solution > fast is encouraged. Thank you! > > Regards, Thomas >
[PATCH crypto-2.6] crypto: ccp: add PSP cmd timeout
Hi Herbert, Folk have reported a boot hangs on Ryzen systems. A firmware bug can hang SEV commands and thus resulting in a boot hang. To protect against firmware bugs this series add a timeout in the SEV command. I would like to get this logic added in stable tree's as well but this patch will not apply cleanly hence I will rework a different patch for stable trees after this patch is accepted. Brijesh Singh (1): crypto: ccp: add timeout support in the SEV command drivers/crypto/ccp/psp-dev.c | 46 +++- 1 file changed, 41 insertions(+), 5 deletions(-) -- 2.7.4
Re: [PATCH v1 4/5] crypto: ccp: Support register differences between PSP devices
On 07/03/2018 12:12 PM, Tom Lendacky wrote:
In preparation for adding a new PSP device ID that uses different register
offsets, add support to the PSP version data for register offset values.
And then update the code to use these new register offset values.
Signed-off-by: Tom Lendacky
---
drivers/crypto/ccp/psp-dev.c | 24
drivers/crypto/ccp/psp-dev.h |9 -
drivers/crypto/ccp/sp-dev.h |7 ++-
drivers/crypto/ccp/sp-pci.c |7 ++-
4 files changed, 24 insertions(+), 23 deletions(-)
Reviewed-by: Brijesh Singh
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 875756d..9b59638 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -62,14 +62,14 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
int reg;
/* Read the interrupt status: */
- status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+ status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
/* Check if it is command completion: */
if (!(status & PSP_CMD_COMPLETE))
goto done;
/* Check if it is SEV command completion: */
- reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
if (reg & PSP_CMDRESP_RESP) {
psp->sev_int_rcvd = 1;
wake_up(>sev_int_queue);
@@ -77,7 +77,7 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
done:
/* Clear the interrupt status by writing the same value we read. */
- iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+ iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
return IRQ_HANDLED;
}
@@ -85,7 +85,7 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
{
wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
- *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ *reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
}
static int sev_cmd_buffer_len(int cmd)
@@ -143,15 +143,15 @@ static int __sev_do_cmd_locked(int cmd, void *data, int
*psp_ret)
print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
sev_cmd_buffer_len(cmd), false);
- iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO);
- iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI);
+ iowrite32(phys_lsb, psp->io_regs + psp->vdata->cmdbuff_addr_lo_reg);
+ iowrite32(phys_msb, psp->io_regs + psp->vdata->cmdbuff_addr_hi_reg);
psp->sev_int_rcvd = 0;
reg = cmd;
reg <<= PSP_CMDRESP_CMD_SHIFT;
reg |= PSP_CMDRESP_IOC;
- iowrite32(reg, psp->io_regs + PSP_CMDRESP);
+ iowrite32(reg, psp->io_regs + psp->vdata->cmdresp_reg);
/* wait for command completion */
sev_wait_cmd_ioc(psp, );
@@ -789,7 +789,7 @@ static int sev_misc_init(struct psp_device *psp)
static int sev_init(struct psp_device *psp)
{
/* Check if device supports SEV feature */
- if (!(ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)) {
+ if (!(ioread32(psp->io_regs + psp->vdata->feature_reg) & 1)) {
dev_dbg(psp->dev, "device does not support SEV\n");
return 1;
}
@@ -817,11 +817,11 @@ int psp_dev_init(struct sp_device *sp)
goto e_err;
}
- psp->io_regs = sp->io_map + psp->vdata->offset;
+ psp->io_regs = sp->io_map;
/* Disable and clear interrupts until ready */
- iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
- iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTSTS);
+ iowrite32(0, psp->io_regs + psp->vdata->inten_reg);
+ iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);
/* Request an irq */
ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
@@ -838,7 +838,7 @@ int psp_dev_init(struct sp_device *sp)
sp->set_psp_master_device(sp);
/* Enable interrupt */
- iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTEN);
+ iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);
dev_notice(dev, "psp enabled\n");
diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h
index 5d46a2b..8b53a96 100644
--- a/drivers/crypto/ccp/psp-dev.h
+++ b/drivers/crypto/ccp/psp-dev.h
@@ -30,17 +30,8 @@
#include "sp-dev.h"
-#define PSP_C2PMSG(_num) ((_num) << 2)
-#define PSP_CMDRESPPSP_C2PMSG(32)
-#define PSP_CMDBUFF_ADDR_LOPSP_C2PMSG(56)
-#define PSP_CMDBUFF_ADDR_HI PSP_C2PMSG(57)
-#define PSP_FEATURE_REGPSP_C2PMSG(63)
-
#define PSP_CMD_COMPLETE
Re: [PATCH v1 3/5] crypto: ccp: Remove unused #defines
On 07/03/2018 12:11 PM, Tom Lendacky wrote: Remove some unused #defines for register offsets that are not used. This will lessen the changes required when register offsets change between versions of the device. Signed-off-by: Tom Lendacky --- drivers/crypto/ccp/psp-dev.c |2 +- drivers/crypto/ccp/psp-dev.h | 10 +- 2 files changed, 2 insertions(+), 10 deletions(-) Reviewed-by: Brijesh Singh diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 91ef6ed..875756d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -65,7 +65,7 @@ static irqreturn_t psp_irq_handler(int irq, void *data) status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS); /* Check if it is command completion: */ - if (!(status & BIT(PSP_CMD_COMPLETE_REG))) + if (!(status & PSP_CMD_COMPLETE)) goto done; /* Check if it is SEV command completion: */ diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h index c7e9098a..5d46a2b 100644 --- a/drivers/crypto/ccp/psp-dev.h +++ b/drivers/crypto/ccp/psp-dev.h @@ -36,19 +36,11 @@ #define PSP_CMDBUFF_ADDR_HI PSP_C2PMSG(57) #define PSP_FEATURE_REG PSP_C2PMSG(63) -#define PSP_P2CMSG(_num) ((_num) << 2) -#define PSP_CMD_COMPLETE_REG 1 -#define PSP_CMD_COMPLETE PSP_P2CMSG(PSP_CMD_COMPLETE_REG) +#define PSP_CMD_COMPLETE BIT(1) #define PSP_P2CMSG_INTEN 0x0110 #define PSP_P2CMSG_INTSTS 0x0114 -#define PSP_C2PMSG_ATTR_0 0x0118 -#define PSP_C2PMSG_ATTR_1 0x011c -#define PSP_C2PMSG_ATTR_2 0x0120 -#define PSP_C2PMSG_ATTR_3 0x0124 -#define PSP_P2CMSG_ATTR_0 0x0128 - #define PSP_CMDRESP_CMD_SHIFT 16 #define PSP_CMDRESP_IOC BIT(0) #define PSP_CMDRESP_RESP BIT(31)
Re: [PATCH v1 1/5] crypto: ccp: Fix command completion detection race
On 07/03/2018 12:11 PM, Tom Lendacky wrote:
The wait_event() function is used to detect command completion. The
interrupt handler will set the wait condition variable when the interrupt
is triggered. However, the variable used for wait_event() is initialized
after the command has been submitted, which can create a race condition
with the interrupt handler and result in the wait_event() never returning.
Move the initialization of the wait condition variable to just before
command submission.
Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command
support")
Cc: # 4.16.x-
Signed-off-by: Tom Lendacky
---
Reviewed-by: Brijesh Singh
drivers/crypto/ccp/psp-dev.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index ff478d8..973d683 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -84,8 +84,6 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
{
- psp->sev_int_rcvd = 0;
-
wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
*reg = ioread32(psp->io_regs + PSP_CMDRESP);
}
@@ -148,6 +146,8 @@ static int __sev_do_cmd_locked(int cmd, void *data, int
*psp_ret)
iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO);
iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI);
+ psp->sev_int_rcvd = 0;
+
reg = cmd;
reg <<= PSP_CMDRESP_CMD_SHIFT;
reg |= PSP_CMDRESP_IOC;
Re: [PATCH] crypto: ccp: Use memdup_user() rather than duplicating its implementation
On 3/5/18 7:10 AM, SF Markus Elfring wrote:
> From: Markus Elfring <elfr...@users.sourceforge.net>
> Date: Mon, 5 Mar 2018 13:50:13 +0100
>
> Reuse existing functionality from memdup_user() instead of keeping
> duplicate source code.
>
> This issue was detected by using the Coccinelle software.
>
> Signed-off-by: Markus Elfring <elfr...@users.sourceforge.net>
> ---
> drivers/crypto/ccp/psp-dev.c | 15 +--
> 1 file changed, 1 insertion(+), 14 deletions(-)
Reviewed-by: Brijesh Singh <brijesh.si...@amd.com>
thanks
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index fcfa5b1eae61..8255258cd040 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -367,8 +367,6 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd
> *argp)
>
> void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> {
> - void *data;
> -
> if (!uaddr || !len)
> return ERR_PTR(-EINVAL);
>
> @@ -376,18 +374,7 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> if (len > SEV_FW_BLOB_MAX_SIZE)
> return ERR_PTR(-EINVAL);
>
> - data = kmalloc(len, GFP_KERNEL);
> - if (!data)
> - return ERR_PTR(-ENOMEM);
> -
> - if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
> - goto e_free;
> -
> - return data;
> -
> -e_free:
> - kfree(data);
> - return ERR_PTR(-EFAULT);
> + return memdup_user((void __user *)(uintptr_t)uaddr, len);
> }
> EXPORT_SYMBOL_GPL(psp_copy_user_blob);
>
Re: [PATCH 1/2] crypto: ccp: Fix sparse, use plain integer as NULL pointer
Hi Herbert, On 03/02/2018 10:41 AM, Herbert Xu wrote: On Thu, Feb 15, 2018 at 01:34:44PM -0600, Brijesh Singh wrote: Fix sparse warning: Using plain integer as NULL pointer. Replaces assignment of 0 to pointer with NULL assignment. Fixes: 200664d5237f (Add Secure Encrypted Virtualization ...) Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> All applied. Thanks. As part of other SEV fixes Paolo pulled these two patches through kvm tree. The patches were already included in KVM pull request for 4.16-rc3. After Paolo pulled the patches in kvm request, I looked at patchwork and saw that this series was marked as "Not applicable" in hence I was under impression that you will not be applying this patches in crypto tree hence didn't speak up. I hope its not big issue and git will able to detect it. -Brijesh
[PATCH v2] crypto: ccp: add check to get PSP master only when PSP is detected
Paulian reported the below kernel crash on Ryzen 5 system:
BUG: unable to handle kernel NULL pointer dereference at 0073
RIP: 0010:.LC0+0x41f/0xa00
RSP: 0018:a9968003bdd0 EFLAGS: 00010002
RAX: b113b130 RBX: RCX: 05a7
RDX: 00ff RSI: 8b46dee651a0 RDI: b1bd617c
RBP: 0246 R08: 000251a0 R09:
R10: d81f11a38200 R11: 8b52e8e0a161 R12: b19db220
R13: 0007 R14: b17e4888 R15: 5dccd7affc30a31e
FS: () GS:8b46dee4() knlGS:
CR2: 0073 CR3: 80128120a000 CR4: 003406e0
Call Trace:
? sp_get_psp_master_device+0x56/0x80
? map_properties+0x540/0x540
? psp_pci_init+0x20/0xe0
? map_properties+0x540/0x540
? sp_mod_init+0x16/0x1a
? do_one_initcall+0x4b/0x190
? kernel_init_freeable+0x19b/0x23c
? rest_init+0xb0/0xb0
? kernel_init+0xa/0x100
? ret_from_fork+0x22/0x40
Since Ryzen does not support PSP/SEV firmware hence i->psp_data will
NULL in all sp instances. In those cases, 'i' will point to the
list head after list_for_each_entry(). Dereferencing the head will
cause kernel crash.
Add check to call get master device only when PSP/SEV is detected.
Reported-by: Paulian Bogdan Marinca <paul...@marinca.net>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
CC: Gary R Hook <gary.h...@amd.com>
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v1:
v1 contained a local change I used for triggering the crash on EPYC system.
we do not need those changes in final patch.
drivers/crypto/ccp/sp-dev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c
index eb0da6572720..e0459002eb71 100644
--- a/drivers/crypto/ccp/sp-dev.c
+++ b/drivers/crypto/ccp/sp-dev.c
@@ -252,12 +252,12 @@ struct sp_device *sp_get_psp_master_device(void)
goto unlock;
list_for_each_entry(i, _units, entry) {
- if (i->psp_data)
+ if (i->psp_data && i->get_psp_master_device) {
+ ret = i->get_psp_master_device();
break;
+ }
}
- if (i->get_psp_master_device)
- ret = i->get_psp_master_device();
unlock:
write_unlock_irqrestore(_unit_lock, flags);
return ret;
--
2.14.3
[PATCH] crypto: ccp: add check to get PSP master only when PSP is detected
Paulian reported the below kernel crash on Ryzen 5 system:
BUG: unable to handle kernel NULL pointer dereference at 0073
RIP: 0010:.LC0+0x41f/0xa00
RSP: 0018:a9968003bdd0 EFLAGS: 00010002
RAX: b113b130 RBX: RCX: 05a7
RDX: 00ff RSI: 8b46dee651a0 RDI: b1bd617c
RBP: 0246 R08: 000251a0 R09:
R10: d81f11a38200 R11: 8b52e8e0a161 R12: b19db220
R13: 0007 R14: b17e4888 R15: 5dccd7affc30a31e
FS: () GS:8b46dee4() knlGS:
CR2: 0073 CR3: 80128120a000 CR4: 003406e0
Call Trace:
? sp_get_psp_master_device+0x56/0x80
? map_properties+0x540/0x540
? psp_pci_init+0x20/0xe0
? map_properties+0x540/0x540
? sp_mod_init+0x16/0x1a
? do_one_initcall+0x4b/0x190
? kernel_init_freeable+0x19b/0x23c
? rest_init+0xb0/0xb0
? kernel_init+0xa/0x100
? ret_from_fork+0x22/0x40
Since Ryzen does not support PSP/SEV firmware hence i->psp_data will
NULL in all sp instances. In those cases, 'i' will point to the
list head after list_for_each_entry(). Dereferencing the head will
cause kernel crash.
Add check to call get master device only when PSP/SEV is detected.
Reported-by: Paulian Bogdan Marinca <paul...@marinca.net>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
CC: Gary R Hook <gary.h...@amd.com>
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 1 +
drivers/crypto/ccp/sp-dev.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b3afb6cc9d72..b342210e582a 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -677,6 +677,7 @@ static int sev_misc_init(struct psp_device *psp)
static int sev_init(struct psp_device *psp)
{
+ return 1;
/* Check if device supports SEV feature */
if (!(ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)) {
dev_dbg(psp->dev, "device does not support SEV\n");
diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c
index eb0da6572720..e0459002eb71 100644
--- a/drivers/crypto/ccp/sp-dev.c
+++ b/drivers/crypto/ccp/sp-dev.c
@@ -252,12 +252,12 @@ struct sp_device *sp_get_psp_master_device(void)
goto unlock;
list_for_each_entry(i, _units, entry) {
- if (i->psp_data)
+ if (i->psp_data && i->get_psp_master_device) {
+ ret = i->get_psp_master_device();
break;
+ }
}
- if (i->get_psp_master_device)
- ret = i->get_psp_master_device();
unlock:
write_unlock_irqrestore(_unit_lock, flags);
return ret;
--
2.14.3
[PATCH 1/2] crypto: ccp: Fix sparse, use plain integer as NULL pointer
Fix sparse warning: Using plain integer as NULL pointer. Replaces
assignment of 0 to pointer with NULL assignment.
Fixes: 200664d5237f (Add Secure Encrypted Virtualization ...)
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fcfa5b1eae61..b3afb6cc9d72 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -211,7 +211,7 @@ static int __sev_platform_shutdown_locked(int *error)
{
int ret;
- ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, 0, error);
+ ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
if (ret)
return ret;
@@ -271,7 +271,7 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return rc;
}
- return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, >error);
}
static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
@@ -299,7 +299,7 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return rc;
}
- return __sev_do_cmd_locked(cmd, 0, >error);
+ return __sev_do_cmd_locked(cmd, NULL, >error);
}
static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
@@ -624,7 +624,7 @@ EXPORT_SYMBOL_GPL(sev_guest_decommission);
int sev_guest_df_flush(int *error)
{
- return sev_do_cmd(SEV_CMD_DF_FLUSH, 0, error);
+ return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
}
EXPORT_SYMBOL_GPL(sev_guest_df_flush);
--
2.14.3
[PATCH 2/2] include: psp-sev: Capitalize invalid length enum
Commit 1d57b17c60ff ("crypto: ccp: Define SEV userspace ioctl and command
id") added the invalid length enum but we missed capitalizing it.
Fixes: 1d57b17c60ff (crypto: ccp: Define SEV userspace ioctl ...)
