On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote:
> AMD's new Secure Encrypted Virtualization (SEV) feature allows the
> memory contents of virtual machines to be transparently encrypted with a
> key unique to the VM. The programming and management of the encryption
> keys are handled
On Thu, Oct 19, 2017 at 09:33:49PM -0500, Brijesh Singh wrote:
> The SEV_FACTORY_RESET command can be used by the platform owner to
> reset the non-volatile SEV related data. The command is defined in
> SEV spec section 5.4
>
> Cc: Paolo Bonzini
> Cc: "Radim Krčmář"
> Cc: Borislav Petkov
> Cc:
On Thu, Oct 19, 2017 at 09:33:50PM -0500, Brijesh Singh wrote:
> The SEV_PLATFORM_STATUS command can be used by the platform owner to
> get the current status of the platform. The command is defined in
> SEV spec section 5.5.
>
> Cc: Paolo Bonzini
> Cc: "Radim Krčmář"
> Cc: Borislav Petkov
> Cc
On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote:
> +static int __sev_platform_init(struct sev_data_init *data, int *error)
> +{
> + int rc = 0;
> +
> + mutex_lock(&fw_init_mutex);
> +
> + if (!fw_init_count) {
I still don't like global semaphores. Can you get the status a
On Thu, Oct 19, 2017 at 09:33:51PM -0500, Brijesh Singh wrote:
> The SEV_PEK_GEN command is used to generate a new Platform Endorsement
> Key (PEK). The command is defined in SEV spec section 5.6.
>
> Cc: Paolo Bonzini
> Cc: "Radim Krčmář"
> Cc: Borislav Petkov
> Cc: Herbert Xu
> Cc: Gary Hook
On 10/23/17 4:32 AM, Borislav Petkov wrote:
...
>> +static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
>> +{
>> +int ret, err;
>> +
>> +ret = sev_platform_init(NULL, &argp->error);
>> +if (ret)
>> +return ret;
>> +
>> +ret = sev_do_cmd(cmd, 0, &ar
On Mon, Oct 23, 2017 at 07:15:30AM -0500, Brijesh Singh wrote:
> I am not sure if I am able to understand your feedback. The
> sev_platform_shutdown() is called unconditionally.
How's that:
If sev_do_cmd() fails and sev_do_cmd(SEV_CMD_SHUTDOWN, ...) in
sev_platform_shutdown() fails, then the firs
On Thu, Oct 19, 2017 at 09:33:52PM -0500, Brijesh Singh wrote:
> The SEV_PDH_GEN command is used to re-generate the Platform
> Diffie-Hellman (PDH) key. The command is defined in SEV spec section
> 5.6.
>
> Cc: Paolo Bonzini
> Cc: "Radim Krčmář"
> Cc: Borislav Petkov
> Cc: Herbert Xu
> Cc: Gar
The reasoning is simple and obvious. Since every call site passes the
value TPM_ANY_NUM (0x) the parameter does not have right to exist.
Refined the documentation of the corresponding functions.
Signed-off-by: Jarkko Sakkinen
---
drivers/char/hw_random/tpm-rng.c| 2 +-
drivers/char/tpm/
Hi, Romain,
On 10/18/2017 04:32 PM, Romain Izard wrote:
my fix also led to a
systematic oops when running the ccm(aes) test case.
The NULL deference appears because of a memory corruption issue.
atmel-aes does not implement ccm(aes), so the algorithm will be in the
following form: ccm_base(at
On Thu, Oct 19, 2017 at 09:33:53PM -0500, Brijesh Singh wrote:
> The SEV_PEK_CSR command can be used to generate a PEK certificate
> signing request. The command is defined in SEV spec section 5.7.
>
> Cc: Paolo Bonzini
> Cc: "Radim Krčmář"
> Cc: Borislav Petkov
> Cc: Herbert Xu
> Cc: Gary Hoo
On 10/23/17 7:32 AM, Borislav Petkov wrote:
> On Mon, Oct 23, 2017 at 07:15:30AM -0500, Brijesh Singh wrote:
>> I am not sure if I am able to understand your feedback. The
>> sev_platform_shutdown() is called unconditionally.
> How's that:
>
> If sev_do_cmd() fails and sev_do_cmd(SEV_CMD_SHUTDOWN
On 10/23/2017 08:38 AM, Jarkko Sakkinen wrote:
The reasoning is simple and obvious. Since every call site passes the
value TPM_ANY_NUM (0x) the parameter does not have right to exist.
Refined the documentation of the corresponding functions.
Signed-off-by: Jarkko Sakkinen
---
drivers/char
On Mon, Oct 23, 2017 at 08:32:57AM -0500, Brijesh Singh wrote:
> If both the command fails then we return status from the last command.
