Re: [PATCH] crypto: ccp - Retry SEV INIT command in case of integrity check failure.

et command is issued > >> > >> The patch takes care of #1. Based on the spec, platform reset command > >> should erase the persistent data and the PLATFORM_INIT should *not* fail > >> with SEV_RET_SECURE_DATA_INVALID error code. So, I am not able to see > >> any strong reason to move the retry code in > >> __sev_platform_init_locked(). > >> > > > > Hmm, is the sev_platform_init() call in sev_guest_init() intended to do > > SEV_CMD_INIT only after platform reset? I was under the impression it was > > done in case any previous init failed. > > > > > The PLATFORM_INIT command is allowed only when FW is in UINIT state. On > boot, the FW will be in UNINIT state and similarly after the platform > reset command the FW goes back to UNINIT state. > > The __sev_platform_init_locked() checks the FW state before issuing the > command, if FW is already in INIT state then it returns immediately. > Ah, got it, thanks. Acked-by: David Rientjes

Re: [PATCH] crypto: ccp - Retry SEV INIT command in case of integrity check failure.

On Mon, 21 Oct 2019, Singh, Brijesh wrote: > >> From: Ashish Kalra > >> > >> SEV INIT command loads the SEV related persistent data from NVS > >> and initializes the platform context. The firmware validates the > >> persistent state. If validation fails, the firmware will reset > >> the persisent

Re: [PATCH] crypto: ccp - Retry SEV INIT command in case of integrity check failure.

On Thu, 17 Oct 2019, Kalra, Ashish wrote: > From: Ashish Kalra > > SEV INIT command loads the SEV related persistent data from NVS > and initializes the platform context. The firmware validates the > persistent state. If validation fails, the firmware will reset > the persisent state and return

[patch v2] crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL

E SEV command") Reported-by: Cfir Cohen Signed-off-by: David Rientjes --- v2: no need to check api_major >= maj after checking api_major > maj per Thomas drivers/crypto/ccp/psp-dev.c | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/cryp

[patch] crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL

E SEV command") Reported-by: Cfir Cohen Signed-off-by: David Rientjes --- drivers/crypto/ccp/psp-dev.c | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c --- a/drivers/crypto/ccp/psp-dev.c +++ b/driv

[patch] crypto: ccp - Free ccp if initialization fails

If ccp_dev_init() fails, kfree() the allocated ccp since it will otherwise be leaked. Fixes: 720419f01832 ("crypto: ccp - Introduce the AMD Secure Processor device") Reported-by: Cfir Cohen Signed-off-by: David Rientjes --- drivers/crypto/ccp/ccp-dev.c | 1 + 1 file changed, 1

[patch] MODSIGN: Fix build error with strict typechecking

lloc' include/linux/key.h:195: note: expected 'kuid_t' but argument is of type 'int' kernel/modsign_pubkey.c:47: error: incompatible type for argument 4 of 'key_alloc' include/linux/key.h:195: note: expected 'kgid_t' but argument is of type 'int

Re: Crypto Fixes for 3.1

On Fri, 21 Oct 2011, Herbert Xu wrote: > Hi Linus: > > This push fixes a NULL-pointer dereference that can be triggered > from user-space. > > Please pull from > > git://github.com/herbertx/crypto.git > Hi Herbert, When I pull from this, I also get commit 9c129165af0225c63c37d1896ac9b0d34e