kernel/linux.git/include/uapi/linux/psp-sev.h, branch v6.12.80

crypto: ccp - Fix uAPI definitions of PSP errors

2025-04-20T08:15:52+00:00

commit b949f55644a6d1645c0a71f78afabf12aec7c33b upstream. Additions to the error enum after explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze Reviewed-by: Tom Lendacky Signed-off-by: Alexey Kardashevskiy Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman

KVM: SEV: uapi: fix typo in SEV_RET_INVALID_CONFIG

2024-08-14T17:05:42+00:00

"INVALID" is misspelt in "SEV_RET_INAVLID_CONFIG". Since this is part of the UAPI, keep the current definition and add a new one with the fix. Fix-suggested-by: Marc Zyngier Signed-off-by: Amit Shah Message-ID: <20240814083113.21622-1-amit@kernel.org> Signed-off-by: Paolo Bonzini

crypto: ccp: Add the SNP_VLEK_LOAD command

2024-07-17T16:46:26+00:00

When requesting an attestation report a guest is able to specify whether it wants SNP firmware to sign the report using either a Versioned Chip Endorsement Key (VCEK), which is derived from chip-unique secrets, or a Versioned Loaded Endorsement Key (VLEK) which is obtained from an AMD Key Derivation Service (KDS) and derived from seeds allocated to enrolled cloud service providers (CSPs). For VLEK keys, an SNP_VLEK_LOAD SNP firmware command is used to load them into the system after obtaining them from the KDS. Add a corresponding userspace interface so to allow the loading of VLEK keys into the system. See SEV-SNP Firmware ABI 1.54, SNP_VLEK_LOAD for more details. Reviewed-by: Tom Lendacky Signed-off-by: Michael Roth Message-ID: <20240501085210.2213060-21-michael.roth@amd.com> Signed-off-by: Paolo Bonzini

crypto: ccp: Add the SNP_SET_CONFIG command

2024-01-29T19:34:19+00:00

The SEV-SNP firmware provides the SNP_CONFIG command used to set various system-wide configuration values for SNP guests, such as the reported TCB version used when signing guest attestation reports. Add an interface to set this via userspace. [ mdr: Squash in doc patch from Dionna, drop extended request/ certificate handling and simplify this to a simple wrapper around SNP_CONFIG fw cmd. ] Signed-off-by: Brijesh Singh Co-developed-by: Alexey Kardashevskiy Signed-off-by: Alexey Kardashevskiy Co-developed-by: Dionna Glaze Signed-off-by: Dionna Glaze Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240126041126.1927228-26-michael.roth@amd.com

crypto: ccp: Add the SNP_COMMIT command

2024-01-29T19:34:19+00:00

The SNP_COMMIT command is used to commit the currently installed version of the SEV firmware. Once committed, the firmware cannot be replaced with a previous firmware version (cannot be rolled back). This command will also update the reported TCB to match that of the currently installed firmware. [ mdr: Note the reported TCB update in the documentation/commit. ] Signed-off-by: Tom Lendacky Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240126041126.1927228-25-michael.roth@amd.com

crypto: ccp: Add the SNP_PLATFORM_STATUS command

2024-01-29T19:34:19+00:00

This command is used to query the SNP platform status. See the SEV-SNP spec for more details. Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240126041126.1927228-24-michael.roth@amd.com

crypto: ccp: Define the SEV-SNP commands

2024-01-29T19:34:18+00:00

AMD introduced the next generation of SEV called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware security protection. Define the commands and structures used to communicate with the AMD-SP when creating and managing the SEV-SNP guests. The SEV-SNP firmware spec is available at developer.amd.com/sev. [ mdr: update SNP command list and SNP status struct based on current spec, use C99 flexible arrays, fix kernel-doc issues. ] Signed-off-by: Brijesh Singh Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240126041126.1927228-13-michael.roth@amd.com

virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT

2023-10-20T01:11:49+00:00

The sevguest driver was a first mover in the confidential computing space. As a first mover that afforded some leeway to build the driver without concern for common infrastructure. Now that sevguest is no longer a singleton [1] the common operation of building and transmitting attestation report blobs can / should be made common. In this model the so called "TSM-provider" implementations can share a common envelope ABI even if the contents of that envelope remain vendor-specific. When / if the industry agrees on an attestation record format, that definition can also fit in the same ABI. In the meantime the kernel's maintenance burden is reduced and collaboration on the commons is increased. Convert sevguest to use CONFIG_TSM_REPORTS to retrieve the data that the SNP_GET_EXT_REPORT ioctl produces. An example flow follows for retrieving the report blob via the TSM interface utility, assuming no nonce and VMPL==2: report=/sys/kernel/config/tsm/report/report0 mkdir $report echo 2 > $report/privlevel dd if=/dev/urandom bs=64 count=1 > $report/inblob hexdump -C $report/outblob # SNP report hexdump -C $report/auxblob # cert_table rmdir $report Given that the platform implementation is free to return empty certificate data if none is available it lets configfs-tsm be simplified as it only needs to worry about wrapping SNP_GET_EXT_REPORT, and leave SNP_GET_REPORT alone. The old ioctls can be lazily deprecated, the main motivation of this effort is to stop the proliferation of new ioctls, and to increase cross-vendor collaboration. Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1] Cc: Borislav Petkov Cc: Tom Lendacky Cc: Dionna Glaze Cc: Jeremi Piotrowski Tested-by: Kuppuswamy Sathyanarayanan Tested-by: Alexey Kardashevskiy Reviewed-by: Tom Lendacky Signed-off-by: Dan Williams

crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL

2023-03-21T10:37:32+00:00

The PSP can return a "firmware error" code of -1 in circumstances where the PSP has not actually been called. To make this protocol unambiguous, name the value SEV_RET_NO_FW_CALL. [ bp: Massage a bit. ] Signed-off-by: Peter Gonda Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20221207010210.2563293-2-dionnaglaze@google.com

crypto: ccp - Add support for SEV-ES to the PSP driver

2020-04-30T05:19:33+00:00

To provide support for SEV-ES, the hypervisor must provide an area of memory to the PSP. Once this Trusted Memory Region (TMR) is provided to the PSP, the contents of this area of memory are no longer available to the x86. Update the PSP driver to allocate a 1MB region for the TMR that is 1MB aligned and then provide it to the PSP through the SEV INIT command. Signed-off-by: Tom Lendacky Reviewed-by: Brijesh Singh Reviewed-by: Joerg Roedel Signed-off-by: Herbert Xu