> IIRC, in my previous patches I was returning status from sev_do_cmd()
> instead of sev_platform_shutdown() but based on our previous
> communication I thought yo
Simply break down some long lines and tab-indent them.
Signed-off-by: Stephen Brennan
---
I'm learning the patch submission process, and this is my first patch. I know
it's trivial but I'm just trying to get my feet wet. Thanks in advance for
taking the time to review this!
drivers/staging/ccre
Hi Gilad,
Thanks for the quick reply, I really appreciate your taking time to help a
newbie get started. I've made the appropriate changes and re-submitted.
> TIP: if you run the scripts/get_maintainers.pl script on your patch it
> will tell you exactly which
> list and which people your patch ne
This empty function was used to initialize a member of a static structure.
Pointer members of an object with static storage duration, if not
explicitly initialized, will be initialized to a NULL pointer. The crypto
API checks if this pointer is not NULL before using it, so we are safe to
remove thi
irq would be set to -1 and then unused, if we failed to get IORESOURCE_MEM.
Signed-off-by: Tudor Ambarus
---
drivers/crypto/atmel-aes.c | 2 --
drivers/crypto/atmel-sha.c | 2 --
drivers/crypto/atmel-tdes.c | 2 --
3 files changed, 6 deletions(-)
diff --git a/drivers/crypto/atmel-aes.c b/driv
Return -ENODEV when dma_request_slave_channel_compat() fails.
Signed-off-by: Tudor Ambarus
---
drivers/crypto/atmel-aes.c | 3 +--
drivers/crypto/atmel-sha.c | 3 +--
drivers/crypto/atmel-tdes.c | 3 +--
3 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/atmel-aes.c
Hi!
Got the following kernel panic:
invalid opcode: [#1] SMP
CPU: 0 PID: 1449 Comm: openvpn Not tainted 4.8.13-1.el6.elrepo.x86_64 #1
cut
Call Trace:
[] ? enqueue_entity+0x45e/0x6f0
[] ? aesni_gcm_enc_avx+0x95/0xd0 [aesni_intel]
[] helper_rfc4106_encrypt+0x167/0x2f0 [aesni_intel]
[]
On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:
> >-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
> >+int tpm_pcr_extend(int pcr_idx, const u8 *hash)
> > {
>
>
> I think every kernel internal TPM driver API should be called with the
> tpm_chip as a parameter. This
On 10/23/2017 04:20 AM, Borislav Petkov wrote:
On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote:
+static int __sev_platform_init(struct sev_data_init *data, int *error)
+{
+ int rc = 0;
+
+ mutex_lock(&fw_init_mutex);
+
+ if (!fw_init_count) {
I still don't lik
On 10/23/2017 09:10 AM, Borislav Petkov wrote:
On Mon, Oct 23, 2017 at 08:32:57AM -0500, Brijesh Singh wrote:
If both the command fails then we return status from the last command.
IIRC, in my previous patches I was returning status from sev_do_cmd()
instead of sev_platform_shutdown() but base
On 10/23/2017 02:34 AM, Borislav Petkov wrote:
...
Just minor cleanups:
Thanks Boris, I have applied your cleanups.
-Brijesh
---
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index e9966d5fc6c4..f9a9a6e6ab99 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/driv
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
C
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
C
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kern
On Mon, Oct 23, 2017 at 07:53:18AM -0700, Stephen Brennan wrote:
> Simply break down some long lines and tab-indent them.
Hi Stephen,
Welcome to the Linux kernel. Great that you have put in a patch, you are,
however, unlikely to see
success fixing 'line over 80' warnings. There are a bunch of ar
On Mon, Oct 23, 2017 at 03:38:59PM +0300, Tudor Ambarus wrote:
>
> I will propose a fix, but I'm taking my time to better understand why
> CTR requires to overwrite the iv with the last ciphertext block.
That's an API requirement. So we should fix ccm.
Cheers,
--
Email: Herbert Xu
Home Page: h
From: Radu Alexe
Fixes: 3ebfa92f49a6 ("crypto: caam - Add new macros for building extended SEC
descriptors (> 64 words)")
Signed-off-by: Radu Alexe
Signed-off-by: Horia Geantă
---
drivers/crypto/caam/desc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/caa
caam/qi frontend (i.e. caamalg_qi) mustn't be used in case it runs on a
DPAA2 part (this could happen when using a multiplatform kernel).
Fixes: 297b9cebd2fc ("crypto: caam/jr - add support for DPAA2 parts")
Signed-off-by: Horia Geantă
---
If this patch won't make it into v4.14 (likely the case),
33 matches
Mail list logo
