The CCP device is part of the AMD Secure Processor. In order to expand the
usage of the AMD Secure Processor, create a framework that allows functional
components of the AMD Secure Processor to be initialized and handled
appropriately.
Signed-off-by: Brijesh Singh
Signed-off-by: Tom Lendacky
Trusted Execution Environment (TEE) services provided
by PSP device.
http://marc.info/?l=linux-mm&m=147190938124206&w=2
Brijesh Singh (2):
crypto: move CCP device driver to misc
misc: amd-sp: introduce the AMD Secure Processor device
drivers/crypto/Kconfig
Hi Greg,
On 01/19/2017 12:18 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:08:01PM -0500, Brijesh Singh wrote:
The CCP device is part of the AMD Secure Processor, which is not dedicated
solely to crypto. Move the CCP device driver to the misc directory in
prepration for expanding the usage of
Hi Greg,
On 01/19/2017 12:21 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote:
The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor,
which is not dedicated solely to crypto. The AMD Secure Processor includes
CCP and PSP (Platform Secure
On 01/20/2017 02:45 AM, Greg KH wrote:
On Thu, Jan 19, 2017 at 02:03:12PM -0600, Brijesh Singh wrote:
Hi Greg,
On 01/19/2017 12:21 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote:
The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor
From: Tom Lendacky
Secure Encrypted Virtualization (SEV) does not support string I/O, so
unroll the string I/O operation into a loop operating on one element at
a time.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 26 ++
1 file changed, 22 insertions(+)
The CCP device is part of the AMD Secure Processor. In order to expand the
usage of the AMD Secure Processor, create a framework that allows functional
components of the AMD Secure Processor to be initialized and handled
appropriately.
Signed-off-by: Brijesh Singh
Signed-off-by: Tom Lendacky
From: Tom Lendacky
EFI data is encrypted when the kernel is run under SEV. Update the
page table references to be sure the EFI memory areas are accessed
encrypted.
Signed-off-by: Tom Lendacky
Signed-off-by: Brijesh Singh
---
arch/x86/platform/efi/efi_64.c | 15 ++-
1 file
From: Tom Lendacky
In order to map BOOT data with the proper encryption bit, the
early_ioremap() function calls are changed to early_memremap() calls.
This allows the proper access for both SME and SEV.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/acpi/boot.c |4 ++--
arch/x86/kernel/mp
From: Tom Lendacky
In order for memory pages to be properly mapped when SEV is active, we
need to use the PAGE_KERNEL protection attribute as the base protection.
This will insure that memory mapping of, e.g. ACPI tables, receives the
proper mapping attributes.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
Provide support for Secure Encyrpted Virtualization (SEV). This initial
support defines a flag that is used by the kernel to determine if it is
running with SEV active.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 14 +-
arch/x86/mm/mem_
From: Tom Lendacky
Define a new KVM CPU feature for Secure Encrypted Virtualization (SEV).
The kernel will check for the presence of this feature to determine if
it is running with SEV active.
Define the SEV enable bit for the VMCB control structure. The hypervisor
will use this bit to enable SE
From: Tom Lendacky
When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as
EFI related data, setup data) is encrypted and needs to be accessed as
such when mapped. Update the architecture override in early_memremap to
keep the encryption attribute when mapping this data.
Signed-
The command copies a plain text into guest memory and encrypts it using
the VM encryption key. The command will be used for debug purposes
(e.g setting breakpoint through gdbserver)
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 87
From: Tom Lendacky
The use of ioremap will force the setup data to be mapped decrypted even
though setup data is encrypted. Switch to using memremap which will be
able to perform the proper mapping.
Signed-off-by: Tom Lendacky
---
arch/x86/pci/common.c |4 ++--
1 file changed, 2 insertion
the KVM code to remove the pinning logical
without making any changes into userspace (qemu).
The patch pins userspace memory when a new slot is created and unpin the
memory when slot is removed.
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch
The command is used to retrieve the measurement of memory encrypted through
the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation
purposes.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 52
1 file changed, 52
have asid value within asid range obtained through CPUID.
- SEV guest must have the same asid for all vcpu's. A TLB flush is required
if different vcpu for the same ASID is to be run on the same host CPU.