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
CC: Gary R Hook <gary.h...@amd.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/uapi/linux/psp-sev.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
index 3d77fe91239a..9008f31c7eb6 100644
--- a/include/uapi/linux/psp-sev.h
+++ b/include/uapi/linux/psp-sev.h
@@ -42,7 +42,7 @@ typedef enum {
SEV_RET_INVALID_PLATFORM_STATE,
SEV_RET_INVALID_GUEST_STATE,
SEV_RET_INAVLID_CONFIG,
- SEV_RET_INVALID_len,
+ SEV_RET_INVALID_LEN,
SEV_RET_ALREADY_OWNED,
SEV_RET_INVALID_CERTIFICATE,
SEV_RET_POLICY_FAILURE,
--
2.14.3
[PATCH 0/4] KVM: SVM: kbuild test robot warning fixes
The patch series fixes the warnings reported by kbuild test robot after SEV patches. Additionally, during testing I found that LAUNCH_SECRET command was broken and patch series contains the fix for it. The patch series applies on kvm/queue branch. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: linux-crypto@vger.kernel.org Cc: linux-ker...@vger.kernel.org Brijesh Singh (4): crypto: ccp: Fix sparse, use plain integer as NULL pointer KVM: SVM: Fix sparse: incorrect type in argument 1 (different base types) include: psp-sev: Capitalize invalid length enum KVM: SVM: Fix SEV LAUNCH_SECRET command arch/x86/kvm/svm.c | 14 ++ drivers/crypto/ccp/psp-dev.c | 8 include/uapi/linux/psp-sev.h | 2 +- 3 files changed, 15 insertions(+), 9 deletions(-) -- 2.9.5
[PATCH 1/4] crypto: ccp: Fix sparse, use plain integer as NULL pointer
Fix sparse warning: Using plain integer as NULL pointer. Replaces
assignment of 0 to pointer with NULL assignment.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fcfa5b1eae61..b3afb6cc9d72 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -211,7 +211,7 @@ static int __sev_platform_shutdown_locked(int *error)
{
int ret;
- ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, 0, error);
+ ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
if (ret)
return ret;
@@ -271,7 +271,7 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return rc;
}
- return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, >error);
}
static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
@@ -299,7 +299,7 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return rc;
}
- return __sev_do_cmd_locked(cmd, 0, >error);
+ return __sev_do_cmd_locked(cmd, NULL, >error);
}
static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
@@ -624,7 +624,7 @@ EXPORT_SYMBOL_GPL(sev_guest_decommission);
int sev_guest_df_flush(int *error)
{
- return sev_do_cmd(SEV_CMD_DF_FLUSH, 0, error);
+ return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
}
EXPORT_SYMBOL_GPL(sev_guest_df_flush);
--
2.9.5
Re: [Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)
On 12/21/17 9:51 AM, Brijesh Singh wrote: > > On 12/21/17 7:06 AM, Paolo Bonzini wrote: > > > Hi Paolo, > > >> Hi Brijesh, >> >> I have a couple comments: >> >> 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in >> the manual? > It is a non interceptable read-only MSR set by the HW when SEV feature > is enabled in VMRUN instruction. I just checked both PPR and Family 17 manual and it seems both are still missing this MSR definition. I will ping doc team to get it updated. thanks >> 2) ECX should be 0 in the guest's 0x8000_001f leaf, because we don't >> support nested SEV guests. Likewise, EAX bit 2 should be 0 since you >> don't emulate the page flush MSR. > IIRC, I do clear both EAX Page_Flush and nested virtualization case from > Qemu SEV feature is enabled. >> Both can be fixed on top (and I can do the second myself of course), so >> there should be no need for a v10. > Thanks >
Re: [Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)
On 12/21/17 7:06 AM, Paolo Bonzini wrote: Hi Paolo, > Hi Brijesh, > > I have a couple comments: > > 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in > the manual? It is a non interceptable read-only MSR set by the HW when SEV feature is enabled in VMRUN instruction. > > 2) ECX should be 0 in the guest's 0x8000_001f leaf, because we don't > support nested SEV guests. Likewise, EAX bit 2 should be 0 since you > don't emulate the page flush MSR. IIRC, I do clear both EAX Page_Flush and nested virtualization case from Qemu SEV feature is enabled. > Both can be fixed on top (and I can do the second myself of course), so > there should be no need for a v10. Thanks
Re: [Part2 PATCH v9 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support
On 12/06/2017 03:10 PM, Philippe Ombredanne wrote:>> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c new file mode 100644 index ..b5789f878560 --- /dev/null +++ b/drivers/crypto/ccp/psp-dev.c @@ -0,0 +1,105 @@ +/* + * AMD Platform Security Processor (PSP) interface + * + * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * + * Author: Brijesh Singh <brijesh.si...@amd.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ Dear Brijesh, Have you considered using the new SPDX license ids instead? This would come out this way: +// SDPX-License-Identifier: GPL-2.0 +/* + * AMD Platform Security Processor (PSP) interface + * + * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * + * Author: Brijesh Singh <brijesh.si...@amd.com> + */ It is much cleaner and simpler, right? For the C++ comment style and first line placement, please see Thomas (tlgx) doc patches and Linus posts explaining his rationale of why he wants it this way. It would be awesome if this could be applied to all AMD contributions btw! Hi Philippe, I was not aware of SPDX identifier, If v10 is needed for SEV series then I will certainly update the patches to use SPDX license identifier. thanks -Brijesh
[Part2 PATCH v9 00/38] x86: Secure Encrypted Virtualization (AMD)
This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM changes required to create and manage SEV guests. SEV is an extension to the AMD-V architecture which supports running encrypted virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guest's data will be incorrectly decrypted, leading to unintelligible data. This security model ensures that hypervisor will no longer able to inspect or alter any guest code or data. The key management of this feature is handled by a separate processor known as the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key Management Specification (see below) provides a set of commands which can be used by hypervisor to load virtual machine keys through the AMD-SP driver. The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPT_OP). The ioctl will be used by qemu to issue SEV guest-specific commands defined in Key Management Specification. The following links provide additional details: AMD Memory Encryption white paper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 SEV Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf KVM Forum Presentation: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf SEV Guest BIOS support: SEV support has been add to EDKII/OVMF BIOS https://github.com/tianocore/edk2 -- The series applies on kvm/next commit : 4fbd8d194f06 (Linux 4.15-rc1) Complete tree is available at: repo: https://github.com/codomania/kvm.git branch: sev-v9-p2 TODO: * Add SEV guest migration command support Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim KrÄmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: David S. Miller <da...@davemloft.net> Cc: Gary Hook <gary.h...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Cc: linux-crypto@vger.kernel.org Changes since v8: * Rebase the series to kvm/next branch * Update SEV asid allocation to limit the ASID between SEV_MIN_ASID to SEV_MAX_ASID (EPYC BIOS provide option to change the SEV_MIN_ASID -- which can be used to limit the number of SEV-enable guest) Changes since v7: * Rebase the series to kvm/next branch * move the FW error enum definition in include/uapi/linux/psp-sev.h so that both userspace and kernel can share it. * (ccp) drop cmd_buf arg from sev_platform_init() * (ccp) apply some cleanup/fixup from Boris * (ccp) add some comments in FACTORY_RESET command handling * (kvm) some fixup/cleanup from Boris * (kvm) acquire the kvm->lock when modifying the sev->regions_list Changes since v6: * (ccp): Extend psp_device structure to track the FW INIT and SHUTDOWN states. * (ccp): Init and Uninit SEV FW during module load/unload * (ccp): Avoid repeated k*alloc() for init and status command buffer * (kvm): Rework DBG command to fix the compilation warning seen with gcc7.x * (kvm): Convert the SEV doc in rst format Changes since v5: * split the PSP driver support into multiple patches * multiple improvements from Boris * remove mem_enc_enabled() ops Changes since v4: * Fixes to address kbuild robot errors * Add 'sev' module params to allow enable/disable SEV feature * Update documentation * Multiple fixes to address v4 feedbacks * Some coding style changes to address checkpatch reports Changes since v3: * Re-design the PSP interface support patch * Rename the ioctls based on the feedbacks * Improve documentation * Fix i386 build issues * Add LAUNCH_SECRET command * Add new Kconfig option to enable SEV support * Changes to address v3 feedbacks. Changes since v2: * Add KVM_MEMORY_ENCRYPT_REGISTER/UNREGISTER_RAM ioct to register encrypted memory ranges (recommend by Paolo) * Extend kvm_x86_ops to provide new memory_encryption_enabled ops * Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \ (recommended by Paolo) * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Sing
[Part2 PATCH v9 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b49583a45a55..a5072b166ab8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -274,6 +274,21 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
}
+static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_status *data = _master->status_cmd_buf;
+ int ret;
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, >error);
+ if (ret)
+ return ret;
+
+ if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
+ ret = -EFAULT;
+
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -299,6 +314,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_FACTORY_RESET:
ret = sev_ioctl_do_reset();
break;
+ case SEV_PLATFORM_STATUS:
+ ret = sev_ioctl_do_platform_status();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v9 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 77 +++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 9915a6c604a3..b49583a45a55 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -232,9 +232,84 @@ static int sev_platform_shutdown(int *error)
return rc;
}
+static int sev_get_platform_state(int *state, int *error)
+{
+ int rc;
+
+ rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
+_master->status_cmd_buf, error);
+ if (rc)
+ return rc;
+
+ *state = psp_master->status_cmd_buf.state;
+ return rc;
+}
+
+static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
+{
+ int state, rc;
+
+ /*
+* The SEV spec requires that FACTORY_RESET must be issued in
+* UNINIT state. Before we go further lets check if any guest is
+* active.
+*
+* If FW is in WORKING state then deny the request otherwise issue
+* SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
+*
+*/
+ rc = sev_get_platform_state(, >error);
+ if (rc)
+ return rc;
+
+ if (state == SEV_STATE_WORKING)
+ return -EBUSY;
+
+ if (state == SEV_STATE_INIT) {
+ rc = __sev_platform_shutdown_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
- return -ENOTTY;
+ void __user *argp = (void __user *)arg;
+ struct sev_issue_cmd input;
+ int ret = -EFAULT;
+
+ if (!psp_master)
+ return -ENODEV;
+
+ if (ioctl != SEV_ISSUE_CMD)
+ return -EINVAL;
+
+ if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+ return -EFAULT;
+
+ if (input.cmd > SEV_MAX)
+ return -EINVAL;
+
+ mutex_lock(_cmd_mutex);
+
+ switch (input.cmd) {
+
+ case SEV_FACTORY_RESET:
+ ret = sev_ioctl_do_reset();
+ break;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+ ret = -EFAULT;
+out:
+ mutex_unlock(_cmd_mutex);
+
+ return ret;
}
static const struct file_operations sev_fops = {
--
2.9.5
[Part2 PATCH v9 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.
Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 105 +++
drivers/crypto/ccp/psp-dev.h | 59
drivers/crypto/ccp/sp-dev.c | 26 +++
drivers/crypto/ccp/sp-dev.h | 24 +-
drivers/crypto/ccp/sp-pci.c | 52 +
7 files changed, 277 insertions(+), 1 deletion(-)
create mode 100644 drivers/crypto/ccp/psp-dev.c
create mode 100644 drivers/crypto/ccp/psp-dev.h
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 9c84f9838931..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
Support for using the cryptographic API with the AMD Cryptographic
Coprocessor. This module supports offload of SHA and AES algorithms.
If you choose 'M' here, this module will be called ccp_crypto.
+
+config CRYPTO_DEV_SP_PSP
+ bool "Platform Security Processor (PSP) device"
+ default y
+ depends on CRYPTO_DEV_CCP_DD && X86_64
+ help
+Provide support for the AMD Platform Security Processor (PSP).
+The PSP is a dedicated processor that provides support for key
+management commands in Secure Encrypted Virtualization (SEV) mode,
+along with software-based Trusted Execution Environment (TEE) to
+enable third-party trusted applications.
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index c4ce726b931e..51d1c0cf66c7 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -8,6 +8,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \
ccp-debugfs.o
ccp-$(CONFIG_PCI) += sp-pci.o
+ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
new file mode 100644
index ..b5789f878560
--- /dev/null
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -0,0 +1,105 @@
+/*
+ * AMD Platform Security Processor (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "sp-dev.h"
+#include "psp-dev.h"
+
+static struct psp_device *psp_alloc_struct(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+
+ psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
+ if (!psp)
+ return NULL;
+
+ psp->dev = dev;
+ psp->sp = sp;
+
+ snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
+
+ return psp;
+}
+
+static irqreturn_t psp_irq_handler(int irq, void *data)
+{
+ return IRQ_HANDLED;
+}
+
+int psp_dev_init(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+ int ret;
+
+ ret = -ENOMEM;
+ psp = psp_alloc_struct(sp);
+ if (!psp)
+ goto e_err;
+
+ sp->psp_data = psp;
+
+ psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
+ if (!psp->vdata) {
+ ret = -ENODEV;
+ dev_err(dev, "missing driver data\n");
+ goto e_err;
+ }
+
+ psp->io_regs = sp->io_map + psp->vdata->offset;
+
+ /* Disable and clear interrupts until ready */
+ iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
[Part2 PATCH v9 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Extend the AMD-SP driver to provide the following support:
- an in-kernel API to communicate with the SEV firmware. The API can be
used by the hypervisor to create encryption context for a SEV guest.
- a userspace IOCTL to manage the platform certificates.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 344 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-sev.h | 137 +
5 files changed, 518 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..9915a6c604a3 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,12 @@
#include "sp-dev.h"
#include "psp-dev.h"
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static struct sev_misc_dev *misc_dev;
+static struct psp_device *psp_master;
+
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
@@ -45,9 +51,285 @@ static struct psp_device *psp_alloc_struct(struct sp_device
*sp)
static irqreturn_t psp_irq_handler(int irq, void *data)
{
+ struct psp_device *psp = data;
+ unsigned int status;
+ int reg;
+
+ /* Read the interrupt status: */
+ status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+ /* Check if it is command completion: */
+ if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+ goto done;
+
+ /* Check if it is SEV command completion: */
+ reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ if (reg & PSP_CMDRESP_RESP) {
+ psp->sev_int_rcvd = 1;
+ wake_up(>sev_int_queue);
+ }
+
+done:
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
}
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+ psp->sev_int_rcvd = 0;
+
+ wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+ *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+ switch (cmd) {
+ case SEV_CMD_INIT: return sizeof(struct
sev_data_init);
+ case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
sev_user_data_status);
+ case SEV_CMD_PEK_CSR: return sizeof(struct
sev_data_pek_csr);
+ case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct
sev_data_pek_cert_import);
+ case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct
sev_data_pdh_cert_export);
+ case SEV_CMD_LAUNCH_START: return sizeof(struct
sev_data_launch_start);
+ case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct
sev_data_launch_update_data);
+ case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct
sev_data_launch_update_vmsa);
+ case SEV_CMD_LAUNCH_FINISH: return sizeof(struct
sev_data_launch_finish);
+ case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct
sev_data_launch_measure);
+ case SEV_CMD_ACTIVATE: return sizeof(struct
sev_data_activate);
+ case SEV_CMD_DEACTIVATE:return sizeof(struct
sev_data_deactivate);
+ case SEV_CMD_DECOMMISSION: return sizeof(struct
sev_data_decommission);
+ case SEV_CMD_GUEST_STATUS: return sizeof(struct
sev_data_guest_status);
+ case SEV_CMD_DBG_DECRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_DBG_ENCRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_SEND_START:return sizeof(struct
sev_data_send_start);
+ case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct
sev_data_send_update_data);
+ case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct
sev_data_send_update_vmsa);
+
[Part2 PATCH v9 10/38] crypto: ccp: Define SEV userspace ioctl and command id
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/uapi/linux/psp-sev.h | 142 +++
1 file changed, 142 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
new file mode 100644
index ..3d77fe91239a
--- /dev/null
+++ b/include/uapi/linux/psp-sev.h
@@ -0,0 +1,142 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include
+
+/**
+ * SEV platform commands
+ */
+enum {
+ SEV_FACTORY_RESET = 0,
+ SEV_PLATFORM_STATUS,
+ SEV_PEK_GEN,
+ SEV_PEK_CSR,
+ SEV_PDH_GEN,
+ SEV_PDH_CERT_EXPORT,
+ SEV_PEK_CERT_IMPORT,
+
+ SEV_MAX,
+};
+
+/**
+ * SEV Firmware status code
+ */
+typedef enum {
+ SEV_RET_SUCCESS = 0,
+ SEV_RET_INVALID_PLATFORM_STATE,
+ SEV_RET_INVALID_GUEST_STATE,
+ SEV_RET_INAVLID_CONFIG,
+ SEV_RET_INVALID_len,
+ SEV_RET_ALREADY_OWNED,
+ SEV_RET_INVALID_CERTIFICATE,
+ SEV_RET_POLICY_FAILURE,
+ SEV_RET_INACTIVE,
+ SEV_RET_INVALID_ADDRESS,
+ SEV_RET_BAD_SIGNATURE,
+ SEV_RET_BAD_MEASUREMENT,
+ SEV_RET_ASID_OWNED,
+ SEV_RET_INVALID_ASID,
+ SEV_RET_WBINVD_REQUIRED,
+ SEV_RET_DFFLUSH_REQUIRED,
+ SEV_RET_INVALID_GUEST,
+ SEV_RET_INVALID_COMMAND,
+ SEV_RET_ACTIVE,
+ SEV_RET_HWSEV_RET_PLATFORM,
+ SEV_RET_HWSEV_RET_UNSAFE,
+ SEV_RET_UNSUPPORTED,
+ SEV_RET_MAX,
+} sev_ret_code;
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+ __u8 api_major; /* Out */
+ __u8 api_minor; /* Out */
+ __u8 state; /* Out */
+ __u32 flags;/* Out */
+ __u8 build; /* Out */
+ __u32 guest_count; /* Out */
+} __packed;
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+ __u64 address; /* In */
+ __u32 length; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+ __u64 pek_cert_address; /* In */
+ __u32 pek_cert_len; /* In */
+ __u64 oca_cert_address; /* In */
+ __u32 oca_cert_len; /* In */
+} __packed;
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+ __u64 pdh_cert_address; /* In */
+ __u32 pdh_cert_len; /* In/Out */
+ __u64 cert_chain_address; /* In */
+ __u32 cert_chain_len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error:
[Part2 PATCH v9 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command
The SEV_PDH_GEN command is used to re-generate the Platform Diffie-Hellman (PDH) key. The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 8aa8036023e0..fd3daf0a1176 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -333,6 +333,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, ); break; + case SEV_PDH_GEN: + ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, ); + break; default: ret = -EINVAL; goto out; -- 2.9.5
[Part2 PATCH v9 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files changed, 85 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index c3906bbdb69b..9d1c4600db19 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -365,6 +365,84 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
}
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+ void *data;
+
+ if (!uaddr || !len)
+ return ERR_PTR(-EINVAL);
+
+ /* verify that blob length does not exceed our limit */
+ if (len > SEV_FW_BLOB_MAX_SIZE)
+ return ERR_PTR(-EINVAL);
+
+ data = kmalloc(len, GFP_KERNEL);
+ if (!data)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ goto e_free;
+
+ return data;
+
+e_free:
+ kfree(data);
+ return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_cert_import input;
+ struct sev_data_pek_cert_import *data;
+ void *pek_blob, *oca_blob;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* copy PEK certificate blobs from userspace */
+ pek_blob = psp_copy_user_blob(input.pek_cert_address,
input.pek_cert_len);
+ if (IS_ERR(pek_blob)) {
+ ret = PTR_ERR(pek_blob);
+ goto e_free;
+ }
+
+ data->pek_cert_address = __psp_pa(pek_blob);
+ data->pek_cert_len = input.pek_cert_len;
+
+ /* copy PEK certificate blobs from userspace */
+ oca_blob = psp_copy_user_blob(input.oca_cert_address,
input.oca_cert_len);
+ if (IS_ERR(oca_blob)) {
+ ret = PTR_ERR(oca_blob);
+ goto e_free_pek;
+ }
+
+ data->oca_cert_address = __psp_pa(oca_blob);
+ data->oca_cert_len = input.oca_cert_len;
+
+ /* If platform is not in INIT state then transition it to INIT */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_oca;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+e_free_oca:
+ kfree(oca_blob);
+e_free_pek:
+ kfree(pek_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -402,6 +480,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+ case SEV_PEK_CERT_IMPORT:
+ ret = sev_ioctl_do_pek_import();
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 0b6dd306d88b..93addfa34061 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -576,6 +576,8 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int
@@ -597,6 +599,8 @@ static inline int sev_guest_df_flush(int *error) { return
-ENODEV; }
static inline int
sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data,
int *error) { return -ENODEV; }
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return
ERR_PTR(-EINVAL); }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.9.5
[Part2 PATCH v9 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 66
1 file changed, 66 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fd3daf0a1176..c3906bbdb69b 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -302,6 +302,69 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return __sev_do_cmd_locked(cmd, 0, >error);
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_blob;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, >error);
+
+/* If we query the CSR length, FW responded with expected data. */
+ input.length = data->len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -336,6 +399,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v9 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Gary R Hook <gary.h...@amd.com> Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Gary Hook <gary.h...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-crypto@vger.kernel.org --- drivers/crypto/ccp/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index 6d626606b9c5..9c84f9838931 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -1,5 +1,6 @@ config CRYPTO_DEV_CCP_DD tristate "Secure Processor device driver" + depends on CPU_SUP_AMD || ARM64 default m help Provides AMD Secure Processor device driver. -- 2.9.5
[Part2 PATCH v9 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 97
1 file changed, 97 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 9d1c4600db19..fcfa5b1eae61 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -443,6 +443,100 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd
*argp)
return ret;
}
+static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pdh_cert_export input;
+ void *pdh_blob = NULL, *cert_blob = NULL;
+ struct sev_data_pdh_cert_export *data;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* Userspace wants to query the certificate length. */
+ if (!input.pdh_cert_address ||
+ !input.pdh_cert_len ||
+ !input.cert_chain_address)
+ goto cmd;
+
+ /* Allocate a physically contiguous buffer to store the PDH blob. */
+ if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
+ !access_ok(VERIFY_WRITE, input.pdh_cert_address,
input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ /* Allocate a physically contiguous buffer to store the cert chain
blob. */
+ if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
+ !access_ok(VERIFY_WRITE, input.cert_chain_address,
input.cert_chain_len)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+ if (!pdh_blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->pdh_cert_address = __psp_pa(pdh_blob);
+ data->pdh_cert_len = input.pdh_cert_len;
+
+ cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+ if (!cert_blob) {
+ ret = -ENOMEM;
+ goto e_free_pdh;
+ }
+
+ data->cert_chain_address = __psp_pa(cert_blob);
+ data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+ /* If platform is not in INIT state then transition it to INIT. */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_cert;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+ /* If we query the length, FW responded with expected data. */
+ input.cert_chain_len = data->cert_chain_len;
+ input.pdh_cert_len = data->pdh_cert_len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+
+ if (pdh_blob) {
+ if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+ }
+
+ if (cert_blob) {
+ if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+ ret = -EFAULT;
+ }
+
+e_free_cert:
+ kfree(cert_blob);
+e_free_pdh:
+ kfree(pdh_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -483,6 +577,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_do_pek_import();
break;
+ case SEV_PDH_CERT_EXPORT:
+ ret = sev_ioctl_do_pdh_export();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v9 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov <b...@suse.de>
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index a5072b166ab8..8aa8036023e0 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -289,6 +289,19 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int rc;
+
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ rc = __sev_platform_init_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(cmd, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -317,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v9 11/38] crypto: ccp: Define SEV key management command id
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM spec
0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf)
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/linux/psp-sev.h | 465
1 file changed, 465 insertions(+)
create mode 100644 include/linux/psp-sev.h
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
new file mode 100644
index ..4a150d17d537
--- /dev/null
+++ b/include/linux/psp-sev.h
@@ -0,0 +1,465 @@
+/*
+ * AMD Secure Encrypted Virtualization (SEV) driver interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_H__
