mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-12-23 11:43:22 +00:00
f47906782c
The sevguest driver was a first mover in the confidential computing
space. As a first mover that afforded some leeway to build the driver
without concern for common infrastructure.
Now that sevguest is no longer a singleton [1] the common operation of
building and transmitting attestation report blobs can / should be made
common. In this model the so called "TSM-provider" implementations can
share a common envelope ABI even if the contents of that envelope remain
vendor-specific. When / if the industry agrees on an attestation record
format, that definition can also fit in the same ABI. In the meantime
the kernel's maintenance burden is reduced and collaboration on the
commons is increased.
Convert sevguest to use CONFIG_TSM_REPORTS to retrieve the data that
the SNP_GET_EXT_REPORT ioctl produces. An example flow follows for
retrieving the report blob via the TSM interface utility,
assuming no nonce and VMPL==2:
report=/sys/kernel/config/tsm/report/report0
mkdir $report
echo 2 > $report/privlevel
dd if=/dev/urandom bs=64 count=1 > $report/inblob
hexdump -C $report/outblob # SNP report
hexdump -C $report/auxblob # cert_table
rmdir $report
Given that the platform implementation is free to return empty
certificate data if none is available it lets configfs-tsm be simplified
as it only needs to worry about wrapping SNP_GET_EXT_REPORT, and leave
SNP_GET_REPORT alone.
The old ioctls can be lazily deprecated, the main motivation of this
effort is to stop the proliferation of new ioctls, and to increase
cross-vendor collaboration.
Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1]
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Tested-by: Alexey Kardashevskiy <aik@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
175 lines
4.3 KiB
C
175 lines
4.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
|
|
/*
|
|
* Userspace interface for AMD Secure Encrypted Virtualization (SEV)
|
|
* platform management commands.
|
|
*
|
|
* Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
|
|
*
|
|
* Author: Brijesh Singh <brijesh.singh@amd.com>
|
|
*
|
|
* SEV API specification is available at: https://developer.amd.com/sev/
|
|
*/
|
|
|
|
#ifndef __PSP_SEV_USER_H__
|
|
#define __PSP_SEV_USER_H__
|
|
|
|
#include <linux/types.h>
|
|
|
|
/**
|
|
* SEV platform commands
|
|
*/
|
|
enum {
|
|
SEV_FACTORY_RESET = 0,
|
|
SEV_PLATFORM_STATUS,
|
|
SEV_PEK_GEN,
|
|
SEV_PEK_CSR,
|
|
SEV_PDH_GEN,
|
|
SEV_PDH_CERT_EXPORT,
|
|
SEV_PEK_CERT_IMPORT,
|
|
SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
|
|
SEV_GET_ID2,
|
|
|
|
SEV_MAX,
|
|
};
|
|
|
|
/**
|
|
* SEV Firmware status code
|
|
*/
|
|
typedef enum {
|
|
/*
|
|
* This error code is not in the SEV spec. Its purpose is to convey that
|
|
* there was an error that prevented the SEV firmware from being called.
|
|
* The SEV API error codes are 16 bits, so the -1 value will not overlap
|
|
* with possible values from the specification.