Signed-off-by: Brijesh Singh
---
arch/x86/include/asm/kvm_host.h |8 ++
arc
From: Tom Lendacky
Update the CPU features to include identifying and reporting on the
Secure Encrypted Virtualization (SEV) feature. SME is identified by
CPUID 0x801f, but requires BIOS support to enable it (set bit 23 of
MSR_K8_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SEV featu
From: Tom Lendacky
Currently the nested_ctl variable in the vmcb_control_area structure is
used to indicate nested paging support. The nested paging support field
is actually defined as bit 0 of the field. In order to support a new
feature flag the usage of the nested_ctl and nested paging suppor
If hardware supports encrypting then KVM_MEMORY_ENCRYPT_OP ioctl can
be used by qemu to issue platform specific memory encryption commands.
Signed-off-by: Brijesh Singh
---
arch/x86/include/asm/kvm_host.h |2 ++
arch/x86/kvm/x86.c | 12
include/uapi/linux/kvm.h
ff-by: Brijesh Singh
---
arch/x86/include/asm/kvm_emulate.h |1 +
arch/x86/include/asm/kvm_host.h|3 ++
arch/x86/kvm/emulate.c | 20 +---
arch/x86/kvm/svm.c |2 ++
arch/x86/kvm/x86.c | 45
5
In current implementation, asid allocation starts from 1, this patch
adds a min_asid variable in svm_vcpu structure to allow starting asid
from something other than 1.
Signed-off-by: Brijesh Singh
Reviewed-by: Paolo Bonzini
---
arch/x86/kvm/svm.c |4 +++-
1 file changed, 3 insertions(+), 1
Signed-off-by: Brijesh Singh
---
arch/x86/kernel/kvm.c | 43 +++--
include/asm-generic/vmlinux.lds.h |3 +++
include/linux/percpu-defs.h |9
3 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/kvm.c b/
The command is used to decrypt guest memory region for debug purposes.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 76
1 file changed, 76 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 977aa22..ce8819a
The command is used to bootstrap SEV guest from unencrypted boot images.
The command creates a new VM encryption key (VEK) using the guest owner's
public DH certificates, and session data. The VEK will be used to encrypt
the guest memory.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/
: Brijesh Singh
---
drivers/crypto/ccp/Kconfig |7 +
drivers/crypto/ccp/Makefile |1
drivers/crypto/ccp/psp-dev.c | 211 ++
drivers/crypto/ccp/psp-dev.h | 102
drivers/crypto/ccp/sp-dev.c | 16 +++
drivers/crypto/ccp/sp
userspace.
- in-kernel API's to encrypt the guest memory region. The in-kernel APIs
will be used by KVM to bootstrap and debug the SEV guest.
SEV key management spec is available here [1]
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Signed-off-by: Brijesh
The command is used for querying the SEV guest status.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 37 +
1 file changed, 37 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index c108064..977aa22 100644
--- a/arch/x86/kvm/svm.c
The command is used for encrypting the guest memory region using the VM
encryption key (VEK) created from LAUNCH_START.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 150
1 file changed, 150 insertions(+)
diff --git a/arch/x86/kvm
From: Tom Lendacky
Early in the boot process, add checks to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) active by issuing
a CPUID instruction.
During early compressed kernel booting, if SEV is active the pagetables are
updated so that data is accessed and decomp
From: Tom Lendacky
Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active in the guest by setting the SEV KVM CPU
features bit. SEV is active if Secure Memory Encryption is enabled in
the host and the SEV_ENABLE bit of the VMCB is set.
Signed-off-by:
Secure Encrypted Virtualization (SEV) mode,
where we may need to change the memory region attributes in early boot
process.
Signed-off-by: Brijesh Singh
---
arch/x86/mm/pageattr.c | 51
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a
From: Tom Lendacky
DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read. In order
for DMA to properly work when SEV is active, the swiotlb bounce buffers
must be used.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/m
code.
Signed-off-by: Brijesh Singh
---
arch/x86/include/asm/mem_encrypt.h | 15 +
arch/x86/mm/mem_encrypt.c | 63
2 files changed, 78 insertions(+)
diff --git a/arch/x86/include/asm/mem_encrypt.h
b/arch/x86/include/asm/mem_encrypt.h
index
x27;s review feedbacks
- add APIs to support sharing the guest physical address with hypervisor
- update kvm pvclock driver to use the shared buffer when SEV is active
- pin the SEV guest memory
Brijesh Singh (18):
x86: mm: Provide support to use memblock when spliting large pages
Hi Mark,
On 03/02/2017 11:39 AM, Mark Rutland wrote:
On Thu, Mar 02, 2017 at 10:16:15AM -0500, Brijesh Singh wrote:
The CCP device is part of the AMD Secure Processor. In order to expand the
usage of the AMD Secure Processor, create a framework that allows functional
components of the AMD
The command is used for finializing the SEV guest launch process.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 36
1 file changed, 36 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 62c2b22..c108064 100644
--- a/arch/x86
hypervisor and guest can access the data.