+#define __PSP_SEV_H__
+
+#include
+
+#ifdef CONFIG_X86
+#include
+
+#define __psp_pa(x)__sme_pa(x)
+#else
+#define __psp_pa(x)__pa(x)
+#endif
+
+#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */
+
+/**
+ * SEV platform state
+ */
+enum sev_state {
+ SEV_STATE_UNINIT= 0x0,
+ SEV_STATE_INIT = 0x1,
+ SEV_STATE_WORKING = 0x2,
+
+ SEV_STATE_MAX
+};
+
+/**
+ * SEV platform and guest management commands
+ */
+enum sev_cmd {
+ /* platform commands */
+ SEV_CMD_INIT= 0x001,
+ SEV_CMD_SHUTDOWN= 0x002,
+ SEV_CMD_FACTORY_RESET = 0x003,
+ SEV_CMD_PLATFORM_STATUS = 0x004,
+ SEV_CMD_PEK_GEN = 0x005,
+ SEV_CMD_PEK_CSR = 0x006,
+ SEV_CMD_PEK_CERT_IMPORT = 0x007,
+ SEV_CMD_PDH_CERT_EXPORT = 0x008,
+ SEV_CMD_PDH_GEN = 0x009,
+ SEV_CMD_DF_FLUSH= 0x00A,
+
+ /* Guest commands */
+ SEV_CMD_DECOMMISSION= 0x020,
+ SEV_CMD_ACTIVATE= 0x021,
+ SEV_CMD_DEACTIVATE = 0x022,
+ SEV_CMD_GUEST_STATUS= 0x023,
+
+ /* Guest launch commands */
+ SEV_CMD_LAUNCH_START= 0x030,
+ SEV_CMD_LAUNCH_UPDATE_DATA = 0x031,
+ SEV_CMD_LAUNCH_UPDATE_VMSA = 0x032,
+ SEV_CMD_LAUNCH_MEASURE = 0x033,
+ SEV_CMD_LAUNCH_UPDATE_SECRET= 0x034,
+ SEV_CMD_LAUNCH_FINISH = 0x035,
+
+ /* Guest migration commands (outgoing) */
+ SEV_CMD_SEND_START = 0x040,
+ SEV_CMD_SEND_UPDATE_DATA= 0x041,
+ SEV_CMD_SEND_UPDATE_VMSA= 0x042,
+ SEV_CMD_SEND_FINISH = 0x043,
+
+ /* Guest migration commands (incoming) */
+ SEV_CMD_RECEIVE_START = 0x050,
+ SEV_CMD_RECEIVE_UPDATE_DATA = 0x051,
+ SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052,
+ SEV_CMD_RECEIVE_FINISH = 0x053,
+
+ /* Guest debug commands */
+ SEV_CMD_DBG_DECRYPT = 0x060,
+ SEV_CMD_DBG_ENCRYPT = 0x061,
+
+ SEV_CMD_MAX,
+};
+
+/**
+ * struct sev_data_init - INIT command parameters
+ *
+ * @flags: processing flags
+ * @tmr_address: system physical address used for SEV-ES
+ * @tmr_len: len of tmr_address
+ */
+struct sev_data_init {
+ u32 flags; /* In */
+ u32 reserved; /* In */
+ u64 tmr_address;/* In */
+ u32 tmr_len;/* In */
+} __packed;
+
+/**
+ * struct sev_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @len: len of certificate
+ */
+struct sev_data_pek_csr {
+ u64 address;/* In */
+ u32 len;/* In/Out */
+} __packed;
+
+/**
+ * struct sev_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: len of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: len of OCA certificate
+ */
+struct sev_data_pek_cert_import {
+ u64 pek_cert_address; /* In */
+
[Part2 PATCH v8 10/38] crypto: ccp: Define SEV userspace ioctl and command id
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/uapi/linux/psp-sev.h | 142 +++
1 file changed, 142 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
new file mode 100644
index ..3d77fe91239a
--- /dev/null
+++ b/include/uapi/linux/psp-sev.h
@@ -0,0 +1,142 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include
+
+/**
+ * SEV platform commands
+ */
+enum {
+ SEV_FACTORY_RESET = 0,
+ SEV_PLATFORM_STATUS,
+ SEV_PEK_GEN,
+ SEV_PEK_CSR,
+ SEV_PDH_GEN,
+ SEV_PDH_CERT_EXPORT,
+ SEV_PEK_CERT_IMPORT,
+
+ SEV_MAX,
+};
+
+/**
+ * SEV Firmware status code
+ */
+typedef enum {
+ SEV_RET_SUCCESS = 0,
+ SEV_RET_INVALID_PLATFORM_STATE,
+ SEV_RET_INVALID_GUEST_STATE,
+ SEV_RET_INAVLID_CONFIG,
+ SEV_RET_INVALID_len,
+ SEV_RET_ALREADY_OWNED,
+ SEV_RET_INVALID_CERTIFICATE,
+ SEV_RET_POLICY_FAILURE,
+ SEV_RET_INACTIVE,
+ SEV_RET_INVALID_ADDRESS,
+ SEV_RET_BAD_SIGNATURE,
+ SEV_RET_BAD_MEASUREMENT,
+ SEV_RET_ASID_OWNED,
+ SEV_RET_INVALID_ASID,
+ SEV_RET_WBINVD_REQUIRED,
+ SEV_RET_DFFLUSH_REQUIRED,
+ SEV_RET_INVALID_GUEST,
+ SEV_RET_INVALID_COMMAND,
+ SEV_RET_ACTIVE,
+ SEV_RET_HWSEV_RET_PLATFORM,
+ SEV_RET_HWSEV_RET_UNSAFE,
+ SEV_RET_UNSUPPORTED,
+ SEV_RET_MAX,
+} sev_ret_code;
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+ __u8 api_major; /* Out */
+ __u8 api_minor; /* Out */
+ __u8 state; /* Out */
+ __u32 flags;/* Out */
+ __u8 build; /* Out */
+ __u32 guest_count; /* Out */
+} __packed;
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+ __u64 address; /* In */
+ __u32 length; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+ __u64 pek_cert_address; /* In */
+ __u32 pek_cert_len; /* In */
+ __u64 oca_cert_address; /* In */
+ __u32 oca_cert_len; /* In */
+} __packed;
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+ __u64 pdh_cert_address; /* In */
+ __u32 pdh_cert_len; /* In/Out */
+ __u64 cert_chain_address; /* In */
+ __u32 cert_chain_len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error:
[Part2 PATCH v8 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Gary R Hook <gary.h...@amd.com> Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Gary Hook <gary.h...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-crypto@vger.kernel.org --- drivers/crypto/ccp/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index 6d626606b9c5..9c84f9838931 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -1,5 +1,6 @@ config CRYPTO_DEV_CCP_DD tristate "Secure Processor device driver" + depends on CPU_SUP_AMD || ARM64 default m help Provides AMD Secure Processor device driver. -- 2.9.5
[Part2 PATCH v8 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 77 +++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 9915a6c604a3..b49583a45a55 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -232,9 +232,84 @@ static int sev_platform_shutdown(int *error)
return rc;
}
+static int sev_get_platform_state(int *state, int *error)
+{
+ int rc;
+
+ rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
+_master->status_cmd_buf, error);
+ if (rc)
+ return rc;
+
+ *state = psp_master->status_cmd_buf.state;
+ return rc;
+}
+
+static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
+{
+ int state, rc;
+
+ /*
+* The SEV spec requires that FACTORY_RESET must be issued in
+* UNINIT state. Before we go further lets check if any guest is
+* active.
+*
+* If FW is in WORKING state then deny the request otherwise issue
+* SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
+*
+*/
+ rc = sev_get_platform_state(, >error);
+ if (rc)
+ return rc;
+
+ if (state == SEV_STATE_WORKING)
+ return -EBUSY;
+
+ if (state == SEV_STATE_INIT) {
+ rc = __sev_platform_shutdown_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
- return -ENOTTY;
+ void __user *argp = (void __user *)arg;
+ struct sev_issue_cmd input;
+ int ret = -EFAULT;
+
+ if (!psp_master)
+ return -ENODEV;
+
+ if (ioctl != SEV_ISSUE_CMD)
+ return -EINVAL;
+
+ if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+ return -EFAULT;
+
+ if (input.cmd > SEV_MAX)
+ return -EINVAL;
+
+ mutex_lock(_cmd_mutex);
+
+ switch (input.cmd) {
+
+ case SEV_FACTORY_RESET:
+ ret = sev_ioctl_do_reset();
+ break;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+ ret = -EFAULT;
+out:
+ mutex_unlock(_cmd_mutex);
+
+ return ret;
}
static const struct file_operations sev_fops = {
--
2.9.5
[Part2 PATCH v8 11/38] crypto: ccp: Define SEV key management command id
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM spec
0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf)
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/linux/psp-sev.h | 465
1 file changed, 465 insertions(+)
create mode 100644 include/linux/psp-sev.h
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
new file mode 100644
index ..4a150d17d537
--- /dev/null
+++ b/include/linux/psp-sev.h
@@ -0,0 +1,465 @@
+/*
+ * AMD Secure Encrypted Virtualization (SEV) driver interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_H__
+#define __PSP_SEV_H__
+
+#include
+
+#ifdef CONFIG_X86
+#include
+
+#define __psp_pa(x)__sme_pa(x)
+#else
+#define __psp_pa(x)__pa(x)
+#endif
+
+#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */
+
+/**
+ * SEV platform state
+ */
+enum sev_state {
+ SEV_STATE_UNINIT= 0x0,
+ SEV_STATE_INIT = 0x1,
+ SEV_STATE_WORKING = 0x2,
+
+ SEV_STATE_MAX
+};
+
+/**
+ * SEV platform and guest management commands
+ */
+enum sev_cmd {
+ /* platform commands */
+ SEV_CMD_INIT= 0x001,
+ SEV_CMD_SHUTDOWN= 0x002,
+ SEV_CMD_FACTORY_RESET = 0x003,
+ SEV_CMD_PLATFORM_STATUS = 0x004,
+ SEV_CMD_PEK_GEN = 0x005,
+ SEV_CMD_PEK_CSR = 0x006,
+ SEV_CMD_PEK_CERT_IMPORT = 0x007,
+ SEV_CMD_PDH_CERT_EXPORT = 0x008,
+ SEV_CMD_PDH_GEN = 0x009,
+ SEV_CMD_DF_FLUSH= 0x00A,
+
+ /* Guest commands */
+ SEV_CMD_DECOMMISSION= 0x020,
+ SEV_CMD_ACTIVATE= 0x021,
+ SEV_CMD_DEACTIVATE = 0x022,
+ SEV_CMD_GUEST_STATUS= 0x023,
+
+ /* Guest launch commands */
+ SEV_CMD_LAUNCH_START= 0x030,
+ SEV_CMD_LAUNCH_UPDATE_DATA = 0x031,
+ SEV_CMD_LAUNCH_UPDATE_VMSA = 0x032,
+ SEV_CMD_LAUNCH_MEASURE = 0x033,
+ SEV_CMD_LAUNCH_UPDATE_SECRET= 0x034,
+ SEV_CMD_LAUNCH_FINISH = 0x035,
+
+ /* Guest migration commands (outgoing) */
+ SEV_CMD_SEND_START = 0x040,
+ SEV_CMD_SEND_UPDATE_DATA= 0x041,
+ SEV_CMD_SEND_UPDATE_VMSA= 0x042,
+ SEV_CMD_SEND_FINISH = 0x043,
+
+ /* Guest migration commands (incoming) */
+ SEV_CMD_RECEIVE_START = 0x050,
+ SEV_CMD_RECEIVE_UPDATE_DATA = 0x051,
+ SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052,
+ SEV_CMD_RECEIVE_FINISH = 0x053,
+
+ /* Guest debug commands */
+ SEV_CMD_DBG_DECRYPT = 0x060,
+ SEV_CMD_DBG_ENCRYPT = 0x061,
+
+ SEV_CMD_MAX,
+};
+
+/**
+ * struct sev_data_init - INIT command parameters
+ *
+ * @flags: processing flags
+ * @tmr_address: system physical address used for SEV-ES
+ * @tmr_len: len of tmr_address
+ */
+struct sev_data_init {
+ u32 flags; /* In */
+ u32 reserved; /* In */
+ u64 tmr_address;/* In */
+ u32 tmr_len;/* In */
+} __packed;
+
+/**
+ * struct sev_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @len: len of certificate
+ */
+struct sev_data_pek_csr {
+ u64 address;/* In */
+ u32 len;/* In/Out */
+} __packed;
+
+/**
+ * struct sev_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: len of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: len of OCA certificate
+ */
+struct sev_data_pek_cert_import {
+ u64 pek_cert_address; /* In */
+
[Part2 PATCH v8 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Extend the AMD-SP driver to provide the following support:
- an in-kernel API to communicate with the SEV firmware. The API can be
used by the hypervisor to create encryption context for a SEV guest.
- a userspace IOCTL to manage the platform certificates.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 344 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-sev.h | 137 +
5 files changed, 518 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..9915a6c604a3 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,12 @@
#include "sp-dev.h"
#include "psp-dev.h"
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static struct sev_misc_dev *misc_dev;
+static struct psp_device *psp_master;
+
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
@@ -45,9 +51,285 @@ static struct psp_device *psp_alloc_struct(struct sp_device
*sp)
static irqreturn_t psp_irq_handler(int irq, void *data)
{
+ struct psp_device *psp = data;
+ unsigned int status;
+ int reg;
+
+ /* Read the interrupt status: */
+ status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+ /* Check if it is command completion: */
+ if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+ goto done;
+
+ /* Check if it is SEV command completion: */
+ reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ if (reg & PSP_CMDRESP_RESP) {
+ psp->sev_int_rcvd = 1;
+ wake_up(>sev_int_queue);
+ }
+
+done:
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
}
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+ psp->sev_int_rcvd = 0;
+
+ wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+ *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+ switch (cmd) {
+ case SEV_CMD_INIT: return sizeof(struct
sev_data_init);
+ case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
sev_user_data_status);
+ case SEV_CMD_PEK_CSR: return sizeof(struct
sev_data_pek_csr);
+ case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct
sev_data_pek_cert_import);
+ case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct
sev_data_pdh_cert_export);
+ case SEV_CMD_LAUNCH_START: return sizeof(struct
sev_data_launch_start);
+ case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct
sev_data_launch_update_data);
+ case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct
sev_data_launch_update_vmsa);
+ case SEV_CMD_LAUNCH_FINISH: return sizeof(struct
sev_data_launch_finish);
+ case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct
sev_data_launch_measure);
+ case SEV_CMD_ACTIVATE: return sizeof(struct
sev_data_activate);
+ case SEV_CMD_DEACTIVATE:return sizeof(struct
sev_data_deactivate);
+ case SEV_CMD_DECOMMISSION: return sizeof(struct
sev_data_decommission);
+ case SEV_CMD_GUEST_STATUS: return sizeof(struct
sev_data_guest_status);
+ case SEV_CMD_DBG_DECRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_DBG_ENCRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_SEND_START:return sizeof(struct
sev_data_send_start);
+ case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct
sev_data_send_update_data);
+ case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct
sev_data_send_update_vmsa);
+
[Part2 PATCH v8 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b49583a45a55..a5072b166ab8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -274,6 +274,21 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
}
+static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_status *data = _master->status_cmd_buf;
+ int ret;
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, >error);
+ if (ret)
+ return ret;
+
+ if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
+ ret = -EFAULT;
+
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -299,6 +314,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_FACTORY_RESET:
ret = sev_ioctl_do_reset();
break;
+ case SEV_PLATFORM_STATUS:
+ ret = sev_ioctl_do_platform_status();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v8 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.
Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 105 +++
drivers/crypto/ccp/psp-dev.h | 59
drivers/crypto/ccp/sp-dev.c | 26 +++
drivers/crypto/ccp/sp-dev.h | 24 +-
drivers/crypto/ccp/sp-pci.c | 52 +
7 files changed, 277 insertions(+), 1 deletion(-)
create mode 100644 drivers/crypto/ccp/psp-dev.c
create mode 100644 drivers/crypto/ccp/psp-dev.h
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 9c84f9838931..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
Support for using the cryptographic API with the AMD Cryptographic
Coprocessor. This module supports offload of SHA and AES algorithms.
If you choose 'M' here, this module will be called ccp_crypto.
+
+config CRYPTO_DEV_SP_PSP
+ bool "Platform Security Processor (PSP) device"
+ default y
+ depends on CRYPTO_DEV_CCP_DD && X86_64
+ help
+Provide support for the AMD Platform Security Processor (PSP).
+The PSP is a dedicated processor that provides support for key
+management commands in Secure Encrypted Virtualization (SEV) mode,
+along with software-based Trusted Execution Environment (TEE) to
+enable third-party trusted applications.
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index 57f8debfcfb3..008bae7e26ec 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -7,6 +7,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \
ccp-debugfs.o
ccp-$(CONFIG_PCI) += sp-pci.o
+ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
new file mode 100644
index ..b5789f878560
--- /dev/null
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -0,0 +1,105 @@
+/*
+ * AMD Platform Security Processor (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "sp-dev.h"
+#include "psp-dev.h"
+
+static struct psp_device *psp_alloc_struct(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+
+ psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
+ if (!psp)
+ return NULL;
+
+ psp->dev = dev;
+ psp->sp = sp;
+
+ snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
+
+ return psp;
+}
+
+static irqreturn_t psp_irq_handler(int irq, void *data)
+{
+ return IRQ_HANDLED;
+}
+
+int psp_dev_init(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+ int ret;
+
+ ret = -ENOMEM;
+ psp = psp_alloc_struct(sp);
+ if (!psp)
+ goto e_err;
+
+ sp->psp_data = psp;
+
+ psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
+ if (!psp->vdata) {
+ ret = -ENODEV;
+ dev_err(dev, "missing driver data\n");
+ goto e_err;
+ }
+
+ psp->io_regs = sp->io_map + psp->vdata->offset;
+
+ /* Disable and clear interrupts until ready */
+ iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
[Part2 PATCH v8 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files changed, 85 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index c3906bbdb69b..9d1c4600db19 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -365,6 +365,84 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
}
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+ void *data;
+
+ if (!uaddr || !len)
+ return ERR_PTR(-EINVAL);
+
+ /* verify that blob length does not exceed our limit */
+ if (len > SEV_FW_BLOB_MAX_SIZE)
+ return ERR_PTR(-EINVAL);
+
+ data = kmalloc(len, GFP_KERNEL);
+ if (!data)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ goto e_free;
+
+ return data;
+
+e_free:
+ kfree(data);
+ return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_cert_import input;
+ struct sev_data_pek_cert_import *data;
+ void *pek_blob, *oca_blob;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* copy PEK certificate blobs from userspace */
+ pek_blob = psp_copy_user_blob(input.pek_cert_address,
input.pek_cert_len);
+ if (IS_ERR(pek_blob)) {
+ ret = PTR_ERR(pek_blob);
+ goto e_free;
+ }
+
+ data->pek_cert_address = __psp_pa(pek_blob);
+ data->pek_cert_len = input.pek_cert_len;
+
+ /* copy PEK certificate blobs from userspace */
+ oca_blob = psp_copy_user_blob(input.oca_cert_address,
input.oca_cert_len);
+ if (IS_ERR(oca_blob)) {
+ ret = PTR_ERR(oca_blob);
+ goto e_free_pek;
+ }
+
+ data->oca_cert_address = __psp_pa(oca_blob);
+ data->oca_cert_len = input.oca_cert_len;
+
+ /* If platform is not in INIT state then transition it to INIT */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_oca;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+e_free_oca:
+ kfree(oca_blob);
+e_free_pek:
+ kfree(pek_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -402,6 +480,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+ case SEV_PEK_CERT_IMPORT:
+ ret = sev_ioctl_do_pek_import();
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 0b6dd306d88b..93addfa34061 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -576,6 +576,8 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int
@@ -597,6 +599,8 @@ static inline int sev_guest_df_flush(int *error) { return
-ENODEV; }
static inline int
sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data,
int *error) { return -ENODEV; }
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return
ERR_PTR(-EINVAL); }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.9.5
[Part2 PATCH v8 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 97
1 file changed, 97 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 9d1c4600db19..fcfa5b1eae61 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -443,6 +443,100 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd
*argp)
return ret;
}
+static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pdh_cert_export input;
+ void *pdh_blob = NULL, *cert_blob = NULL;
+ struct sev_data_pdh_cert_export *data;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* Userspace wants to query the certificate length. */
+ if (!input.pdh_cert_address ||
+ !input.pdh_cert_len ||
+ !input.cert_chain_address)
+ goto cmd;
+
+ /* Allocate a physically contiguous buffer to store the PDH blob. */
+ if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
+ !access_ok(VERIFY_WRITE, input.pdh_cert_address,
input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ /* Allocate a physically contiguous buffer to store the cert chain
blob. */
+ if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
+ !access_ok(VERIFY_WRITE, input.cert_chain_address,
input.cert_chain_len)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+ if (!pdh_blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->pdh_cert_address = __psp_pa(pdh_blob);
+ data->pdh_cert_len = input.pdh_cert_len;
+
+ cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+ if (!cert_blob) {
+ ret = -ENOMEM;
+ goto e_free_pdh;
+ }
+
+ data->cert_chain_address = __psp_pa(cert_blob);
+ data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+ /* If platform is not in INIT state then transition it to INIT. */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_cert;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+ /* If we query the length, FW responded with expected data. */
+ input.cert_chain_len = data->cert_chain_len;
+ input.pdh_cert_len = data->pdh_cert_len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+
+ if (pdh_blob) {
+ if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+ }
+
+ if (cert_blob) {
+ if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+ ret = -EFAULT;
+ }
+
+e_free_cert:
+ kfree(cert_blob);
+e_free_pdh:
+ kfree(pdh_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -483,6 +577,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_do_pek_import();
break;
+ case SEV_PDH_CERT_EXPORT:
+ ret = sev_ioctl_do_pdh_export();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v8 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov <b...@suse.de>
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index a5072b166ab8..8aa8036023e0 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -289,6 +289,19 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int rc;
+
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ rc = __sev_platform_init_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(cmd, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -317,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v8 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command
The SEV_PDH_GEN command is used to re-generate the Platform Diffie-Hellman (PDH) key. The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 8aa8036023e0..fd3daf0a1176 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -333,6 +333,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, ); break; + case SEV_PDH_GEN: + ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, ); + break; default: ret = -EINVAL; goto out; -- 2.9.5
[Part2 PATCH v8 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 66
1 file changed, 66 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fd3daf0a1176..c3906bbdb69b 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -302,6 +302,69 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return __sev_do_cmd_locked(cmd, 0, >error);
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ ret = __sev_platform_init_locked(>error);
+ if (ret)
+ goto e_free_blob;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, >error);
+
+/* If we query the CSR length, FW responded with expected data. */
+ input.length = data->len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -336,6 +399,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v8 00/38] x86: Secure Encrypted Virtualization (AMD)
This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM changes required to create and manage SEV guests. SEV is an extension to the AMD-V architecture which supports running encrypted virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guest's data will be incorrectly decrypted, leading to unintelligible data. This security model ensures that hypervisor will no longer able to inspect or alter any guest code or data. The key management of this feature is handled by a separate processor known as the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key Management Specification (see below) provides a set of commands which can be used by hypervisor to load virtual machine keys through the AMD-SP driver. The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPT_OP). The ioctl will be used by qemu to issue SEV guest-specific commands defined in Key Management Specification. The following links provide additional details: AMD Memory Encryption white paper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 SEV Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf KVM Forum Presentation: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf SEV Guest BIOS support: SEV support has been add to EDKII/OVMF BIOS https://github.com/tianocore/edk2 SEV Part 1 patch series: https://marc.info/?l=linux-kernel=150851036113575=2 NOTE: No changes in Part1, the v7 patches still applies fine on tip/master -- The series is based on kvm/next commit : 6d6ab940dc8b (Merge branch 'kvm-ppc-next' of ...) Complete tree is available at: repo: https://github.com/codomania/kvm.git branch: sev-v8-p2 TODO: * Add SEV guest migration command support Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: David S. Miller <da...@davemloft.net> Cc: Gary Hook <gary.h...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Cc: linux-crypto@vger.kernel.org Changes since v7: * Rebase the series to kvm/next branch * move the FW error enum definition in include/uapi/linux/psp-sev.h so that both userspace and kernel can share it. * (ccp) drop cmd_buf arg from sev_platform_init() * (ccp) apply some cleanup/fixup from Boris * (ccp) add some comments in FACTORY_RESET command handling * (kvm) some fixup/cleanup from Boris * (kvm) acquire the kvm->lock when modifying the sev->regions_list Changes since v6: * (ccp): Extend psp_device structure to track the FW INIT and SHUTDOWN states. * (ccp): Init and Uninit SEV FW during module load/unload * (ccp): Avoid repeated k*alloc() for init and status command buffer * (kvm): Rework DBG command to fix the compilation warning seen with gcc7.x * (kvm): Convert the SEV doc in rst format Changes since v5: * split the PSP driver support into multiple patches * multiple improvements from Boris * remove mem_enc_enabled() ops Changes since v4: * Fixes to address kbuild robot errors * Add 'sev' module params to allow enable/disable SEV feature * Update documentation * Multiple fixes to address v4 feedbacks * Some coding style changes to address checkpatch reports Changes since v3: * Re-design the PSP interface support patch * Rename the ioctls based on the feedbacks * Improve documentation * Fix i386 build issues * Add LAUNCH_SECRET command * Add new Kconfig option to enable SEV support * Changes to address v3 feedbacks. Changes since v2: * Add KVM_MEMORY_ENCRYPT_REGISTER/UNREGISTER_RAM ioct to register encrypted memory ranges (recommend by Paolo) * Extend kvm_x86_ops to provide new memory_encryption_enabled ops * Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \ (recommended by Paolo) * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (34): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: S
Re: [Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
On 11/05/2017 05:34 AM, Borislav Petkov wrote: ... Fixes ontop: * !input.cert_chain_address test was repeated. I saw that by aligning them vertically, i.e., after making it more readable, the repetition became obvious. * Do the lengths checks first and the access_ok after, in each PDH and cert chain test. * Do the checks first and the allocations after, not interleaved. * Comments are sentences which should end with a '.' (hunk below contains also that _master->cmd_buf change but you're going to remove that arg anyway). I am good with all your fixup, I will apply them in v8. -Brijesh
Re: [Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
On 11/3/17 2:42 PM, Borislav Petkov wrote:
...