|
|
*/
|
|
SEV_RET_NO_FW_CALL = -1,
|
|
SEV_RET_SUCCESS = 0,
|
|
SEV_RET_INVALID_PLATFORM_STATE,
|
|
SEV_RET_INVALID_GUEST_STATE,
|
|
SEV_RET_INAVLID_CONFIG,
|
|
SEV_RET_INVALID_LEN,
|
|
SEV_RET_ALREADY_OWNED,
|
|
SEV_RET_INVALID_CERTIFICATE,
|
|
SEV_RET_POLICY_FAILURE,
|
|
SEV_RET_INACTIVE,
|
|
SEV_RET_INVALID_ADDRESS,
|
|
SEV_RET_BAD_SIGNATURE,
|
|
SEV_RET_BAD_MEASUREMENT,
|
|
SEV_RET_ASID_OWNED,
|
|
SEV_RET_INVALID_ASID,
|
|
SEV_RET_WBINVD_REQUIRED,
|
|
SEV_RET_DFFLUSH_REQUIRED,
|
|
SEV_RET_INVALID_GUEST,
|
|
SEV_RET_INVALID_COMMAND,
|
|
SEV_RET_ACTIVE,
|
|
SEV_RET_HWSEV_RET_PLATFORM,
|
|
SEV_RET_HWSEV_RET_UNSAFE,
|
|
SEV_RET_UNSUPPORTED,
|
|
SEV_RET_INVALID_PARAM,
|
|
SEV_RET_RESOURCE_LIMIT,
|
|
SEV_RET_SECURE_DATA_INVALID,
|
|
SEV_RET_INVALID_KEY = 0x27,
|
|
SEV_RET_MAX,
|
|
} sev_ret_code;
|
|
|
|
/**
|
|
* struct sev_user_data_status - PLATFORM_STATUS command parameters
|
|
*
|
|
* @major: major API version
|
|
* @minor: minor API version
|
|
* @state: platform state
|
|
* @flags: platform config flags
|
|
* @build: firmware build id for API version
|
|
* @guest_count: number of active guests
|
|
*/
|
|
struct sev_user_data_status {
|
|
__u8 api_major; /* Out */
|
|
__u8 api_minor; /* Out */
|
|
__u8 state; /* Out */
|
|
__u32 flags; /* Out */
|
|
__u8 build; /* Out */
|
|
__u32 guest_count; /* Out */
|
|
} __packed;
|
|
|
|
#define SEV_STATUS_FLAGS_CONFIG_ES 0x0100
|
|
|
|
/**
|
|
* struct sev_user_data_pek_csr - PEK_CSR command parameters
|
|
*
|
|
* @address: PEK certificate chain
|
|
* @length: length of certificate
|
|
*/
|
|
struct sev_user_data_pek_csr {
|
|
__u64 address; /* In */
|
|
__u32 length; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
|
|
*
|
|
* @pek_address: PEK certificate chain
|
|
* @pek_len: length of PEK certificate
|
|
* @oca_address: OCA certificate chain
|
|
* @oca_len: length of OCA certificate
|
|
*/
|
|
struct sev_user_data_pek_cert_import {
|
|
__u64 pek_cert_address; /* In */
|
|
__u32 pek_cert_len; /* In */
|
|
__u64 oca_cert_address; /* In */
|
|
__u32 oca_cert_len; /* In */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
|
|
*
|
|
* @pdh_address: PDH certificate address
|
|
* @pdh_len: length of PDH certificate
|
|
* @cert_chain_address: PDH certificate chain
|
|
* @cert_chain_len: length of PDH certificate chain
|
|
*/
|
|
struct sev_user_data_pdh_cert_export {
|
|
__u64 pdh_cert_address; /* In */
|
|
__u32 pdh_cert_len; /* In/Out */
|
|
__u64 cert_chain_address; /* In */
|
|
__u32 cert_chain_len; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_get_id - GET_ID command parameters (deprecated)
|
|
*
|
|
* @socket1: Buffer to pass unique ID of first socket
|
|
* @socket2: Buffer to pass unique ID of second socket
|
|
*/
|
|
struct sev_user_data_get_id {
|
|
__u8 socket1[64]; /* Out */
|
|
__u8 socket2[64]; /* Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_get_id2 - GET_ID command parameters
|
|
* @address: Buffer to store unique ID
|
|
* @length: length of the unique ID
|
|
*/
|
|
struct sev_user_data_get_id2 {
|
|
__u64 address; /* In */
|
|
__u32 length; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_issue_cmd - SEV ioctl parameters
|
|
*
|
|
* @cmd: SEV commands to execute
|
|
* @opaque: pointer to the command structure
|
|
* @error: SEV FW return code on failure
|
|
*/
|
|
struct sev_issue_cmd {
|
|
__u32 cmd; /* In */
|
|
__u64 data; /* In */
|
|
__u32 error; /* Out */
|
|
} __packed;
|
|
|
|
#define SEV_IOC_TYPE 'S'
|
|
#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
|
|
|
|
#endif /* __PSP_USER_SEV_H */
|