Signed-off-by: Brijesh Singh
---
arch/x86/kernel/kvmclock.c | 65 ++--
1 file changed, 56 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index 278de4f..3b38b3d
Hi Boris,
On 03/03/2017 10:59 AM, Borislav Petkov wrote:
On Thu, Mar 02, 2017 at 10:12:09AM -0500, Brijesh Singh wrote:
From: Tom Lendacky
Update the CPU features to include identifying and reporting on the
Secure Encrypted Virtualization (SEV) feature. SME is identified by
CPUID 0x801f
Hi Bjorn,
On 03/03/2017 02:33 PM, Bjorn Helgaas wrote:
On Thu, Mar 02, 2017 at 10:12:01AM -0500, Brijesh Singh wrote:
This RFC series provides support for AMD's new Secure Encrypted Virtualization
(SEV) feature. This RFC is build upon Secure Memory Encryption (SME) RFCv4 [1].
What k
On 03/04/2017 04:11 AM, Borislav Petkov wrote:
> On Fri, Mar 03, 2017 at 03:01:23PM -0600, Brijesh Singh wrote:
>
> This looks like a wraparound...
>
> $ test-apply.sh /tmp/brijesh.singh.delta
> checking file Documentation/admin-guide/kernel-parameters.txt
> Hunk #1 succeed
y ranges (recommend by Paolo)
* Extend kvm_x86_ops to provide new memory_encryption_enabled ops
* Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page
(recommended by Paolo)
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2
tursted applications.
Cc: Herbert Xu
Cc: David S. Miller
Cc: Gary Hook
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/Kconfig | 9 ++
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 226
encryption context for the SEV guests.
- a userspace IOCTL to manage the platform certificates etc
Cc: Herbert Xu
Cc: David S. Miller
Cc: Gary Hook
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/Kconfig | 10 +
drivers/crypto/ccp/Makefile | 1 +
drivers
On 07/25/2017 03:29 AM, Kamil Konieczny wrote:
Hi,
minor misspelling,
On 24.07.2017 22:02, Brijesh Singh wrote:
Platform Security Processor (PSP) is part of AMD Secure Processor (AMD-SP),
PSP is a dedicated processor that provides the support for key management
commands in a Secure Encrypted
Hi Boris,
On 09/06/2017 12:00 PM, Borislav Petkov wrote:
...
--
|diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c
|index a017233..d263ba4 100644
|--- a/drivers/crypto/ccp/sp-dev.c
|+++ b/drivers/crypto/ccp/sp-dev.c
--
What
Hi Boris,
On 09/07/2017 09:27 AM, Borislav Petkov wrote:
...
The commit message above reads better to me as the help text than what
you have here.
Also, in order to make it easier for the user, I think we'll need a
CONFIG_AMD_MEM_ENCRYPT_SEV or so and make that depend on CONFIG_KVM_AMD,
this
On 09/08/2017 03:40 AM, Borislav Petkov wrote:
On Thu, Sep 07, 2017 at 05:19:32PM -0500, Brijesh Singh wrote:
At high level, AMD-SP (AMD Secure Processor) (i.e CCP driver) will provide the
support for CCP, SEV and TEE FW commands.
+--- CCP
|
AMD-SP
On 09/08/2017 03:40 AM, Borislav Petkov wrote:
On Thu, Sep 07, 2017 at 05:19:32PM -0500, Brijesh Singh wrote:
At high level, AMD-SP (AMD Secure Processor) (i.e CCP driver) will provide the
support for CCP, SEV and TEE FW commands.
+--- CCP
|
AMD-SP
Hi Boris,
I will address all your feedback in next rev.
On 09/12/2017 09:02 AM, Borislav Petkov wrote:
...
You could make that more tabular like this:
case SEV_CMD_INIT: return sizeof(struct sev_data_init);
case SEV_CMD_PLATFORM_STATUS: return sizeof(struct
On 09/13/2017 09:17 AM, Borislav Petkov wrote:
...