>> +if (psp_master->sev_state == SEV_STATE_UNINIT) {
>> +ret = __sev_platform_init_locked(psp_master->sev_init,
>> >error);
> Right, you're passing psp_master->sev_init (or whatever you're going to
> end up calling it) down but then in __sev_platform_init_locked() you end
> up doing
>
> if (!data)
> data = >cmd_buf;
>
> which looks silly.
>
> IOW, if not really required, __sev_platform_init_locked() could have
> only one argument instead:
>
> static int __sev_platform_init_locked(int *error)
The cmd_buf argument can be remove. I am have not looked at SEV-ES but
it may be possible that during SEV-ES patches kvm driver may need to
call the sev_platform_init() with different cmd_buf to initialize SEV-ES
states. I can removed it in next version.
-Brijesh
Re: [Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)
Hi Herbert, On 10/24/2017 07:14 AM, Brijesh Singh wrote: Hi Herbert and Paolo, Since the PSP patches touches both the CCP and KVM driver, hence I was wondering if you guys have any thought on how PSP patches will be merged? I am talking about Patch 9 to 20 from this series. I have ensured that patches apply cleanly on both kvm/master and cryptodev-2.6/master. We can do this in one of two ways: - Paolo can merge the PSP support through the KVM branch or - Herbert can create a topic branch with PSP changes and Paolo can use that topic branch. Any visibility will help my next submission. thank you. Just checking, any thought on this? Are you okay if the PSP changes are merged through the KVM tree? -Brijesh
[Part2 PATCH v7 00/38] x86: Secure Encrypted Virtualization (AMD)
This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.
SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have
their
pages (code and data) secured such that only the guest itself has access to
unencrypted version. Each encrypted VM is associated with a unique encryption
key;
if its data is accessed to a different entity using a different key the
encrypted
guest's data will be incorrectly decrypted, leading to unintelligible data.
This security model ensures that hypervisor will no longer able to inspect or
alter any guest code or data.
The key management of this feature is handled by a separate processor known as
the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key
Management Specification (see below) provides a set of commands which can be
used by hypervisor to load virtual machine keys through the AMD-SP driver.
The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPTION_OP). The
ioctl will be used by qemu to issue SEV guest-specific commands defined in Key
Management Specification.
The following links provide additional details:
AMD Memory Encryption white paper:
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
AMD64 Architecture Programmer's Manual:
http://support.amd.com/TechDocs/24593.pdf
SME is section 7.10
SEV is section 15.34
SEV Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
KVM Forum Presentation:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
SEV Guest BIOS support:
SEV support has been add to EDKII/OVMF BIOS
https://github.com/tianocore/edk2
SEV Part 1 patch series: https://marc.info/?l=linux-kernel=150851036113575=2
--
The series is based on kvm/master commit : cc9085b68753 (Merge branch \
'kvm-ppc-fixes')
Complete tree is available at:
repo: https://github.com/codomania/kvm.git
branch: sev-v7-p2
TODO:
* Add SEV guest migration command support
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Joerg Roedel <j...@8bytes.org>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: David S. Miller <da...@davemloft.net>
Cc: Gary Hook <gary.h...@amd.com>
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Changes since v6:
* (ccp): Extend psp_device structure to track the FW INIT and SHUTDOWN states.
* (ccp): Init and Uninit SEV FW during module load/unload
* (ccp): Avoid repeated k*alloc() for init and status command buffer
* (kvm): Rework DBG command to fix the compilation warning seen with gcc7.x
* (kvm): Convert the SEV doc in rst format
Changes since v5:
* split the PSP driver support into multiple patches
* multiple improvements from Boris
* remove mem_enc_enabled() ops
Changes since v4:
* Fixes to address kbuild robot errors
* Add 'sev' module params to allow enable/disable SEV feature
* Update documentation
* Multiple fixes to address v4 feedbacks
* Some coding style changes to address checkpatch reports
Changes since v3:
* Re-design the PSP interface support patch
* Rename the ioctls based on the feedbacks
* Improve documentation
* Fix i386 build issues
* Add LAUNCH_SECRET command
* Add new Kconfig option to enable SEV support
* Changes to address v3 feedbacks.
Changes since v2:
* Add KVM_MEMORY_ENCRYPT_REGISTER/UNREGISTER_RAM ioct to register encrypted
memory ranges (recommend by Paolo)
* Extend kvm_x86_ops to provide new memory_encryption_enabled ops
* Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \
(recommended by Paolo)
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
(SEV)
KVM: SVM: Prepare to reserve asid for SEV guest
KVM: X86: Extend CPUID range to include new leaf
KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl
crypto: ccp: Define SEV userspace ioctl and command id
crypto: ccp: Define SEV key management command id
crypto: ccp: Add Platform Security Processor (PSP) device support
crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
crypto: ccp: Implemen
[Part2 PATCH v7 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Gary R Hook <gary.h...@amd.com> Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Gary Hook <gary.h...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-crypto@vger.kernel.org --- drivers/crypto/ccp/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index 6d626606b9c5..9c84f9838931 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -1,5 +1,6 @@ config CRYPTO_DEV_CCP_DD tristate "Secure Processor device driver" + depends on CPU_SUP_AMD || ARM64 default m help Provides AMD Secure Processor device driver. -- 2.9.5
[Part2 PATCH v7 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Extend the AMD-SP driver to provide the following support:
- an in-kernel API to communicate with the SEV firmware. The API can be
used by the hypervisor to create encryption context for a SEV guest.
- a userspace IOCTL to manage the platform certificates.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 350 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-sev.h | 143 ++
5 files changed, 530 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..c61ca16096ca 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,12 @@
#include "sp-dev.h"
#include "psp-dev.h"
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static struct sev_misc_dev *misc_dev;
+static struct psp_device *psp_master;
+
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
@@ -45,9 +51,296 @@ static struct psp_device *psp_alloc_struct(struct sp_device
*sp)
static irqreturn_t psp_irq_handler(int irq, void *data)
{
+ struct psp_device *psp = data;
+ unsigned int status;
+ int reg;
+
+ /* Read the interrupt status: */
+ status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+ /* Check if it is command completion: */
+ if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+ goto done;
+
+ /* Check if it is SEV command completion: */
+ reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ if (reg & PSP_CMDRESP_RESP) {
+ psp->sev_int_rcvd = 1;
+ wake_up(>sev_int_queue);
+ }
+
+done:
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
}
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+ psp->sev_int_rcvd = 0;
+
+ wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+ *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+ switch (cmd) {
+ case SEV_CMD_INIT: return sizeof(struct
sev_data_init);
+ case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
sev_user_data_status);
+ case SEV_CMD_PEK_CSR: return sizeof(struct
sev_data_pek_csr);
+ case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct
sev_data_pek_cert_import);
+ case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct
sev_data_pdh_cert_export);
+ case SEV_CMD_LAUNCH_START: return sizeof(struct
sev_data_launch_start);
+ case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct
sev_data_launch_update_data);
+ case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct
sev_data_launch_update_vmsa);
+ case SEV_CMD_LAUNCH_FINISH: return sizeof(struct
sev_data_launch_finish);
+ case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct
sev_data_launch_measure);
+ case SEV_CMD_ACTIVATE: return sizeof(struct
sev_data_activate);
+ case SEV_CMD_DEACTIVATE:return sizeof(struct
sev_data_deactivate);
+ case SEV_CMD_DECOMMISSION: return sizeof(struct
sev_data_decommission);
+ case SEV_CMD_GUEST_STATUS: return sizeof(struct
sev_data_guest_status);
+ case SEV_CMD_DBG_DECRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_DBG_ENCRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_SEND_START:return sizeof(struct
sev_data_send_start);
+ case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct
sev_data_send_update_data);
+ case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct
sev_data_send_update_vmsa);
+
[Part2 PATCH v7 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.
Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 105 +++
drivers/crypto/ccp/psp-dev.h | 59
drivers/crypto/ccp/sp-dev.c | 26 +++
drivers/crypto/ccp/sp-dev.h | 24 +-
drivers/crypto/ccp/sp-pci.c | 52 +
7 files changed, 277 insertions(+), 1 deletion(-)
create mode 100644 drivers/crypto/ccp/psp-dev.c
create mode 100644 drivers/crypto/ccp/psp-dev.h
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 9c84f9838931..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
Support for using the cryptographic API with the AMD Cryptographic
Coprocessor. This module supports offload of SHA and AES algorithms.
If you choose 'M' here, this module will be called ccp_crypto.
+
+config CRYPTO_DEV_SP_PSP
+ bool "Platform Security Processor (PSP) device"
+ default y
+ depends on CRYPTO_DEV_CCP_DD && X86_64
+ help
+Provide support for the AMD Platform Security Processor (PSP).
+The PSP is a dedicated processor that provides support for key
+management commands in Secure Encrypted Virtualization (SEV) mode,
+along with software-based Trusted Execution Environment (TEE) to
+enable third-party trusted applications.
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index 57f8debfcfb3..008bae7e26ec 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -7,6 +7,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \
ccp-debugfs.o
ccp-$(CONFIG_PCI) += sp-pci.o
+ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
new file mode 100644
index ..b5789f878560
--- /dev/null
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -0,0 +1,105 @@
+/*
+ * AMD Platform Security Processor (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "sp-dev.h"
+#include "psp-dev.h"
+
+static struct psp_device *psp_alloc_struct(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+
+ psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
+ if (!psp)
+ return NULL;
+
+ psp->dev = dev;
+ psp->sp = sp;
+
+ snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
+
+ return psp;
+}
+
+static irqreturn_t psp_irq_handler(int irq, void *data)
+{
+ return IRQ_HANDLED;
+}
+
+int psp_dev_init(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+ int ret;
+
+ ret = -ENOMEM;
+ psp = psp_alloc_struct(sp);
+ if (!psp)
+ goto e_err;
+
+ sp->psp_data = psp;
+
+ psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
+ if (!psp->vdata) {
+ ret = -ENODEV;
+ dev_err(dev, "missing driver data\n");
+ goto e_err;
+ }
+
+ psp->io_regs = sp->io_map + psp->vdata->offset;
+
+ /* Disable and clear interrupts until ready */
+ iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
[Part2 PATCH v7 11/38] crypto: ccp: Define SEV key management command id
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM spec
0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf)
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/linux/psp-sev.h | 494
1 file changed, 494 insertions(+)
create mode 100644 include/linux/psp-sev.h
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
new file mode 100644
index ..15bda519538e
--- /dev/null
+++ b/include/linux/psp-sev.h
@@ -0,0 +1,494 @@
+/*
+ * AMD Secure Encrypted Virtualization (SEV) driver interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_H__
+#define __PSP_SEV_H__
+
+#include
+
+#ifdef CONFIG_X86
+#include
+
+#define __psp_pa(x)__sme_pa(x)
+#else
+#define __psp_pa(x)__pa(x)
+#endif
+
+#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */
+
+/**
+ * SEV platform state
+ */
+enum sev_state {
+ SEV_STATE_UNINIT= 0x0,
+ SEV_STATE_INIT = 0x1,
+ SEV_STATE_WORKING = 0x2,
+
+ SEV_STATE_MAX
+};
+
+/**
+ * SEV platform and guest management commands
+ */
+enum sev_cmd {
+ /* platform commands */
+ SEV_CMD_INIT= 0x001,
+ SEV_CMD_SHUTDOWN= 0x002,
+ SEV_CMD_FACTORY_RESET = 0x003,
+ SEV_CMD_PLATFORM_STATUS = 0x004,
+ SEV_CMD_PEK_GEN = 0x005,
+ SEV_CMD_PEK_CSR = 0x006,
+ SEV_CMD_PEK_CERT_IMPORT = 0x007,
+ SEV_CMD_PDH_CERT_EXPORT = 0x008,
+ SEV_CMD_PDH_GEN = 0x009,
+ SEV_CMD_DF_FLUSH= 0x00A,
+
+ /* Guest commands */
+ SEV_CMD_DECOMMISSION= 0x020,
+ SEV_CMD_ACTIVATE= 0x021,
+ SEV_CMD_DEACTIVATE = 0x022,
+ SEV_CMD_GUEST_STATUS= 0x023,
+
+ /* Guest launch commands */
+ SEV_CMD_LAUNCH_START= 0x030,
+ SEV_CMD_LAUNCH_UPDATE_DATA = 0x031,
+ SEV_CMD_LAUNCH_UPDATE_VMSA = 0x032,
+ SEV_CMD_LAUNCH_MEASURE = 0x033,
+ SEV_CMD_LAUNCH_UPDATE_SECRET= 0x034,
+ SEV_CMD_LAUNCH_FINISH = 0x035,
+
+ /* Guest migration commands (outgoing) */
+ SEV_CMD_SEND_START = 0x040,
+ SEV_CMD_SEND_UPDATE_DATA= 0x041,
+ SEV_CMD_SEND_UPDATE_VMSA= 0x042,
+ SEV_CMD_SEND_FINISH = 0x043,
+
+ /* Guest migration commands (incoming) */
+ SEV_CMD_RECEIVE_START = 0x050,
+ SEV_CMD_RECEIVE_UPDATE_DATA = 0x051,
+ SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052,
+ SEV_CMD_RECEIVE_FINISH = 0x053,
+
+ /* Guest debug commands */
+ SEV_CMD_DBG_DECRYPT = 0x060,
+ SEV_CMD_DBG_ENCRYPT = 0x061,
+
+ SEV_CMD_MAX,
+};
+
+/**
+ * status code returned by the commands
+ */
+enum psp_ret_code {
+ SEV_RET_SUCCESS = 0,
+ SEV_RET_INVALID_PLATFORM_STATE,
+ SEV_RET_INVALID_GUEST_STATE,
+ SEV_RET_INAVLID_CONFIG,
+ SEV_RET_INVALID_len,
+ SEV_RET_ALREADY_OWNED,
+ SEV_RET_INVALID_CERTIFICATE,
+ SEV_RET_POLICY_FAILURE,
+ SEV_RET_INACTIVE,
+ SEV_RET_INVALID_ADDRESS,
+ SEV_RET_BAD_SIGNATURE,
+ SEV_RET_BAD_MEASUREMENT,
+ SEV_RET_ASID_OWNED,
+ SEV_RET_INVALID_ASID,
+ SEV_RET_WBINVD_REQUIRED,
+ SEV_RET_DFFLUSH_REQUIRED,
+ SEV_RET_INVALID_GUEST,
+ SEV_RET_INVALID_COMMAND,
+ SEV_RET_ACTIVE,
+ SEV_RET_HWSEV_RET_PLATFORM,
+ SEV_RET_HWSEV_RET_UNSAFE,
+ SEV_RET_UNSUPPORTED,
+ SEV_RET_MAX,
+};
+
+/**
+ * struct sev_data_init - INIT command parameters
+ *
+ * @flags: processing flags
+ * @tmr_address: system physical address used for SEV-ES
+ * @tmr_len: len of tmr_address
+ */
+struct sev_data_init {
+ u32 flags; /* In */
+ u32 reserved;
[Part2 PATCH v7 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 70 +++-
1 file changed, 69 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index c61ca16096ca..a757bd1c34e8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -235,9 +235,77 @@ static int sev_platform_shutdown(int *error)
return rc;
}
+static int sev_platform_state(int *state, int *error)
+{
+ int rc;
+
+ rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
+psp_master->sev_status, error);
+ if (rc)
+ return rc;
+
+ *state = psp_master->sev_status->state;
+ return rc;
+}
+
+static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
+{
+ int state, rc;
+
+ rc = sev_platform_state(, >error);
+ if (rc)
+ return rc;
+
+ if (state == SEV_STATE_WORKING) {
+ argp->error = SEV_RET_INVALID_PLATFORM_STATE;
+ return -EBUSY;
+ }
+
+ if (state == SEV_STATE_INIT) {
+ rc = __sev_platform_shutdown_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
- return -ENOTTY;
+ void __user *argp = (void __user *)arg;
+ struct sev_issue_cmd input;
+ int ret = -EFAULT;
+
+ if (!psp_master)
+ return -ENODEV;
+
+ if (ioctl != SEV_ISSUE_CMD)
+ return -EINVAL;
+
+ if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+ return -EFAULT;
+
+ if (input.cmd > SEV_MAX)
+ return -EINVAL;
+
+ mutex_lock(_cmd_mutex);
+
+ switch (input.cmd) {
+
+ case SEV_FACTORY_RESET:
+ ret = sev_ioctl_do_reset();
+ break;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+ ret = -EFAULT;
+out:
+ mutex_unlock(_cmd_mutex);
+
+ return ret;
}
static const struct file_operations sev_fops = {
--
2.9.5
[Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 68
1 file changed, 68 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 42991c2e9085..4e2f9d037f0a 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -298,6 +298,71 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return __sev_do_cmd_locked(cmd, 0, >error);
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ ret = __sev_platform_init_locked(psp_master->sev_init,
>error);
+ if (ret)
+ goto e_free_blob;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, >error);
+
+ /*
+* If we query the CSR length, FW responded with expected data
+*/
+ input.length = data->len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -332,6 +397,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v7 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files changed, 85 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 4e2f9d037f0a..2648faf33a19 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -363,6 +363,84 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
}
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+ void *data;
+
+ if (!uaddr || !len)
+ return ERR_PTR(-EINVAL);
+
+ /* verify that blob length does not exceed our limit */
+ if (len > SEV_FW_BLOB_MAX_SIZE)
+ return ERR_PTR(-EINVAL);
+
+ data = kmalloc(len, GFP_KERNEL);
+ if (!data)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ goto e_free;
+
+ return data;
+
+e_free:
+ kfree(data);
+ return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_cert_import input;
+ struct sev_data_pek_cert_import *data;
+ void *pek_blob, *oca_blob;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* copy PEK certificate blobs from userspace */
+ pek_blob = psp_copy_user_blob(input.pek_cert_address,
input.pek_cert_len);
+ if (IS_ERR(pek_blob)) {
+ ret = PTR_ERR(pek_blob);
+ goto e_free;
+ }
+
+ data->pek_cert_address = __psp_pa(pek_blob);
+ data->pek_cert_len = input.pek_cert_len;
+
+ /* copy PEK certificate blobs from userspace */
+ oca_blob = psp_copy_user_blob(input.oca_cert_address,
input.oca_cert_len);
+ if (IS_ERR(oca_blob)) {
+ ret = PTR_ERR(oca_blob);
+ goto e_free_pek;
+ }
+
+ data->oca_cert_address = __psp_pa(oca_blob);
+ data->oca_cert_len = input.oca_cert_len;
+
+ /* If platform is not in INIT state then transition it to INIT */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(psp_master->sev_init,
>error);
+ if (ret)
+ goto e_free_oca;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+e_free_oca:
+ kfree(oca_blob);
+e_free_pek:
+ kfree(pek_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -400,6 +478,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+ case SEV_PEK_CERT_IMPORT:
+ ret = sev_ioctl_do_pek_import();
