kernel/linux.git/drivers/crypto/ccp/psp-dev.h, branch linux-7.0.yLinux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.0.y2026-02-06T10:36:08+00:00crypto: ccp - Add sysfs attribute for boot integrity2026-02-06T10:36:08+00:00Mario Limonciellomario.limonciello@amd.com2026-01-23T03:34:53+00:00urn:sha1:90f7520b76fab89852287d78ed7919a647c68c1d
The boot integrity attribute represents that the CPU or APU is used for the
hardware root of trust in the boot process. This bit only represents the
CPU/APU and some vendors have other hardware root of trust implementations
specific to their designs.
Link: https://github.com/fwupd/fwupd/pull/9825
Reviewed-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver2025-09-17T10:17:05+00:00Ashish Kalraashish.kalra@amd.com2025-09-16T21:29:49+00:00urn:sha1:648dbccc03a000cd64c2a9d86012d98053545e64
AMD Seamless Firmware Servicing (SFS) is a secure method to allow
non-persistent updates to running firmware and settings without
requiring BIOS reflash and/or system reset.
SFS does not address anything that runs on the x86 processors and
it can be used to update ASP firmware, modules, register settings
and update firmware for other microprocessors like TMPM, etc.
SFS driver support adds ioctl support to communicate the SFS
commands to the ASP/PSP by using the TEE mailbox interface.
The Seamless Firmware Servicing (SFS) driver is added as a
PSP sub-device.
For detailed information, please look at the SFS specifications:
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58604.pdf
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Link: https://lore.kernel.org/cover.1758057691.git.ashish.kalra@amd.com
crypto: ccp - Add support for getting security attributes on some older systems2024-06-07T11:46:39+00:00Mario Limonciellomario.limonciello@amd.com2024-05-28T21:07:11+00:00urn:sha1:82f9327f774c6e040ba63a887a85fa2e290a233a
Older systems will not populate the security attributes in the
capabilities register. The PSP on these systems, however, does have a
command to get the security attributes. Use this command during ccp
startup to populate the attributes if they're missing.
Closes: https://github.com/fwupd/fwupd/issues/5284
Closes: https://github.com/fwupd/fwupd/issues/5675
Closes: https://github.com/fwupd/fwupd/issues/6253
Closes: https://github.com/fwupd/fwupd/issues/7280
Closes: https://github.com/fwupd/fwupd/issues/6323
Closes: https://github.com/fwupd/fwupd/discussions/5433
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Represent capabilities register as a union2024-06-07T11:46:39+00:00Mario Limonciellomario.limonciello@amd.com2024-05-28T21:07:08+00:00urn:sha1:8609dd25f9b271b3338e38b018fd39e49de1e6ca
Making the capabilities register a union makes it easier to refer
to the members instead of always doing bit shifts.
No intended functional changes.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for DBC over PSP mailbox2023-09-15T10:29:46+00:00Mario Limonciellomario.limonciello@amd.com2023-09-07T18:48:46+00:00urn:sha1:0470bb1b71ac1f05055b10bdc791953209a7976b
On some SOCs DBC is supported through the PSP mailbox instead of
the platform mailbox. This capability is advertised in the PSP
capabilities register. Allow using this communication path if
supported.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for extended PSP mailbox commands2023-09-15T10:29:45+00:00Mario Limonciellomario.limonciello@amd.com2023-09-07T18:48:43+00:00urn:sha1:6e17375c47a325f79e1f80028344bd4b0bdd985b
The PSP mailbox supports a number of extended sub-commands. These
subcommands are placed in the header of the buffer sent to the mailbox.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Move direct access to some PSP registers out of TEE2023-09-15T10:29:45+00:00Tom Lendackythomas.lendacky@amd.com2023-09-07T18:48:42+00:00urn:sha1:949a0c8dd3c257730ef7205be759e4bc6cf49cea
With the PSP mailbox registers supporting more than just TEE, access to
them must be maintained and serialized by the PSP device support. Remove
TEE support direct access and create an interface in the PSP support
where the register access can be controlled/serialized.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Tested-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for fetching a nonce for dynamic boost control2023-07-20T10:14:21+00:00Mario Limonciellomario.limonciello@amd.com2023-06-23T13:49:55+00:00urn:sha1:c04cf9e14f109ebcc425c1efd2c01294c52a4d62
Dynamic Boost Control is a feature offered on AMD client platforms that
allows software to request and set power or frequency limits.
Only software that has authenticated with the PSP can retrieve or set
these limits.
Create a character device and ioctl for fetching the nonce. This ioctl
supports optionally passing authentication information which will influence
how many calls the nonce is valid for.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for an interface for platform features2023-03-17T03:16:43+00:00Mario Limonciellomario.limonciello@amd.com2023-03-10T21:19:47+00:00urn:sha1:7ccc4f4e2e50e4a29f9ee8f5c9e187f8491bb6e7
Some platforms with a PSP support an interface for features that
interact directly with the PSP instead of through a SEV or TEE
environment.
Initialize this interface so that other drivers can consume it.
These drivers may either be subdrivers for the ccp module or
external modules. For external modules, export a symbol for them
to utilize.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Move some PSP mailbox bit definitions into common header2023-03-17T03:16:43+00:00Mario Limonciellomario.limonciello@amd.com2023-03-10T21:19:46+00:00urn:sha1:1c5c1daf04d13916867ef68c6ba7ae4f5e73801f
Some of the bits and fields used for mailboxes communicating with the
PSP are common across all mailbox implementations (SEV, TEE, etc).
Move these bits into the common `linux/psp.h` so they don't need to
be re-defined for each implementation.
Acked-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>