+
+unlock:
+ mutex_unlock(&sev_cmd_mutex);
+ print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
+ sev_cmd_buffer_len(cmd), false);
+ return ret;
... and here you return psp_ret == 0 even
n_enabled ops
* Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \
(recommended by Paolo)
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Brijesh Singh (26):
Documentation/virtual/kvm: Add AMD Se
org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 743 ++-
drivers/crypto/ccp/psp-dev.h | 17 +
include/linux/psp-sev.h | 171 ++
include/uapi/linux/psp-sev.h | 114 +++
4 files changed, 1044 insertions(+), 1 deletion(-)
c
: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
include/linux/psp-sev.h | 512 ++
trusted applications.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/Kconf
-party trusted applications.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Hi Boris,
I have been goi
On 9/30/17 3:30 AM, Borislav Petkov wrote:
...
> From: Borislav Petkov
>
> This is AMD-specific hardware so present it in Kconfig only when AMD
> CPU support is enabled.
>
> Signed-off-by: Borislav Petkov
> Cc: Brijesh Singh
> Cc: Tom Lendacky
> Cc: Gary Hook
>
On 9/29/17 10:16 AM, Borislav Petkov wrote:
...
> +
>> +config CRYPTO_DEV_SP_PSP
>> +bool "Platform Security Processor (PSP) device"
>> +default y
>> +depends on CRYPTO_DEV_CCP_DD
> So this last symbol CRYPTO_DEV_CCP_DD is default m and it doesn't depend
> on anything. And I'm pretty
On 9/30/17 11:11 AM, Borislav Petkov wrote:
> I think just from having CRYPTO_DEV_CCP_DD depend on CPU_SUP_AMD ||
> ARM64, CRYPTO_DEV_SP_PSP gets almost the same dependency transitively.
> But sure, let's make the PSP build only on x86. It should depend on
> X86_64, to be precise.
I think theore
acky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v4.1:
* Add CPU_SUP_AMD depends
* Add a note in commit message that PSP can be used outside KVM
* Fix the Kconfig help based on Boris feedback
org
Signed-off-by: Brijesh Singh
---
Changes since v4:
* fixes reported by kbuild robot
* update sev_cmd_buffer_len() to use tabular format to make it more readable
drivers/crypto/ccp/psp-dev.c | 734 +++
drivers/crypto/ccp/psp-dev.h | 17 +
include
ert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v4:
* add spec reference
include/linux/psp-sev.h | 515
1 file ch
-by: Borislav Petkov
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
---
drivers/crypto/ccp/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kco
orislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (27):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
(SEV)
KVM: SVM: Prepare to reserve asid for SEV guest
KVM: X86: Extend CPUID range to include new leaf
ert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
include/linux/psp-sev.h | 515
1 file changed, 515 insertions(+)
create mode 1006
org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 734 +++
drivers/crypto/ccp/psp-dev.h | 17 +
include/linux/psp-sev.h | 159 ++
include/uapi/linux/psp-sev.h | 116 +++
4 files changed, 1026 insertions(+)
create mode 1006
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by:
Signed-off-by: Borislav Petkov
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc: Herbert Xu
Cc: "David S. Miller
acky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 109 +++
drivers
On 10/04/2017 04:47 PM, Borislav Petkov wrote:>
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
i.e., the first SOB is the author's and the second is yours which means,
you've handled the patch further on, like sending it upstream, for
example.
Noted, thanks
On 10/6/17 1:49 PM, Borislav Petkov wrote:
...
>> +
>> +static unsigned int sev_poll;
>> +module_param(sev_poll, uint, 0444);
>> +MODULE_PARM_DESC(sev_poll, "Poll for sev command completion - any non-zero
>> value");
> What is that used for? Some debugging leftover probably? If not, add a
> comm
: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
Changes since v5:
* move psp_entry in sp-pci.c (based on Boris improvement p
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 85
1 file changed, 85 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 28efb7a9245a..8038ca7ae
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
include/uapi/linux/psp-sev.h | 115 +++
1 file changed, 115 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 32
1 file changed, 32 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 03d7bd03ad58..28efb7a9245a 100644
---
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 110 +++
1 file changed, 110 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 861c44bf2910..0a
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 97
1 file changed, 97 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 8038ca7aef03..861c44bf2910 10
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 34 ++
1 file changed, 34 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 94
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 68
1 file changed, 68 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index d68303a06464..03d7bd03ad58 10
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
Based on Boris feedback split this patch in 9 logical patches, they are
numbers from 12.1 to 12.9.
drivers/crypto/ccp/psp-dev.c | 244 +++
drivers/crypto/ccp/psp-dev.h | 17 +++
include/
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index e9
On 10/6/17 1:49 PM, Borislav Petkov wrote:
...