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index fb563248d9a9..a65d96dea77b 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -606,6 +606,8 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int
@@ -632,6 +634,8 @@ sev_issue_cmd_external_user(struct file *filep,
return -ENODEV;
}
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return
ERR_PTR(-EINVAL); }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.9.5
[Part2 PATCH v7 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command
The SEV_PDH_GEN command is used to re-generate the Platform Diffie-Hellman (PDH) key. The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Acked-by: Gary R Hook <gary.h...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 2c28c36d7ae8..42991c2e9085 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -329,6 +329,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, ); break; + case SEV_PDH_GEN: + ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, ); + break; default: ret = -EINVAL; goto out; -- 2.9.5
[Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 98
1 file changed, 98 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 2648faf33a19..96739ff105e6 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -441,6 +441,101 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd
*argp)
return ret;
}
+static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pdh_cert_export input;
+ void *pdh_blob = NULL, *cert_blob = NULL;
+ struct sev_data_pdh_cert_export *data;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* Userspace wants to query the certificate length */
+ if (!input.pdh_cert_address || !input.pdh_cert_len ||
+ !input.cert_chain_address || !input.cert_chain_address)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the PDH blob */
+ if (!access_ok(VERIFY_WRITE, input.pdh_cert_address,
input.pdh_cert_len) ||
+ (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+ if (!pdh_blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->pdh_cert_address = __psp_pa(pdh_blob);
+ data->pdh_cert_len = input.pdh_cert_len;
+
+ /* allocate a physically contiguous buffer to store the cert chain blob
*/
+ if (!access_ok(VERIFY_WRITE, input.cert_chain_address,
input.cert_chain_len) ||
+ (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free_pdh;
+ }
+
+ cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+ if (!cert_blob) {
+ ret = -ENOMEM;
+ goto e_free_pdh;
+ }
+
+ data->cert_chain_address = __psp_pa(cert_blob);
+ data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+ /* If platform is not in INIT state then transition it to INIT */
+ if (psp_master->sev_state != SEV_STATE_INIT) {
+ ret = __sev_platform_init_locked(psp_master->sev_init,
>error);
+ if (ret)
+ goto e_free_cert;
+ }
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+ /*
+* If we query the length, FW responded with expected data
+*/
+ input.cert_chain_len = data->cert_chain_len;
+ input.pdh_cert_len = data->pdh_cert_len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+
+ if (pdh_blob) {
+ if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+ }
+
+ if (cert_blob) {
+ if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+ ret = -EFAULT;
+ }
+
+e_free_cert:
+ kfree(cert_blob);
+e_free_pdh:
+ kfree(pdh_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -481,6 +576,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_do_pek_import();
break;
+ case SEV_PDH_CERT_EXPORT:
+ ret = sev_ioctl_do_pdh_export();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v7 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov <b...@suse.de>
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index ef473ec4a413..2c28c36d7ae8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -285,6 +285,19 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int rc;
+
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ rc = __sev_platform_init_locked(psp_master->sev_init,
>error);
+ if (rc)
+ return rc;
+ }
+
+ return __sev_do_cmd_locked(cmd, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -313,6 +326,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v7 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index a757bd1c34e8..ef473ec4a413 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -270,6 +270,21 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
}
+static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_status *data = psp_master->sev_status;
+ int ret;
+
+ ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, >error);
+ if (ret)
+ return ret;
+
+ if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
+ ret = -EFAULT;
+
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -295,6 +310,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_FACTORY_RESET:
ret = sev_ioctl_do_reset();
break;
+ case SEV_PLATFORM_STATUS:
+ ret = sev_ioctl_do_platform_status();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v7 10/38] crypto: ccp: Define SEV userspace ioctl and command id
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
include/uapi/linux/psp-sev.h | 113 +++
1 file changed, 113 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
new file mode 100644
index ..1dd98ba4ff22
--- /dev/null
+++ b/include/uapi/linux/psp-sev.h
@@ -0,0 +1,113 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include
+
+/**
+ * SEV platform commands
+ */
+enum {
+ SEV_FACTORY_RESET = 0,
+ SEV_PLATFORM_STATUS,
+ SEV_PEK_GEN,
+ SEV_PEK_CSR,
+ SEV_PDH_GEN,
+ SEV_PDH_CERT_EXPORT,
+ SEV_PEK_CERT_IMPORT,
+
+ SEV_MAX,
+};
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+ __u8 api_major; /* Out */
+ __u8 api_minor; /* Out */
+ __u8 state; /* Out */
+ __u32 flags;/* Out */
+ __u8 build; /* Out */
+ __u32 guest_count; /* Out */
+} __packed;
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+ __u64 address; /* In */
+ __u32 length; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+ __u64 pek_cert_address; /* In */
+ __u32 pek_cert_len; /* In */
+ __u64 oca_cert_address; /* In */
+ __u32 oca_cert_len; /* In */
+} __packed;
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+ __u64 pdh_cert_address; /* In */
+ __u32 pdh_cert_len; /* In/Out */
+ __u64 cert_chain_address; /* In */
+ __u32 cert_chain_len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error: SEV FW return code on failure
+ */
+struct sev_issue_cmd {
+ __u32 cmd; /* In */
+ __u64 data; /* In */
+ __u32 error;/* Out */
+} __packed;
+
+#define SEV_IOC_TYPE 'S'
+#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
+
+#endif /* __PSP_USER_SEV_H */
--
2.9.5
Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/30/17 12:57 PM, Borislav Petkov wrote: > On Mon, Oct 30, 2017 at 12:49:14PM -0500, Brijesh Singh wrote: >> If the buffer is allocated on the stack then there is no guarantee that > static global is not allocated on the stack. Okay, Just tried static global with CONFIG_VMAP_STACK=y and I am getting wrong physical address with __pa. PSP command fails with error code "INVALID_ADDRESS". The same thing works fine with kmalloc() buffer. >> I can certainly move the allocation outside, but then it may increase the >> code size in other functions. If its not a big deal then I would prefer to >> keep what we have. > Avoiding repeated k*alloc calls is always a good thing. Actually kmalloc-ing > 20 > bytes each time sounds like it is not worth the calling overhead to me. > To avoid repeated k*alloc calls, I could devm_kzalloc() these variable during sev_init() and reuse them when needed.
Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/30/2017 12:21 PM, Borislav Petkov wrote:
...
Useless forward declarations.
Actually its helpful in other patches. I was trying to avoid making too
many code movement in other patches to eliminate the forward
declarations. I guess I can fix in v7.
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
...
+static int sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
You can use the "__" prefix to denote that it is a lower-level helper:
__sev_do_cmd
__sev_do_cmd_locked
Ditto for the other locked functions.
noted
...
+static int sev_platform_init_locked(struct sev_data_init *data, int *error)
+{
+ struct psp_device *psp = psp_master;
+ struct sev_data_init *input = NULL;
+ int rc = 0;
+
+ if (!psp)
+ return -ENODEV;
+
+ if (psp->sev_state == SEV_STATE_INIT)
+ return 0;
+
+ if (!data) {
+ input = kzalloc(sizeof(*input), GFP_KERNEL);
+ if (!input)
+ return -ENOMEM;
+
+ data = input;
+ }
You can do the allocation in the enclosing function, outside of the
critical region so that you can keep it shorter.
Or even better: if you're going to synchronize the commands with a
mutex, you can define a static struct sev_data_init input in this file
which you always hand in and then you can save yourself the kmalloc
calls.
If the buffer is allocated on the stack then there is no guarantee that
__pa() will gives us a valid physical address. IIRC, when
CONFIG_VMAP_STACK=y then stack space is mapped similar to vmalloc'd
storage and __pa() will not work.
Since we need to pass the physical address to PSP hence variable
allocated on the stack will not work.
I can certainly move the allocation outside, but then it may increase
the code size in other functions. If its not a big deal then I would
prefer to keep what we have.
...
+
+int sev_platform_shutdown(int *error)
+{
+ if (error)
+ *error = 0;
+
+ return 0;
+}
I'm guessing that that's just bare-bones and it will get filled up in
the next patches. Otherwise it looks pretty useless.
Well, we are not expanding in other patches. I was also debating on what
to do with this function. Since we need sev_platform_init() hence it
made sense to add sev_platform_shutdown() as well. If we add the
function then I wanted to make sure that we set the *error = SUCCESS so
that caller knows that function succeeded.
If it is just to block the user from sending SHUTDOWN to the PSP
master, just do that in the ioctl directly - no need to call some empty
functions.
The function is not used by userspace ioctl, its used by kvm drv when it
launch/terminates the SEV guest.
-Brijesh
[Part2 PATCH v6.2 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
Changes since v6.1:
* use psp->sev_state to check the state before transition to INIT
drivers/crypto/ccp/psp-dev.c | 68
1 file changed, 68 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 0d4d95bc35ab..e69ac6f6173c 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -253,6 +253,71 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return sev_do_cmd_locked(cmd, 0, >error);
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ ret = sev_platform_init_locked(NULL, >error);
+ if (ret)
+ goto e_free_blob;
+ }
+
+ ret = sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, >error);
+
+ /*
+* If we query the CSR length, FW responded with expected data
+*/
+ input.length = data->len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -287,6 +352,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6.1 15/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov <b...@suse.de>
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
Boris,
I had your R-b in v6 and have kept it. The changes in this patch are
very minor. Let me know if you are okay with it - thanks
Changes since v6:
* use psp->sev_state to check if FW is in correct state before
doing the INIT transition
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 24a970809ded..53fbbc41b521 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -240,6 +240,19 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int rc;
+
+ if (psp_master->sev_state == SEV_STATE_UNINIT) {
+ rc = sev_platform_init_locked(NULL, >error);
+ if (rc)
+ return rc;
+ }
+
+ return sev_do_cmd_locked(cmd, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -268,6 +281,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6.1 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Acked-by: Gary R Hook <gary.h...@amd.com>
---
Boris,
It may look confusing that we call PLATFORM_STATUS command to check the
current FW state even when we keep the state in psp->sev_state.
Per spec, PLATFORM_INIT transitions FW from UINIT -> INIT and SHUTDOWN from
-> UINIT but there are multiple commands which can transition FW
from INIT -> WORKING state. Hence my thinking is, if we really need to know
whether we are in WORKING state then invoke PLATFORM_STATUS. So far,
FACTORY_RESET is where we need to know if we are in WORKING state to avoid
shutdown the FW. In real world app this command may not be used that
often hence I don't feel like adding more complexity to the code.
Changes since v6:
* If FW is in WORKING state then reject the command
* If FW is in INIT state then shutdown before issuing the command
drivers/crypto/ccp/psp-dev.c | 77 +++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 060f57ac08b3..b02ea56508b4 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -177,9 +177,84 @@ static int sev_do_cmd(int cmd, void *data, int *psp_ret)
return rc;
}
+static int sev_platform_state(int *state, int *error)
+{
+ struct sev_user_data_status *data;
+ int rc;
+
+ data = kzalloc(sizeof (*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ rc = sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, error);
+ if (rc)
+ goto e_free;
+
+ *state = data->state;
+
+e_free:
+ kfree(data);
+ return rc;
+}
+
+static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
+{
+ int state, rc;
+
+ rc = sev_platform_state(, >error);
+ if (rc)
+ return rc;
+
+ if (state == SEV_STATE_WORKING) {
+ argp->error = SEV_RET_INVALID_PLATFORM_STATE;
+ return -EBUSY;
+ }
+
+ if (state == SEV_STATE_INIT) {
+ rc = sev_platform_shutdown_locked(>error);
+ if (rc)
+ return rc;
+ }
+
+ return sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
- return -ENOTTY;
+ void __user *argp = (void __user *)arg;
+ struct sev_issue_cmd input;
+ int ret = -EFAULT;
+
+ if (!psp_master)
+ return -ENODEV;
+
+ if (ioctl != SEV_ISSUE_CMD)
+ return -EINVAL;
+
+ if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+ return -EFAULT;
+
+ if (input.cmd > SEV_MAX)
+ return -EINVAL;
+
+ mutex_lock(_cmd_mutex);
+
+ switch (input.cmd) {
+
+ case SEV_FACTORY_RESET:
+ ret = sev_ioctl_do_reset();
+ break;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+ ret = -EFAULT;
+out:
+ mutex_unlock(_cmd_mutex);
+
+ return ret;
}
static const struct file_operations sev_fops = {
--
2.9.5
Re: [Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
I just realized that this should be marked as "PATCH v6.1 13/38 ...". I
had some debug patch before this hence it was pushed below in the stack.
On 10/29/17 3:48 PM, Brijesh Singh wrote:
> AMD's new Secure Encrypted Virtualization (SEV) feature allows the
> memory contents of virtual machines to be transparently encrypted with a
> key unique to the VM. The programming and management of the encryption
> keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
> commands for these tasks. The complete spec is available at:
>
> http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
>
> Extend the AMD-SP driver to provide the following support:
>
> - an in-kernel API to communicate with the SEV firmware. The API can be
>used by the hypervisor to create encryption context for a SEV guest.
>
> - a userspace IOCTL to manage the platform certificates.
>
> Cc: Paolo Bonzini <pbonz...@redhat.com>
> Cc: "Radim Krčmář" <rkrc...@redhat.com>
> Cc: Borislav Petkov <b...@suse.de>
> Cc: Herbert Xu <herb...@gondor.apana.org.au>
> Cc: Gary Hook <gary.h...@amd.com>
> Cc: Tom Lendacky <thomas.lenda...@amd.com>
> Cc: linux-crypto@vger.kernel.org
> Cc: k...@vger.kernel.org
> Cc: linux-ker...@vger.kernel.org
> Improvements-by: Borislav Petkov <b...@suse.de>
> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
> ---
>
> Boris,
>
> I have tried to minimize the INIT -> SHUTDOWN transition by keeping state
> information in sev_state variable. Since we INIT the platform during the
> modprobe time hence we no longer need the kref count and init mutex.
> Here are list of changes.
>
> Changes since v6:
> * Add functions to init and shutdown firmware during modprobe
> * Add sev_state variable in psp_device to keep track of the INIT and SHUTDOWN
>state
> * Don't allow caller to shutdown the FW because SHUTDOWN will be done during
>the module removal.
> * Drop the fw_init_mutex and init_refcount because we no longer allow apps to
>INIT and UINIT the platform
>
> drivers/crypto/ccp/psp-dev.c | 360
> +++
> drivers/crypto/ccp/psp-dev.h | 22 +++
> drivers/crypto/ccp/sp-dev.c | 9 ++
> drivers/crypto/ccp/sp-dev.h | 4 +
> include/linux/psp-sev.h | 158 +++
> 5 files changed, 553 insertions(+)
>
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index b5789f878560..060f57ac08b3 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -26,6 +26,15 @@
> #include "sp-dev.h"
> #include "psp-dev.h"
>
> +#define DEVICE_NAME "sev"
> +
> +static DEFINE_MUTEX(sev_cmd_mutex);
> +static struct sev_misc_dev *misc_dev;
> +static struct psp_device *psp_master;
> +
> +static int sev_platform_shutdown_locked(int *error);
> +static int sev_platform_init_locked(struct sev_data_init *data, int *error);
> +
> static struct psp_device *psp_alloc_struct(struct sp_device *sp)
> {
> struct device *dev = sp->dev;
> @@ -45,9 +54,304 @@ static struct psp_device *psp_alloc_struct(struct
> sp_device *sp)
>
> static irqreturn_t psp_irq_handler(int irq, void *data)
> {
> + struct psp_device *psp = data;
> + unsigned int status;
> + int reg;
> +
> + /* Read the interrupt status: */
> + status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
> +
> + /* Check if it is command completion: */
> + if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
> + goto done;
> +
> + /* Check if it is SEV command completion: */
> + reg = ioread32(psp->io_regs + PSP_CMDRESP);
> + if (reg & PSP_CMDRESP_RESP) {
> + psp->sev_int_rcvd = 1;
> + wake_up(>sev_int_queue);
> + }
> +
> +done:
> + /* Clear the interrupt status by writing the same value we read. */
> + iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
> +
> return IRQ_HANDLED;
> }
>
> +static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
> +{
> + psp->sev_int_rcvd = 0;
> +
> + wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
> + *reg = ioread32(psp->io_regs + PSP_CMDRESP);
> +}
> +
> +static int sev_cmd_buffer_len(int cmd)
> +{
> + switch (cmd) {
> + case SEV_CMD_INIT: return sizeof(struct
> sev_data_init);
> + case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
> sev_user_data_status);
> + case SEV_CMD_PEK_CSR: return sizeof(struct
> sev_data_pek_csr);
> + cas
[Part2 PATCH v6.1 16/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Extend the AMD-SP driver to provide the following support:
- an in-kernel API to communicate with the SEV firmware. The API can be
used by the hypervisor to create encryption context for a SEV guest.
- a userspace IOCTL to manage the platform certificates.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Boris,
I have tried to minimize the INIT -> SHUTDOWN transition by keeping state
information in sev_state variable. Since we INIT the platform during the
modprobe time hence we no longer need the kref count and init mutex.
Here are list of changes.
Changes since v6:
* Add functions to init and shutdown firmware during modprobe
* Add sev_state variable in psp_device to keep track of the INIT and SHUTDOWN
state
* Don't allow caller to shutdown the FW because SHUTDOWN will be done during
the module removal.
* Drop the fw_init_mutex and init_refcount because we no longer allow apps to
INIT and UINIT the platform
drivers/crypto/ccp/psp-dev.c | 360 +++
drivers/crypto/ccp/psp-dev.h | 22 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-sev.h | 158 +++
5 files changed, 553 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..060f57ac08b3 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,15 @@
#include "sp-dev.h"
#include "psp-dev.h"
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static struct sev_misc_dev *misc_dev;
+static struct psp_device *psp_master;
+
+static int sev_platform_shutdown_locked(int *error);
+static int sev_platform_init_locked(struct sev_data_init *data, int *error);
+
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
@@ -45,9 +54,304 @@ static struct psp_device *psp_alloc_struct(struct sp_device
*sp)
static irqreturn_t psp_irq_handler(int irq, void *data)
{
+ struct psp_device *psp = data;
+ unsigned int status;
+ int reg;
+
+ /* Read the interrupt status: */
+ status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+ /* Check if it is command completion: */
+ if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+ goto done;
+
+ /* Check if it is SEV command completion: */
+ reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ if (reg & PSP_CMDRESP_RESP) {
+ psp->sev_int_rcvd = 1;
+ wake_up(>sev_int_queue);
+ }
+
+done:
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
}
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+ psp->sev_int_rcvd = 0;
+
+ wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+ *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+ switch (cmd) {
+ case SEV_CMD_INIT: return sizeof(struct
sev_data_init);
+ case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
sev_user_data_status);
+ case SEV_CMD_PEK_CSR: return sizeof(struct
sev_data_pek_csr);
+ case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct
sev_data_pek_cert_import);
+ case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct
sev_data_pdh_cert_export);
+ case SEV_CMD_LAUNCH_START: return sizeof(struct
sev_data_launch_start);
+ case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct
sev_data_launch_update_data);
+ case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct
sev_data_launch_update_vmsa);
+ case SEV_CMD_LAUNCH_FINISH: return sizeof(struct
sev_data_launch_finish);
+ case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct
sev_data_launch_measure);
+ case SEV_CMD_ACTIVATE: return sizeof(str
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/27/17 7:00 PM, Borislav Petkov wrote:
> On Fri, Oct 27, 2017 at 05:59:23PM -0500, Brijesh Singh wrote:
>> Yes it is typo. PEK_GEN wants FW to be in INIT state hence someone need
>> to transition from UNINIT -> INIT.
> Which, once you've done it once on driver init, is there.
>
>> That's what I am doing except FACTORY_RESET.
> Well, not really. Lemme pick a command at random...
>
> PEK_CSR. For that, you do INIT -> PEK_CSR -> SHUTDOWN.
>
> Doc says, platform needs to be in INIT or WORKING state. But nothing
> says you should shut it down. Spec says, SHUTDOWN transitions platform
> to UNINIT state. So when the next command comes in which needs the
> platform to be in INIT state, you go and INIT it again. For no reason
> *WHATSOEVER*!
>
> I know, you're gonna say, but what if the next command needs a different
> state than INIT. Well, *then* you transition it, in the command
> function. When that function executes. But not before that and not in
> preparation that *maybe* the next command will be it.
>
> Now, if you did:
>
> INIT once during driver init
>
> PEK_CSR
>
> (platform remains in INIT state)
>
> <--- the next command here can execute directly if it is allowed in INIT
> state.
>
> Instead, the platform has been shutdown and you init it again. Do you
> see now what I mean?
Yes, I can see that with your proposal we may able to save some PSP
interaction because after command execution we do not restore to the
previous state. e.g before executing the PEK_CSR command if FW was in
UINIT then we do UNINIT -> INIT and leave it to INIT state.
> IOW, once you init the PSP master, you should keep it in the INIT state
> - or the state in which most commands expect it to be and thus save
> yourself all that unnecessary toggling. If a command needs it to be in a
> different state, only *then* you transition it.
Let me implement it and send you the patch. I think the command
execution function will look like this:
static int sev_ioctl_do_pek_csr(...)
{
mutex(_init_mutex);
/* If FW is not in INIT state then initialize before executing command */
if (psp->sev_state != SEV_STATE_INIT) {
rc = sev_platform_init(...);
if (rc) {
mutex_unlock(_init_mutex);
return rc;
}
}
rc = sev_do_cmd()
mutex_unlock(_init_mutex);
return rc;
}
and factory reset will look like this
static int sev_ioctl_do_reset(...)
{
mutex(_init_mutex);
/* If FW is not in UINIT state then shutdown before executing command */
if (psp->sev_state != SEV_STATE_INIT)
sev_platform_shutdown(...);
rc = sev_do_cmd()
mutex_unlock(_init_mutex);
return rc;
}
> Instead, what you have now is that you call INIT and SHUTDOWN
> around SEV_PEK_GEN, SEV_PDH_GEN, SEV_PEK_CSR, SEV_PEK_CERT_IMPORT,
> SEV_PDH_CERT_EXPORT and for all those, the platform must be in INIT
> (for some in WORKING state) but for all in INIT state and "The platform
> remains be in the same state after completion." So the whole SHUTDOWN ->
> INIT wankery in-between is a pure waste of electrons.
>
>> I see that we can do a small optimization -- since we already know
>> the FW state hence we can avoid issuing PSP command when we know for
>> sure that command will fail because we are not in correct state.
> As I said before, you should do that regardless by recording the current
> state of the PSP in variable so that you can save yourself the status
> querying.
>
>> If command needs INIT state and FW is not in INIT state then its safe to
>> transition from UNINIT -> INIT. But if command needs UNINIT state and FW
>> is in INIT state then its not safe to transition -- in those case we
>> simply return EBUSY and let the user retry the command.
> Whatever - that doesn't contradict what I'm proposing.
>
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/27/17 3:27 PM, Borislav Petkov wrote: > On Fri, Oct 27, 2017 at 03:25:24PM -0500, Brijesh Singh wrote: >> Yep, we are doing state transition only when we really need to. At least >> so far I have tried to avoid making any unnecessary state transitions. > So change all those which do INIT -> CMD -> SHUTDOWN to do only the > command as the INIT state is the default state, AFAIU it. > I don't that will work. It may be possible that I am not able to follow what exactly you have in mind. Please let me clarify it, on boot the firmware is in UINIT state. Firmware maintain three states: UINIT, INIT and WORKING. Few commands can be executed in UINIT, several command can be executed in INIT, some command can be executed in WORKING and few commands can be executed in any states (see SEV spec for platform state). We do not have ioctls to issue the INIT and SHUTDOWN command. As I have explained in previous messages, the SHUTDOWN unconditionally destory's the FW context hence we have refrained from providing the access for this command to userspace. My approach is, when userspace issues a command we check if command requires INIT state, if so then we do INIT -> CMD -> SHUTDOWN. If command can be executed in any state then we issue the command . If command need to be executed in UINIT state then we *do not* do SHUTDOWN->CMD, instead we issue the cmd and PSP will fail with error code and caller can check the error code to determine why command failed. If I go with your recommendation then I am not able to see who will transition the platform from UINIT -> INIT so that command can run? Lets try with very simple example: # modprobe ccp /* FW is in INIT state */ # userspace runs ioctl(fd, SEV_USER_PEK_GEN, ) This will fail because PEK_GEN require the platform in INIT state and nobody has done the state transition from INIT -> UINIT. -Brijesh
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/27/17 3:15 PM, Borislav Petkov wrote: > On Fri, Oct 27, 2017 at 06:28:38AM -0500, Brijesh Singh wrote: >> ... User can retry the command sometime later when nobody else is >> using the PSP. > That still doesn't prevent you from doing two things: > > * make that fw_init_count a proper kref instead of your homegrown thing OK, I can use kref in next patch. > > * do not preemptively execute commands on the PSP if you can't possibly > know what the next command is going to be - instead, just put it in the > required state only when you really have to. I.e., don't do all that > unnecessary INIT -> CMD -> SHUTDOWN game for no reason. Yep, we are doing state transition only when we really need to. At least so far I have tried to avoid making any unnecessary state transitions. > Thx. >
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/27/17 2:56 AM, Borislav Petkov wrote:
> On Thu, Oct 26, 2017 at 03:59:32PM -0500, Brijesh Singh wrote:
>> we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP
>> initialization routines after pci_register_driver() is done but #2 can get
>> painful because it will require us calling the SHUTDOWN outside the
>> sp_pci_exit() code flow.
> Ok, do that and init the PSP master and then put the device in UNINIT
> state only in the functions which execute those commands which need the
> device to be in UNINIT state, e.g., wrap the SEV_CMD_FACTORY_RESET glue
> in a command function which does put the device in the UNINIT state as a
> first step.
transiting a platform in UINIT state to handle the FACTORY_RESET can
have a negative consequence.
Consider this scenario:
Process A
-
sev_launch_start(...)
while (count < 1) {
sev_launch_update(...)
}
sev_launch_finish()
...
...
Process B:
-
sev_factory_reset();
If in order to handle the FACTORY_RESET we transition a platform in
UINIT state then it will results as unexpected failure from the
sev_launch_update() because the FACTORY_RESET command remove all the
state information created by sev_launch_start() etc.
I think our design so far is simple, if command require INIT state then
caller executes sev_platform_init(), then command and finish with
sev_platform_shutdown(). If command does not require INIT state, then
simply issue the command. e.g currently, when caller issues
FACTORY_RESET then we pass command directly to PSP and if FW is in INIT
state then FACTORY_RESET returns error (INVALID_STATE/EBUSY) and we
propagate the error code to userspace. User can retry the command
sometime later when nobody else is using the PSP.
>
> Then, when that function is done, put the device in the mode which the
> other commands would expect it to be in, e.g., INIT state.
>
> This way you'll simplify the whole command flow considerably and won't
> have to "toggle" the device each time and will save yourself a lot of
> time on command execution.
>
> Thx.
>
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/26/2017 03:13 PM, Borislav Petkov wrote: On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote: SHUTDOWN command unconditionally transitions a platform to uninitialized state. The command does not care how many processes are actively using the PSP. We don't want to shutdown the firmware while other process is still using it. So why do you have to init and shutdown the PSP each time you execute a command? Why isn't the PSP initialized, *exactly* *once* at driver init and shut down, also exactly once at driver exit? Wish we could do that but the following reasons makes things complicated: 1) The commands must be issued from the PSP master devices, at PSP initialization time we do not know the PSP 'master' device. Hence we will not able to invoke sev_platform_init() during the PSP initialization time. 2) some commands require the platform to be in UNINIT state -- e.g FACTORY_RESET. So, if we do the INIT at the PSP initialization time then we still need to perform the SHUTDOWN outside the normal code flow to handle these commands. we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP initialization routines after pci_register_driver() is done but #2 can get painful because it will require us calling the SHUTDOWN outside the sp_pci_exit() code flow. -Brijesh
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/26/2017 12:44 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 11:56:57AM -0500, Brijesh Singh wrote:
The variable is used as ref counter.
... and it can't be converted to a boolean because...?
SHUTDOWN command unconditionally transitions a platform to uninitialized
state. The command does not care how many processes are actively using
the PSP. We don't want to shutdown the firmware while other process is
still using it.
e.g consider three processes (A, B, C)
Process A:
--
sev_platform_init()
sev_do_cmd(..)
...
...
sev_do_cmd(..)
...
sev_platform_shutdown()
Process B:
---
sev_platform_init()
sev_do_cmd(...)
sev_platform_shutdown()
Process C:
--
sev_platform_init()
sev_do_cmd(...)
sev_do_cmd(...)
sev_do_cmd(...)
sev_platform_shutdown()
As per the SEV spec section 5.1.2 (platform state machine), several
commands require that platform should be initialized before issuing the
actual command. As you can see Process B may finish quickly and SHUTDOWN
from process B will simply uninitialize the firmware and cause
unexpected result to process A and C.
In your previous reply you comments on global semaphore (fw_init_mutex) and
in response I tried to highlight why we need the global semaphore. Did I
misunderstood your comment ?
Yes, what happens if you get preempted while holding the mutex? Will the other
process be able to do anything?
If other process tries to issue the sev_platform_init/shutdown() then
they have to wait.
The sev_platform_init() and sev_platform_shutdown() uses the same global
mutex. See the original code below.
+static int __sev_platform_init(struct sev_data_init *data, int *error)
+{
+ int rc = 0;
+
+ mutex_lock(_init_mutex);
+
+ if (!fw_init_count) {
+ rc = sev_do_cmd(SEV_CMD_INIT, data, error);
+ if (rc)
+ goto unlock;
+ }
+
+ fw_init_count++;
+
+unlock:
+ mutex_unlock(_init_mutex);
+ return rc;
+
+}
+
+int sev_platform_shutdown(int *error)
+{
+ int rc = 0;
+
+ mutex_lock(_init_mutex);
+
+ if (!fw_init_count)
+ goto unlock;
+
+ if (fw_init_count == 1) {
+ rc = sev_do_cmd(SEV_CMD_SHUTDOWN, 0, error);
+ if (rc)
+ goto unlock;
+ }
+
+ fw_init_count--;
+
+unlock:
+ mutex_unlock(_init_mutex);
+ return rc;
+}
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/26/2017 08:56 AM, Borislav Petkov wrote: On Mon, Oct 23, 2017 at 02:57:04PM -0500, Brijesh Singh wrote: Calling PLATFORM_GET_STATUS is not required, we can manage the state through a simple ref count variable. Issuing PSP commands will always be much more expensive compare to accessing a protected global variable. What does "protected" mean here? Access global variable after acquiring the semaphore. In any case, that variable can be a simple bool as you use it as such. I am not using the variable (fw_init_count) as boolean. The variable gets incremented in sev_platform_init() and decremented in sev_platform_shutdown(). In very first call to sev_platform_init (i.e when variable is zero) we issue PLATFORM_INIT command, similarly PLATFORM_SHUTDOWN is issued on the last (i.e when variable value is reached to zero). The variable is used as ref counter. I would prefer to avoid invoking PSP command if possible. Additionally, the global semaphore is still needed to serialize the sev_platform_init() and sev_platform_shutdown() from multiple processes. e.g If process "A" calls sev_platform_init() and if it gets preempted due to whatever reason then we don't want another process to issue the shutdown command while process "A" is in middle of sev_platform_init(). How? You're holding fw_init_mutex. In your previous reply you comments on global semaphore (fw_init_mutex) and in response I tried to highlight why we need the global semaphore. Did I misunderstood your comment ? -Brijesh
Re: [Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)
Hi Herbert and Paolo, On 10/19/17 9:33 PM, Brijesh Singh wrote: > This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM > changes required to create and manage SEV guests. > > SEV is an extension to the AMD-V architecture which supports running encrypted > virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have > their > pages (code and data) secured such that only the guest itself has access to > unencrypted version. Each encrypted VM is associated with a unique encryption > key; > if its data is accessed to a different entity using a different key the > encrypted > guest's data will be incorrectly decrypted, leading to unintelligible data. > This security model ensures that hypervisor will no longer able to inspect or > alter any guest code or data. > > The key management of this feature is handled by a separate processor known as > the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key > Management Specification (see below) provides a set of commands which can be > used by hypervisor to load virtual machine keys through the AMD-SP driver. Since the PSP patches touches both the CCP and KVM driver, hence I was wondering if you guys have any thought on how PSP patches will be merged? I am talking about Patch 9 to 20 from this series. I have ensured that patches apply cleanly on both kvm/master and cryptodev-2.6/master. We can do this in one of two ways: - Paolo can merge the PSP support through the KVM branch or - Herbert can create a topic branch with PSP changes and Paolo can use that topic branch. Any visibility will help my next submission. thank you. -Brijesh
[Part2 PATCH v6.1 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-dev.c | 110 +++
1 file changed, 110 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 108fc06bcdb3..b9f594cb10c1 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -390,6 +390,113 @@ static int sev_ioctl_do_pek_cert_import(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pdh_cert_export(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pdh_cert_export input;
+ void *pdh_blob = NULL, *cert_blob = NULL;
+ struct sev_data_pdh_cert_export *data;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* Userspace wants to query the certificate length */
+ if (!input.pdh_cert_address || !input.pdh_cert_len ||
+ !input.cert_chain_address || !input.cert_chain_address)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the PDH blob */
+ if (!access_ok(VERIFY_WRITE, input.pdh_cert_address,
input.pdh_cert_len) ||
+ (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+ if (!pdh_blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->pdh_cert_address = __psp_pa(pdh_blob);
+ data->pdh_cert_len = input.pdh_cert_len;
+
+ /* allocate a physically contiguous buffer to store the cert chain blob
*/
+ if (!access_ok(VERIFY_WRITE, input.cert_chain_address,
input.cert_chain_len) ||
+ (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free_pdh;
+ }
+
+ cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+ if (!cert_blob) {
+ ret = -ENOMEM;
+ goto e_free_pdh;
+ }
+
+ data->cert_chain_address = __psp_pa(cert_blob);
+ data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_cert;
+
+ ret = sev_do_cmd(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+ /*
+* If we query the length, FW responded with expected data
+*/
+ input.cert_chain_len = data->cert_chain_len;
+ input.pdh_cert_len = data->pdh_cert_len;
+
+ if (sev_platform_shutdown()) {
+ /*
+* If both sev_do_cmd() and sev_platform_shutdown() commands
+* failed then propogate the error code from the sev_do_cmd()
+* because it contains a useful status code for the command
+* failure.
+*/
+ if (ret)
+ goto e_free_cert;
+
+ ret = -EIO;
+ argp->error = err;
+ goto e_free_cert;
+ }
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+
+ if (pdh_blob) {
+ if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+ }
+
+ if (cert_blob) {
+ if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+ ret = -EFAULT;
+ }
+
+e_free_cert:
+ kfree(cert_blob);
+e_free_pdh:
+ kfree(pdh_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -425,6 +532,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
re
[Part2 PATCH v6.1 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-dev.c | 92
include/linux/psp-sev.h | 4 ++
2 files changed, 96 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index aaf1c5cf821d..108fc06bcdb3 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -301,6 +301,95 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
}
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+ void *data;
+
+ if (!uaddr || !len)
+ return ERR_PTR(-EINVAL);
+
+ /* verify that blob length does not exceed our limit */
+ if (len > SEV_FW_BLOB_MAX_SIZE)
+ return ERR_PTR(-EINVAL);
+
+ data = kmalloc(len, GFP_KERNEL);
+ if (!data)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ goto e_free;
+
+ return data;
+
+e_free:
+ kfree(data);
+ return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_cert_import input;
+ struct sev_data_pek_cert_import *data;
+ void *pek_blob, *oca_blob;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* copy PEK certificate blobs from userspace */
+ pek_blob = psp_copy_user_blob(input.pek_cert_address,
input.pek_cert_len);
+ if (IS_ERR(pek_blob)) {
+ ret = PTR_ERR(pek_blob);
+ goto e_free;
+ }
+
+ data->pek_cert_address = __psp_pa(pek_blob);
+ data->pek_cert_len = input.pek_cert_len;
+
+ /* copy PEK certificate blobs from userspace */
+ oca_blob = psp_copy_user_blob(input.oca_cert_address,
input.oca_cert_len);
+ if (IS_ERR(oca_blob)) {
+ ret = PTR_ERR(oca_blob);
+ goto e_free_pek;
+ }
+
+ data->oca_cert_address = __psp_pa(oca_blob);
+ data->oca_cert_len = input.oca_cert_len;
+
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_oca;
+
+ ret = sev_do_cmd(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+ if (sev_platform_shutdown()) {
+ /*
+* If both sev_do_cmd() and sev_platform_shutdown() commands
+* failed then propogate the error code from the sev_do_cmd()
+* because it contains a useful status code for the command
+* failure.
+*/
+ if (ret)
+ goto e_free_oca;
+
+ ret = -EIO;
+ argp->error = err;
+ }
+
+e_free_oca:
+ kfree(oca_blob);
+e_free_pek:
+ kfree(pek_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -333,6 +422,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+ case SEV_PEK_CERT_IMPORT:
+ ret = sev_ioctl_do_pek_cert_import();
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index eac850a97610..d535153ca82d 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -620,6 +620,8 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int
@@ -648,6 +650,8 @@ sev_issue_cmd_external_user(struct file *filep,
return -ENODEV;
}
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return
ERR_PTR(-EINVAL); }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.9.5
[Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-dev.c | 81
1 file changed, 81 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 3672435150cf..aaf1c5cf821d 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_blob;
+
+ ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, >error);
+
+ /*
+* If we query the CSR length, FW responded with expected data
+*/
+ input.length = data->len;
+
+ if (sev_platform_shutdown()) {
+ /*
+* If both sev_do_cmd() and sev_platform_shutdown() commands
+* failed then propogate the error code from the sev_do_cmd()
+* because it contains a useful status code for the command
+* failure.
+*/
+ if (ret)
+ goto e_free_blob;
+
+ ret = -EIO;
+ argp->error = err;
+ goto e_free_blob;
+ }
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-dev.c | 81
1 file changed, 81 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 3672435150cf..aaf1c5cf821d 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_blob;
+
+ ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, >error);
+
+ /*
+* If we query the CSR length, FW responded with expected data
+*/
+ input.length = data->len;
+
+ if (sev_platform_shutdown()) {
+ /*
+* If both sev_do_cmd() and sev_platform_shutdown() commands
+* failed then propogate the error code from the sev_do_cmd()
+* because it contains a useful status code for the command
+* failure.
+*/
+ if (ret)
+ goto e_free_blob;
+
+ ret = -EIO;
+ argp->error = err;
+ goto e_free_blob;
+ }
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+ ret = -EFAULT;
+ goto e_free_blob;
+ }
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6.1 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-dev.c | 31 +++
1 file changed, 31 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index dd4bab143de9..18e2d8291997 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -195,6 +195,34 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int ret, err;
+
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ return ret;
+
+ ret = sev_do_cmd(cmd, 0, >error);
+
+ if (sev_platform_shutdown()) {
+ /*
+* If both sev_do_cmd() and sev_platform_shutdown() commands
+* failed then propogate the error code from the sev_do_cmd()
+* because it contains a useful status code for the command
+* failure.
+*/
+ if (ret)
+ goto done;
+
+ argp->error = err;
+ ret = -EIO;
+ }
+
+done:
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -218,6 +246,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/23/2017 02:34 AM, Borislav Petkov wrote:
...
Just minor cleanups:
Thanks Boris, I have applied your cleanups.
-Brijesh
---
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index e9966d5fc6c4..f9a9a6e6ab99 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -31,7 +31,7 @@
static DEFINE_MUTEX(sev_cmd_mutex);
static DEFINE_MUTEX(fw_init_mutex);
-static struct sev_misc_dev *sev_misc_dev;
+static struct sev_misc_dev *misc_dev;
static int fw_init_count;
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
@@ -299,14 +299,14 @@ static int sev_ops_init(struct psp_device *psp)
* sev_do_cmd() finds the right master device to which to issue the
* command to the firmware.
*/
- if (!sev_misc_dev) {
+ if (!misc_dev) {
struct miscdevice *misc;
- sev_misc_dev = devm_kzalloc(dev, sizeof(*sev_misc_dev), GFP_KERNEL);
- if (!sev_misc_dev)
+ misc_dev = devm_kzalloc(dev, sizeof(*misc_dev), GFP_KERNEL);
+ if (!misc_dev)
return -ENOMEM;
- misc = _misc_dev->misc;
+ misc = _dev->misc;
misc->minor = MISC_DYNAMIC_MINOR;
misc->name = DEVICE_NAME;
misc->fops = _fops;
@@ -315,13 +315,13 @@ static int sev_ops_init(struct psp_device *psp)
if (ret)
return ret;
- kref_init(_misc_dev->refcount);
+ kref_init(_dev->refcount);
} else {
- kref_get(_misc_dev->refcount);
+ kref_get(_dev->refcount);
}
init_waitqueue_head(>sev_int_queue);
- psp->sev_misc = sev_misc_dev;
+ psp->sev_misc = misc_dev;
dev_info(dev, "registered SEV device\n");
return 0;
@@ -340,9 +340,9 @@ static int sev_init(struct psp_device *psp)
static void sev_exit(struct kref *ref)
{
- struct sev_misc_dev *sev_dev = container_of(ref, struct sev_misc_dev,
refcount);
+ struct sev_misc_dev *misc_dev = container_of(ref, struct sev_misc_dev,
refcount);
- misc_deregister(_dev->misc);
+ misc_deregister(_dev->misc);
}
int psp_dev_init(struct sp_device *sp)
@@ -405,7 +405,7 @@ void psp_dev_destroy(struct sp_device *sp)
struct psp_device *psp = sp->psp_data;
if (psp->sev_misc)
- kref_put(_misc_dev->refcount, sev_exit);
+ kref_put(_dev->refcount, sev_exit);
sp_free_psp_irq(sp, psp);
}
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 21511419bfe6..eac850a97610 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -525,7 +525,7 @@ int sev_platform_shutdown(int *error);
/**
* sev_platform_status - perform SEV PLATFORM_STATUS command
*
- * @init: sev_data_status structure to be processed
+ * @status: sev_user_data_status structure to be processed
* @error: SEV command return code
*
* Returns:
Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
On 10/23/2017 09:10 AM, Borislav Petkov wrote: On Mon, Oct 23, 2017 at 08:32:57AM -0500, Brijesh Singh wrote: If both the command fails then we return status from the last command. IIRC, in my previous patches I was returning status from sev_do_cmd() instead of sev_platform_shutdown() but based on our previous communication I thought you asked to return the status from the last failed command. Did I miss understood ? So my problem is that it looks strange that you save an error value from sev_do_cmd() but you don't look at it. And as I said in the other mail, you should either ignore it and say so in a comment why it is OK to ignore it or handle it but not overwrite it without looking at it. Does that make more sense? I see your point, if both commands failed then I am now inclined towards ignoring the error code from shutdown command and add some comments explaining why its OK. thanks -Brijesh
Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/23/2017 04:20 AM, Borislav Petkov wrote:
On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote:
+static int __sev_platform_init(struct sev_data_init *data, int *error)
+{
+ int rc = 0;
+
+ mutex_lock(_init_mutex);
+
+ if (!fw_init_count) {
I still don't like global semaphores. Can you get the status and check
for PSTATE.INIT state and do the init only if the platform is in
PSTATE.UNINIT?
Calling PLATFORM_GET_STATUS is not required, we can manage the state
through a simple ref count variable. Issuing PSP commands will always be
much more expensive compare to accessing a protected global variable. I
would prefer to avoid invoking PSP command if possible. Additionally,
the global semaphore is still needed to serialize the
sev_platform_init() and sev_platform_shutdown() from multiple processes.
e.g If process "A" calls sev_platform_init() and if it gets preempted
due to whatever reason then we don't want another process to issue the
shutdown command while process "A" is in middle of sev_platform_init().
-Brijesh
Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
On 10/23/17 7:32 AM, Borislav Petkov wrote: > On Mon, Oct 23, 2017 at 07:15:30AM -0500, Brijesh Singh wrote: >> I am not sure if I am able to understand your feedback. The >> sev_platform_shutdown() is called unconditionally. > How's that: > > If sev_do_cmd() fails and sev_do_cmd(SEV_CMD_SHUTDOWN, ...) in > sev_platform_shutdown() fails, then the first ret from sev_do_cmd() is > gone. If both the command fails then we return status from the last command. IIRC, in my previous patches I was returning status from sev_do_cmd() instead of sev_platform_shutdown() but based on our previous communication I thought you asked to return the status from the last failed command. Did I miss understood ? -Brijesh
Re: [Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
On 10/23/17 4:32 AM, Borislav Petkov wrote:
...
>> +static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
>> +{
>> +int ret, err;
>> +
>> +ret = sev_platform_init(NULL, >error);
>> +if (ret)
>> +return ret;
>> +
>> +ret = sev_do_cmd(cmd, 0, >error);
> So this ret value gets potentially overwritten here. You need
> to either handle the case properly when sev_do_cmd() fails and
> sev_platform_shutdown() gets to issue SEV_CMD_SHUTDOWN (i.e., when it
> gets overwritten), or not write into ret at all by initializing it to 0
> at function entry.
>
I am not sure if I am able to understand your feedback. The
sev_platform_shutdown() is called unconditionally.
1) if sev_do_cmd() fails and sev_platform_shutdown() was success then
'ret' will contain the error code from sev_do_cmd().
2) if sev_do_cmd() was success but sev_platform_shutdown() fails then
'ret' will contain the error code from sev_platform_shutdown()
3) if both sev_do_cmd() and sev_platform_shutdown() fails then 'ret'
will contain error code from the sev_platform_shutdown().
[Part2 PATCH v6 00/38] x86: Secure Encrypted Virtualization (AMD)
This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.
SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have
their
pages (code and data) secured such that only the guest itself has access to
unencrypted version. Each encrypted VM is associated with a unique encryption
key;
if its data is accessed to a different entity using a different key the
encrypted
guest's data will be incorrectly decrypted, leading to unintelligible data.
This security model ensures that hypervisor will no longer able to inspect or
alter any guest code or data.
The key management of this feature is handled by a separate processor known as
the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key
Management Specification (see below) provides a set of commands which can be
used by hypervisor to load virtual machine keys through the AMD-SP driver.
The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPTION_OP). The
ioctl will be used by qemu to issue SEV guest-specific commands defined in Key
Management Specification.
The following links provide additional details:
AMD Memory Encryption whitepaper:
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
AMD64 Architecture Programmer's Manual:
http://support.amd.com/TechDocs/24593.pdf
SME is section 7.10
SEV is section 15.34
Secure Encrypted Virutualization Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
KVM Forum Presentation:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
SEV Guest BIOS support:
SEV support has been interated into EDKII/OVMF BIOS
https://github.com/tianocore/edk2
SEV Part 1 patch series: https://marc.info/?l=kvm=150816835817641=2
--
The series is based on kvm/master commit : cc9085b68753 (Merge branch
'kvm-ppc-fixes')
Complete tree is available at:
repo: https://github.com/codomania/kvm.git
branch: sev-v6-p2
TODO:
* Add SEV guest migration command support
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim KrÄÂmář" <rkrc...@redhat.com>
Cc: Joerg Roedel <j...@8bytes.org>
Cc: Borislav Petkov <b...@suse.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: David S. Miller <da...@davemloft.net>
Cc: Gary Hook <gary.h...@amd.com>
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Changes since v5:
* split the PSP driver support into multiple patches
* multiple improvements from Boris
* remove mem_enc_enabled() ops
Changes since v4:
* Fixes to address kbuild robot errors
* Add 'sev' module params to allow enable/disable SEV feature
* Update documentation
* Multiple fixes to address v4 feedbacks
* Some coding style changes to address checkpatch reports
Changes since v3:
* Re-design the PSP interface support patch
* Rename the ioctls based on the feedbacks
* Improve documentation
* Fix i386 build issues
* Add LAUNCH_SECRET command
* Add new Kconfig option to enable SEV support
* Changes to address v3 feedbacks.
Changes since v2:
* Add KVM_MEMORY_ENCRYPT_REGISTER/UNREGISTER_RAM ioct to register encrypted
memory ranges (recommend by Paolo)
* Extend kvm_x86_ops to provide new memory_encryption_enabled ops
* Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \
(recommended by Paolo)
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
(SEV)
KVM: SVM: Prepare to reserve asid for SEV guest
KVM: X86: Extend CPUID range to include new leaf
KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl
crypto: ccp: Define SEV userspace ioctl and command id
crypto: ccp: Define SEV key management command id
crypto: ccp: Add Platform Security Processor (PSP) device support
crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
crypto: ccp: Implement SEV_PEK_GEN ioctl command
crypto: ccp: Implement SEV_PDH_GEN ioctl command
crypto: ccp: Implement SEV_PEK_CSR ioctl command
crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
KVM:
[Part2 PATCH v6 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
From: Borislav Petkov <b...@suse.de> This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled or on ARM64 where it is also used. Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Gary Hook <gary.h...@amd.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-crypto@vger.kernel.org --- drivers/crypto/ccp/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index 6d626606b9c5..9c84f9838931 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -1,5 +1,6 @@ config CRYPTO_DEV_CCP_DD tristate "Secure Processor device driver" + depends on CPU_SUP_AMD || ARM64 default m help Provides AMD Secure Processor device driver. -- 2.9.5
[Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:
http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Extend the AMD-SP driver to provide the following support:
- an in-kernel API to communicate with the SEV firmware. The API can be
used by the hypervisor to create encryption context for a SEV guest.
- a userspace IOCTL to manage the platform certificates.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 306 +++
drivers/crypto/ccp/psp-dev.h | 21 +++
include/linux/psp-sev.h | 159 ++
3 files changed, 486 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..e9966d5fc6c4 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,14 @@
#include "sp-dev.h"
#include "psp-dev.h"
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static DEFINE_MUTEX(fw_init_mutex);
+
+static struct sev_misc_dev *sev_misc_dev;
+static int fw_init_count;
+
static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{
struct device *dev = sp->dev;
@@ -45,9 +53,298 @@ static struct psp_device *psp_alloc_struct(struct sp_device
*sp)
static irqreturn_t psp_irq_handler(int irq, void *data)
{
+ struct psp_device *psp = data;
+ unsigned int status;
+ int reg;
+
+ /* Read the interrupt status: */
+ status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+ /* Check if it is command completion: */
+ if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+ goto done;
+
+ /* Check if it is SEV command completion: */
+ reg = ioread32(psp->io_regs + PSP_CMDRESP);
+ if (reg & PSP_CMDRESP_RESP) {
+ psp->sev_int_rcvd = 1;
+ wake_up(>sev_int_queue);
+ }
+
+done:
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
}
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+ psp->sev_int_rcvd = 0;
+
+ wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+ *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+ switch (cmd) {
+ case SEV_CMD_INIT: return sizeof(struct
sev_data_init);
+ case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
sev_user_data_status);
+ case SEV_CMD_PEK_CSR: return sizeof(struct
sev_data_pek_csr);
+ case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct
sev_data_pek_cert_import);
+ case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct
sev_data_pdh_cert_export);
+ case SEV_CMD_LAUNCH_START: return sizeof(struct
sev_data_launch_start);
+ case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct
sev_data_launch_update_data);
+ case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct
sev_data_launch_update_vmsa);
+ case SEV_CMD_LAUNCH_FINISH: return sizeof(struct
sev_data_launch_finish);
+ case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct
sev_data_launch_measure);
+ case SEV_CMD_ACTIVATE: return sizeof(struct
sev_data_activate);
+ case SEV_CMD_DEACTIVATE:return sizeof(struct
sev_data_deactivate);
+ case SEV_CMD_DECOMMISSION: return sizeof(struct
sev_data_decommission);
+ case SEV_CMD_GUEST_STATUS: return sizeof(struct
sev_data_guest_status);
+ case SEV_CMD_DBG_DECRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_DBG_ENCRYPT: return sizeof(struct
sev_data_dbg);
+ case SEV_CMD_SEND_START:return sizeof(struct
sev_data_send_start);
+ case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct
sev_data_send_update_data);
+ case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct
sev_data_send_update_vmsa);
+ case SEV_CMD_SEND_FINISH: return size
[Part2 PATCH v6 10/38] crypto: ccp: Define SEV userspace ioctl and command id
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
include/uapi/linux/psp-sev.h | 113 +++
1 file changed, 113 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
new file mode 100644
index ..1dd98ba4ff22
--- /dev/null
+++ b/include/uapi/linux/psp-sev.h
@@ -0,0 +1,113 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include
+
+/**
+ * SEV platform commands
+ */
+enum {
+ SEV_FACTORY_RESET = 0,
+ SEV_PLATFORM_STATUS,
+ SEV_PEK_GEN,
+ SEV_PEK_CSR,
+ SEV_PDH_GEN,
+ SEV_PDH_CERT_EXPORT,
+ SEV_PEK_CERT_IMPORT,
+
+ SEV_MAX,
+};
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+ __u8 api_major; /* Out */
+ __u8 api_minor; /* Out */
+ __u8 state; /* Out */
+ __u32 flags;/* Out */
+ __u8 build; /* Out */
+ __u32 guest_count; /* Out */
+} __packed;
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+ __u64 address; /* In */
+ __u32 length; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+ __u64 pek_cert_address; /* In */
+ __u32 pek_cert_len; /* In */
+ __u64 oca_cert_address; /* In */
+ __u32 oca_cert_len; /* In */
+} __packed;
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+ __u64 pdh_cert_address; /* In */
+ __u32 pdh_cert_len; /* In/Out */
+ __u64 cert_chain_address; /* In */
+ __u32 cert_chain_len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error: SEV FW return code on failure
+ */
+struct sev_issue_cmd {
+ __u32 cmd; /* In */
+ __u64 data; /* In */
+ __u32 error;/* Out */
+} __packed;
+
+#define SEV_IOC_TYPE 'S'
+#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
+
+#endif /* __PSP_USER_SEV_H */
--
2.9.5
[Part2 PATCH v6 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 28 +++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index e9966d5fc6c4..99f3761206da 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -176,7 +176,33 @@ static int sev_do_cmd(int cmd, void *data, int *psp_ret)
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
- return -ENOTTY;
+ void __user *argp = (void __user *)arg;
+ struct sev_issue_cmd input;
+ int ret = -EFAULT;
+
+ if (ioctl != SEV_ISSUE_CMD)
+ return -EINVAL;
+
+ if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+ return -EFAULT;
+
+ if (input.cmd > SEV_MAX)
+ return -EINVAL;
+
+ switch (input.cmd) {
+
+ case SEV_FACTORY_RESET:
+ ret = sev_do_cmd(SEV_CMD_FACTORY_RESET, 0, );
+ break;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+ ret = -EFAULT;
+out:
+ return ret;
}
static const struct file_operations sev_fops = {
--
2.9.5
[Part2 PATCH v6 11/38] crypto: ccp: Define SEV key management command id
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM [1] spec
0.14.
[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
include/linux/psp-sev.h | 494
1 file changed, 494 insertions(+)
create mode 100644 include/linux/psp-sev.h
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
new file mode 100644
index ..15bda519538e
--- /dev/null
+++ b/include/linux/psp-sev.h
@@ -0,0 +1,494 @@
+/*
+ * AMD Secure Encrypted Virtualization (SEV) driver interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_H__
+#define __PSP_SEV_H__
+
+#include
+
+#ifdef CONFIG_X86
+#include
+
+#define __psp_pa(x)__sme_pa(x)
+#else
+#define __psp_pa(x)__pa(x)
+#endif
+
+#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */
+
+/**
+ * SEV platform state
+ */
+enum sev_state {
+ SEV_STATE_UNINIT= 0x0,
+ SEV_STATE_INIT = 0x1,
+ SEV_STATE_WORKING = 0x2,
+
+ SEV_STATE_MAX
+};
+
+/**
+ * SEV platform and guest management commands
+ */
+enum sev_cmd {
+ /* platform commands */
+ SEV_CMD_INIT= 0x001,
+ SEV_CMD_SHUTDOWN= 0x002,
+ SEV_CMD_FACTORY_RESET = 0x003,
+ SEV_CMD_PLATFORM_STATUS = 0x004,
+ SEV_CMD_PEK_GEN = 0x005,
+ SEV_CMD_PEK_CSR = 0x006,
+ SEV_CMD_PEK_CERT_IMPORT = 0x007,
+ SEV_CMD_PDH_CERT_EXPORT = 0x008,
+ SEV_CMD_PDH_GEN = 0x009,
+ SEV_CMD_DF_FLUSH= 0x00A,
+
+ /* Guest commands */
+ SEV_CMD_DECOMMISSION= 0x020,
+ SEV_CMD_ACTIVATE= 0x021,
+ SEV_CMD_DEACTIVATE = 0x022,
+ SEV_CMD_GUEST_STATUS= 0x023,
+
+ /* Guest launch commands */
+ SEV_CMD_LAUNCH_START= 0x030,
+ SEV_CMD_LAUNCH_UPDATE_DATA = 0x031,
+ SEV_CMD_LAUNCH_UPDATE_VMSA = 0x032,
+ SEV_CMD_LAUNCH_MEASURE = 0x033,
+ SEV_CMD_LAUNCH_UPDATE_SECRET= 0x034,
+ SEV_CMD_LAUNCH_FINISH = 0x035,
+
+ /* Guest migration commands (outgoing) */
+ SEV_CMD_SEND_START = 0x040,
+ SEV_CMD_SEND_UPDATE_DATA= 0x041,
+ SEV_CMD_SEND_UPDATE_VMSA= 0x042,
+ SEV_CMD_SEND_FINISH = 0x043,
+
+ /* Guest migration commands (incoming) */
+ SEV_CMD_RECEIVE_START = 0x050,
+ SEV_CMD_RECEIVE_UPDATE_DATA = 0x051,
+ SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052,
+ SEV_CMD_RECEIVE_FINISH = 0x053,
+
+ /* Guest debug commands */
+ SEV_CMD_DBG_DECRYPT = 0x060,
+ SEV_CMD_DBG_ENCRYPT = 0x061,
+
+ SEV_CMD_MAX,
+};
+
+/**
+ * status code returned by the commands
+ */
+enum psp_ret_code {
+ SEV_RET_SUCCESS = 0,
+ SEV_RET_INVALID_PLATFORM_STATE,
+ SEV_RET_INVALID_GUEST_STATE,
+ SEV_RET_INAVLID_CONFIG,
+ SEV_RET_INVALID_len,
+ SEV_RET_ALREADY_OWNED,
+ SEV_RET_INVALID_CERTIFICATE,
+ SEV_RET_POLICY_FAILURE,
+ SEV_RET_INACTIVE,
+ SEV_RET_INVALID_ADDRESS,
+ SEV_RET_BAD_SIGNATURE,
+ SEV_RET_BAD_MEASUREMENT,
+ SEV_RET_ASID_OWNED,
+ SEV_RET_INVALID_ASID,
+ SEV_RET_WBINVD_REQUIRED,
+ SEV_RET_DFFLUSH_REQUIRED,
+ SEV_RET_INVALID_GUEST,
+ SEV_RET_INVALID_COMMAND,
+ SEV_RET_ACTIVE,
+ SEV_RET_HWSEV_RET_PLATFORM,
+ SEV_RET_HWSEV_RET_UNSAFE,
+ SEV_RET_UNSUPPORTED,
+ SEV_RET_MAX,
+};
+
+/**
+ * struct sev_data_init - INIT command parameters
+ *
+ * @flags: processing flags
+ * @tmr_address: system physical address used for SEV-ES
+ * @tmr_len: len of tmr_address
+ */
+struct sev_data_init {
+ u32 flags; /* In */
+ u32 reserved; /* In *
[Part2 PATCH v6 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 24
1 file changed, 24 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 99f3761206da..5c921b36bc23 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -174,6 +174,27 @@ static int sev_do_cmd(int cmd, void *data, int *psp_ret)
return ret;
}
+static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_status *data;
+ int ret;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ ret = sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, >error);
+ if (ret)
+ goto e_free;
+
+ if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
+ ret = -EFAULT;
+
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -194,6 +215,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_FACTORY_RESET:
ret = sev_do_cmd(SEV_CMD_FACTORY_RESET, 0, );
break;
+ case SEV_PLATFORM_STATUS:
+ ret = sev_ioctl_do_platform_status();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 99
1 file changed, 99 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 89242d4d1067..ad4f67bc0d71 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -359,6 +359,102 @@ static int sev_ioctl_do_pek_cert_import(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pdh_cert_export(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pdh_cert_export input;
+ void *pdh_blob = NULL, *cert_blob = NULL;
+ struct sev_data_pdh_cert_export *data;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* Userspace wants to query the certificate length */
+ if (!input.pdh_cert_address || !input.pdh_cert_len ||
+ !input.cert_chain_address || !input.cert_chain_address)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the PDH blob */
+ if (!access_ok(VERIFY_WRITE, input.pdh_cert_address,
input.pdh_cert_len) ||
+ (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+ if (!pdh_blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->pdh_cert_address = __psp_pa(pdh_blob);
+ data->pdh_cert_len = input.pdh_cert_len;
+
+ /* allocate a physically contiguous buffer to store the cert chain blob
*/
+ if (!access_ok(VERIFY_WRITE, input.cert_chain_address,
input.cert_chain_len) ||
+ (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) {
+ ret = -EFAULT;
+ goto e_free_pdh;
+ }
+
+ cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+ if (!cert_blob) {
+ ret = -ENOMEM;
+ goto e_free_pdh;
+ }
+
+ data->cert_chain_address = __psp_pa(cert_blob);
+ data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_cert;
+
+ ret = sev_do_cmd(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+ /*
+* If we query the length, FW responded with expected data
+*/
+ input.cert_chain_len = data->cert_chain_len;
+ input.pdh_cert_len = data->pdh_cert_len;
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input)))
+ ret = -EFAULT;
+
+ if (sev_platform_shutdown()) {
+ ret = -EIO;
+ argp->error = err;
+ goto e_free_cert;
+ }
+
+ if (pdh_blob) {
+ if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+ ret = -EFAULT;
+ goto e_free_cert;
+ }
+ }
+
+ if (cert_blob) {
+ if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+ ret = -EFAULT;
+ }
+
+e_free_cert:
+ kfree(cert_blob);
+e_free_pdh:
+ kfree(pdh_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -394,6 +490,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_do_pek_cert_import();
break;
+ case SEV_PDH_CERT_EXPORT:
+ ret = sev_ioctl_do_pdh_cert_export();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 5c921b36bc23..1d7212da25a5 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -195,6 +195,24 @@ static int sev_ioctl_do_platform_status(struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+ int ret, err;
+
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ return ret;
+
+ ret = sev_do_cmd(cmd, 0, >error);
+
+ if (sev_platform_shutdown()) {
+ argp->error = err;
+ ret = -EIO;
+ }
+
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -218,6 +236,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+ case SEV_PEK_GEN:
+ ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
[Part2 PATCH v6 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.
Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 105 +++
drivers/crypto/ccp/psp-dev.h | 59
drivers/crypto/ccp/sp-dev.c | 26 +++
drivers/crypto/ccp/sp-dev.h | 24 +-
drivers/crypto/ccp/sp-pci.c | 52 +
7 files changed, 277 insertions(+), 1 deletion(-)
create mode 100644 drivers/crypto/ccp/psp-dev.c
create mode 100644 drivers/crypto/ccp/psp-dev.h
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 9c84f9838931..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
Support for using the cryptographic API with the AMD Cryptographic
Coprocessor. This module supports offload of SHA and AES algorithms.
If you choose 'M' here, this module will be called ccp_crypto.
+
+config CRYPTO_DEV_SP_PSP
+ bool "Platform Security Processor (PSP) device"
+ default y
+ depends on CRYPTO_DEV_CCP_DD && X86_64
+ help
+Provide support for the AMD Platform Security Processor (PSP).
+The PSP is a dedicated processor that provides support for key
+management commands in Secure Encrypted Virtualization (SEV) mode,
+along with software-based Trusted Execution Environment (TEE) to
+enable third-party trusted applications.
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index 57f8debfcfb3..008bae7e26ec 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -7,6 +7,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \
ccp-debugfs.o
ccp-$(CONFIG_PCI) += sp-pci.o
+ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
new file mode 100644
index ..b5789f878560
--- /dev/null
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -0,0 +1,105 @@
+/*
+ * AMD Platform Security Processor (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.si...@amd.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "sp-dev.h"
+#include "psp-dev.h"
+
+static struct psp_device *psp_alloc_struct(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+
+ psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
+ if (!psp)
+ return NULL;
+
+ psp->dev = dev;
+ psp->sp = sp;
+
+ snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
+
+ return psp;
+}
+
+static irqreturn_t psp_irq_handler(int irq, void *data)
+{
+ return IRQ_HANDLED;
+}
+
+int psp_dev_init(struct sp_device *sp)
+{
+ struct device *dev = sp->dev;
+ struct psp_device *psp;
+ int ret;
+
+ ret = -ENOMEM;
+ psp = psp_alloc_struct(sp);
+ if (!psp)
+ goto e_err;
+
+ sp->psp_data = psp;
+
+ psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
+ if (!psp->vdata) {
+ ret = -ENODEV;
+ dev_err(dev, "missing driver data\n");
+ goto e_err;
+ }
+
+ psp->io_regs = sp->io_map + psp->vdata->offset;
+
+ /* Disable and clear interrupts until ready */
+ iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
[Part2 PATCH v6 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command
The SEV_PDH_GEN command is used to re-generate the Platform Diffie-Hellman (PDH) key. The command is defined in SEV spec section 5.6. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-crypto@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 1d7212da25a5..d9771d104eea 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -239,6 +239,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, ); break; + case SEV_PDH_GEN: + ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, ); + break; default: ret = -EINVAL; goto out; -- 2.9.5
[Part2 PATCH v6 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 83
include/linux/psp-sev.h | 4 +++
2 files changed, 87 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 26a365c9b0e0..89242d4d1067 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -279,6 +279,86 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
}
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+ void *data;
+
+ if (!uaddr || !len)
+ return ERR_PTR(-EINVAL);
+
+ /* verify that blob length does not exceed our limit */
+ if (len > SEV_FW_BLOB_MAX_SIZE)
+ return ERR_PTR(-EINVAL);
+
+ data = kmalloc(len, GFP_KERNEL);
+ if (!data)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ goto e_free;
+
+ return data;
+
+e_free:
+ kfree(data);
+ return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_cert_import input;
+ struct sev_data_pek_cert_import *data;
+ void *pek_blob, *oca_blob;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* copy PEK certificate blobs from userspace */
+ pek_blob = psp_copy_user_blob(input.pek_cert_address,
input.pek_cert_len);
+ if (IS_ERR(pek_blob)) {
+ ret = PTR_ERR(pek_blob);
+ goto e_free;
+ }
+
+ data->pek_cert_address = __psp_pa(pek_blob);
+ data->pek_cert_len = input.pek_cert_len;
+
+ /* copy PEK certificate blobs from userspace */
+ oca_blob = psp_copy_user_blob(input.oca_cert_address,
input.oca_cert_len);
+ if (IS_ERR(oca_blob)) {
+ ret = PTR_ERR(oca_blob);
+ goto e_free_pek;
+ }
+
+ data->oca_cert_address = __psp_pa(oca_blob);
+ data->oca_cert_len = input.oca_cert_len;
+
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_oca;
+
+ ret = sev_do_cmd(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+ if (sev_platform_shutdown()) {
+ ret = -EIO;
+ argp->error = err;
+ }
+
+e_free_oca:
+ kfree(oca_blob);
+e_free_pek:
+ kfree(pek_blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -311,6 +391,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+ case SEV_PEK_CERT_IMPORT:
+ ret = sev_ioctl_do_pek_cert_import();
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 21511419bfe6..f9113d315cf8 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -620,6 +620,8 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int
@@ -648,6 +650,8 @@ sev_issue_cmd_external_user(struct file *filep,
return -ENODEV;
}
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return
ERR_PTR(-EINVAL); }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.9.5
[Part2 PATCH v6 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: "Radim Krčmář" <rkrc...@redhat.com>
Cc: Borislav Petkov <b...@suse.de>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Gary Hook <gary.h...@amd.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
drivers/crypto/ccp/psp-dev.c | 69
1 file changed, 69 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index d9771d104eea..26a365c9b0e0 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -213,6 +213,72 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct
sev_issue_cmd *argp)
return ret;
}
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+ struct sev_user_data_pek_csr input;
+ struct sev_data_pek_csr *data;
+ void *blob = NULL;
+ int ret, err;
+
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+
+ /* userspace wants to query CSR length */
+ if (!input.address || !input.length)
+ goto cmd;
+
+ /* allocate a physically contiguous buffer to store the CSR blob */
+ if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+ input.length > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EFAULT;
+ goto e_free;
+ }
+
+ blob = kmalloc(input.length, GFP_KERNEL);
+ if (!blob) {
+ ret = -ENOMEM;
+ goto e_free;
+ }
+
+ data->address = __psp_pa(blob);
+ data->len = input.length;
+
+cmd:
+ ret = sev_platform_init(NULL, >error);
+ if (ret)
+ goto e_free_blob;
+
+ ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, >error);
+
+ /*
+* If we query the CSR length, FW responded with expected data
+*/
+ input.length = data->len;
+
+ if (blob) {
+ if (copy_to_user((void __user *)input.address, blob,
input.length))
+ ret = -EFAULT;
+ }
+
+ if (sev_platform_shutdown()) {
+ ret = -EIO;
+ argp->error = err;
+ }
+
+ if (copy_to_user((void __user *)argp->data, , sizeof(input)))
+ ret = -EFAULT;
+
+e_free_blob:
+ kfree(blob);
+e_free:
+ kfree(data);
+ return ret;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -242,6 +308,9 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+ case SEV_PEK_CSR:
+ ret = sev_ioctl_do_pek_csr();
+ break;
default:
ret = -EINVAL;
goto out;
--
2.9.5
Re: [Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
On 10/13/2017 09:53 AM, Borislav Petkov wrote:
...
- if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ if (copy_from_user(data, (void __user *)uaddr, len))
goto e_free;
IIRC, typecast was needed for i386 build, but now we have depends on
X86_64 hence I will go ahead and remove the typecast from all other places.
return data;
@@ -409,8 +409,7 @@ static int sev_ioctl_pek_cert_import(struct sev_issue_cmd
*argp)
int ret, state, do_shutdown = 0;
void *pek_blob, *oca_blob;
- if (copy_from_user(, (void __user *)(uintptr_t) argp->data,
- sizeof(struct sev_user_data_pek_cert_import)))
+ if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
data = kzalloc(sizeof(*data), GFP_KERNEL);
@@ -456,10 +455,10 @@ static int sev_ioctl_pek_cert_import(struct sev_issue_cmd
*argp)
do_shutdown = 1;
}
- ret = sev_handle_cmd(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+ ret = sev_do_cmd(SEV_CMD_PEK_CERT_IMPORT, data, >error);
if (do_shutdown)
- sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL);
+ sev_do_cmd(SEV_CMD_SHUTDOWN, 0, NULL);
e_free_oca:
kfree(oca_blob);
@@ -503,14 +502,14 @@ static long sev_ioctl(struct file *file, unsigned int
ioctl, unsigned long arg)
ret = sev_ioctl_pdh_gen();
break;
- case SEV_PEK_CSR: {
+ case SEV_PEK_CSR:
ret = sev_ioctl_pek_csr();
break;
- }
- case SEV_PEK_CERT_IMPORT: {
+
+ case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_pek_cert_import();
break;
- }
+
default:
ret = -EINVAL;
goto out;
Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command
On 10/12/17 9:24 PM, Brijesh Singh wrote:
>
> On 10/12/17 2:53 PM, Borislav Petkov wrote:
> ...
>
>> Ok, a couple of things here:
>>
>> * Move the checks first and the allocations second so that you allocate
>> memory only after all checks have been passed and you don't allocate
>> pointlessly.
>
> I assume you mean performing the SEV state check before allocating the
> memory for the CSR blob, right ? In my patches, I typically perform all
> the SW specific checks and allocation before invoking the HW routines.
> Handling the PSP commands will take longer compare to kmalloc() or
> access_ok() etc. If its not a big deal then I would prefer to keep that
> way.
>
>
>> * That:
>>
>> if (state == SEV_STATE_WORKING) {
>> ret = -EBUSY;
>> goto e_free_blob;
>> } else if (state == SEV_STATE_UNINIT) {
>> ret = sev_firmware_init(>error);
>> if (ret)
>> goto e_free_blob;
>> do_shutdown = 1;
>> }
>>
>> is a repeating pattern. Perhaps it should be called
>> sev_firmware_reinit() and called by other functions.
>
>> * The rest is simplifications and streamlining.
>>
>> ---
>> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
>> index e3ee68afd068..d41f5448a25b 100644
>> --- a/drivers/crypto/ccp/psp-dev.c
>> +++ b/drivers/crypto/ccp/psp-dev.c
>> @@ -302,33 +302,30 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd
>> *argp)
>> int ret, state;
>> void *blob;
>>
>> -if (copy_from_user(, (void __user *)(uintptr_t)argp->data,
>> - sizeof(struct sev_user_data_pek_csr)))
>> +if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
>> +return -EFAULT;
>> +
>> +if (!input.address)
>> +return -EINVAL;
>> +
As per the spec, its perfectly legal to pass input.address = 0x0 and
input.length = 0x0. If userspace wants to query CSR length then it will
fill all the fields with. In response, FW will return error
(LENGTH_TO_SMALL) and input.length will be filled with the expected
length. Several command work very similar (e.g PEK_CSR,
PEK_CERT_EXPORT). A typical usage from userspace will be:
- query the length of the blob (call command with all fields set to zero)
- SEV FW will response with expected length
- userspace allocate the blob and retries the command.
>> +/* allocate a physically contiguous buffer to store the CSR blob */
>> +if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
>> +input.length > SEV_FW_BLOB_MAX_SIZE)
>> return -EFAULT;
>>
>> data = kzalloc(sizeof(*data), GFP_KERNEL);
>> if (!data)
>> return -ENOMEM;
>>
>> -/* allocate a temporary physical contigous buffer to store the CSR blob
>> */
>> -blob = NULL;
>> -if (input.address) {
>> -if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
>> -input.length > SEV_FW_BLOB_MAX_SIZE) {
>> -ret = -EFAULT;
>> -goto e_free;
>> -}
>> -
>> -blob = kmalloc(input.length, GFP_KERNEL);
>> -if (!blob) {
>> -ret = -ENOMEM;
>> -goto e_free;
>> -}
>> -
>> -data->address = __psp_pa(blob);
>> -data->len = input.length;
>> +blob = kmalloc(input.length, GFP_KERNEL);
>> +if (!blob) {
>> +ret = -ENOMEM;
>> +goto e_free;
>> }
>>
>> +data->address = __psp_pa(blob);
>> +data->len = input.length;
>> +
>> ret = sev_platform_get_state(, >error);
>> if (ret)
>> goto e_free_blob;
>> @@ -349,25 +346,23 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd
>> *argp)
>> do_shutdown = 1;
>> }
>>
>> -ret = sev_handle_cmd(SEV_CMD_PEK_CSR, data, >error);
>> +ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, >error);
>>
>> input.length = data->len;
>>
>> /* copy blob to userspace */
>> -if (blob &&
>> -copy_to_user((void __user *)(uintptr_t)input.address,
>> -blob, input.length)) {
>> +if (copy_to_user((void __user *)input.address, blob, input.length)) {
>> ret = -EFAULT;
>> goto e_shutdown;
>>
Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command
On 10/12/17 2:53 PM, Borislav Petkov wrote:
...
> Ok, a couple of things here:
>
> * Move the checks first and the allocations second so that you allocate
> memory only after all checks have been passed and you don't allocate
> pointlessly.
I assume you mean performing the SEV state check before allocating the
memory for the CSR blob, right ? In my patches, I typically perform all
the SW specific checks and allocation before invoking the HW routines.
Handling the PSP commands will take longer compare to kmalloc() or
access_ok() etc. If its not a big deal then I would prefer to keep that
way.
>
> * That:
>
> if (state == SEV_STATE_WORKING) {
> ret = -EBUSY;
> goto e_free_blob;
> } else if (state == SEV_STATE_UNINIT) {
> ret = sev_firmware_init(>error);
> if (ret)
> goto e_free_blob;
> do_shutdown = 1;
> }
>
> is a repeating pattern. Perhaps it should be called
> sev_firmware_reinit() and called by other functions.
> * The rest is simplifications and streamlining.
>
> ---
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index e3ee68afd068..d41f5448a25b 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -302,33 +302,30 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp)
> int ret, state;
> void *blob;
>
> - if (copy_from_user(, (void __user *)(uintptr_t)argp->data,
> -sizeof(struct sev_user_data_pek_csr)))
> + if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
> + return -EFAULT;
> +
> + if (!input.address)
> + return -EINVAL;
> +
> + /* allocate a physically contiguous buffer to store the CSR blob */
> + if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
> + input.length > SEV_FW_BLOB_MAX_SIZE)
> return -EFAULT;
>
> data = kzalloc(sizeof(*data), GFP_KERNEL);
> if (!data)
> return -ENOMEM;
>
> - /* allocate a temporary physical contigous buffer to store the CSR blob
> */
> - blob = NULL;
> - if (input.address) {
> - if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
> - input.length > SEV_FW_BLOB_MAX_SIZE) {
> - ret = -EFAULT;
> - goto e_free;
> - }
> -
> - blob = kmalloc(input.length, GFP_KERNEL);
> - if (!blob) {
> - ret = -ENOMEM;
> - goto e_free;
> - }
> -
> - data->address = __psp_pa(blob);
> - data->len = input.length;
> + blob = kmalloc(input.length, GFP_KERNEL);
> + if (!blob) {
> + ret = -ENOMEM;
> + goto e_free;
> }
>
> + data->address = __psp_pa(blob);
> + data->len = input.length;
> +
> ret = sev_platform_get_state(, >error);
> if (ret)
> goto e_free_blob;
> @@ -349,25 +346,23 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp)
> do_shutdown = 1;
> }
>
> - ret = sev_handle_cmd(SEV_CMD_PEK_CSR, data, >error);
> + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, >error);
>
> input.length = data->len;
>
> /* copy blob to userspace */
> - if (blob &&
> - copy_to_user((void __user *)(uintptr_t)input.address,
> - blob, input.length)) {
> + if (copy_to_user((void __user *)input.address, blob, input.length)) {
> ret = -EFAULT;
> goto e_shutdown;
> }
>
> - if (copy_to_user((void __user *)(uintptr_t)argp->data, ,
> - sizeof(struct sev_user_data_pek_csr)))
> + if (copy_to_user((void __user *)argp->data, , sizeof(input)))
> ret = -EFAULT;
>
> e_shutdown:
> if (do_shutdown)
> - sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL);
> + ret = sev_do_cmd(SEV_CMD_SHUTDOWN, 0, NULL);
> +
> e_free_blob:
> kfree(blob);
> e_free:
> @@ -408,10 +403,10 @@ static long sev_ioctl(struct file *file, unsigned int
> ioctl, unsigned long arg)
> ret = sev_ioctl_pdh_gen();
> break;
>
> - case SEV_PEK_CSR: {
> + case SEV_PEK_CSR:
> ret = sev_ioctl_pek_csr();
> break;
> - }
> +
> default:
> ret = -EINVAL;
> goto out;
>
Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
On 10/12/17 4:41 PM, Borislav Petkov wrote:
> On Thu, Oct 12, 2017 at 04:11:18PM -0500, Brijesh Singh wrote:
>> The sev_exit() will be called for all the psp_device instance. we need
>> to set psp_misc_dev = NULL after deregistering the device.
>>
>> if (psp_misc_dev) {
>> misc_deregister(psp_misc_dev);
>> psp_misc_dev = NULL;
> Right, except we assign that misc device to every psp device:
>
> psp->sev_misc = psp_misc_dev;
>
> so the question now is, how do you want this to work: the misc device
> should be destroyed after the last psp device is destroyed or how?
We don't know when the last psp device is getting destroyed. Since we
are making the sev_misc_dev as a global variable then there is no
reason for 'sev_misc' field in the psp_device.
> Because after the first:
>
> psp_misc_dev = NULL;
>
> the respective psp->sev_misc will still keep references to that device
> but the device itself will be already deregistered. And that sounds
> strange.
See my above comment, I think the simplest solution is remove psp->sev_misc