>> +static int sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
>> +{
>> +psp->sev_int_rcvd = 0;
>> +
>> +wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
> What happens if the command times out and it never sets psp->sev_int_rcv
On 10/7/17 1:40 PM, Borislav Petkov wrote:
...
> A bunch of fixes ontop:
>
> * sev_fops_registered is superfluous if you can use psp->has_sev_fops
I am okay with all your fixes except this one. I will add my comment below.
...
> static int sev_ops_init(struct psp_device *psp)
> {
> stru
On 10/5/17 3:56 PM, Borislav Petkov wrote:
> On Wed, Oct 04, 2017 at 08:13:52AM -0500, Brijesh Singh wrote:
>> Define Secure Encrypted Virtualization (SEV) key management command id
>> and structure. The command definition is available in SEV KM [1] spec
>> 0.14.
>>
&g
On 10/7/17 9:20 AM, Borislav Petkov wrote:
> On Fri, Oct 06, 2017 at 08:06:00PM -0500, Brijesh Singh wrote:
>> Add a include file which defines the ioctl and command id used for
>> issuing SEV platform management specific commands.
>>
>> Cc: Paolo Bonzini
>> Cc
On 10/8/17 9:00 AM, Borislav Petkov wrote:
> On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote:
>> During the device probe, sev_ops_init() will be called for every device
>> instance which claims to support the SEV. One of the device will be
>> 'master'
On 10/09/2017 10:21 AM, Borislav Petkov wrote:
...
03:00.1 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device
1468
13:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device
1456
Btw, what do those PCI functions each do? Public PPR doesn't have them
documented.
On 10/11/2017 09:19 AM, Borislav Petkov wrote:
On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote:
Basically we need some variable which is outside the per-device
structure so that we don't end up creating multiple /dev/sev nodes. If
needed, I think we can remove 'ha
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
Make it as the first patch in the series (changed from 12.2/31 -> 12.1/31)
Changes since v5.1:
* add __packed improvement from Boris
The full tree is available at:
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
Make it as a second patch in the series (changes from 12.1 -> 12.2)
Changes since v5.1:
* text streamlining (from Boris)
* rename sev_handle_cmd -> sev_do_cmd (from Boris)
* PSP_P2CMSG needs arg eval (from Boris)
* use
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
Changes since v5.1:
* rename sev_handle_cmd -> sev_do_cmd (from Boris)
* skip copy_to_user when invalid cmd id is passed (from Boris)
* use SEV_MAX instead o
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v5.1:
* rename sev_handle_cmd -> sev_do_cmd
drivers/crypto/ccp/psp-dev.c | 34 ++
1 file changed, 34 insertions(+)
diff --git a/drivers/c
On 10/11/2017 12:02 PM, Borislav Petkov wrote:
...
What's with the curly brackets around the case: statements?
I will remove the curly braces.
Anyway, here are some more improvements:
* you can get rid of the struct copying into out and the bitfields by
doing something like this:
On 10/11/2017 03:04 PM, Borislav Petkov wrote:
On Wed, Oct 11, 2017 at 02:49:55PM -0500, Brijesh Singh wrote:
This is OK for now. But in future if FW steals another bit from reserved1
field to expose a new flag then 'owner' name will no longer be valid. If you
don't to use bi
On 10/11/2017 03:28 PM, Borislav Petkov wrote:
On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote:
The current 'struct sev_data_status' matches with the firmware names and the
bit fields. Only thing I did was the fields with no name is called as
"reservedX"
O
On 10/11/2017 03:45 PM, Brijesh Singh wrote:
On 10/11/2017 03:28 PM, Borislav Petkov wrote:
On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote:
The current 'struct sev_data_status' matches with the firmware names
and the
bit fields. Only thing I did was the fields wi
On 10/12/2017 08:27 AM, Borislav Petkov wrote:
...
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @owner: self-owned or externally owned
+ * @config: platform config flag
On 10/12/17 1:21 PM, Borislav Petkov wrote:
.
> Btw, that function returns 0 unconditionally. So you can make it return
> void and...
Will do
>> +if (ret)
>> +goto unlock;
> ... remove this check and initialize ret to 0 at the beginning.
>
Will do
On 10/12/17 1:28 PM, Borislav Petkov wrote:
> On Fri, Oct 06, 2017 at 08:06:03PM -0500, Brijesh Singh wrote:
>> The SEV_PEK_GEN command is used to generate a new Platform Endorsement
>> Key (PEK). The command is defined in SEV spec section 5.6.
>>
>> Cc: Paolo Bo
On 10/12/17 1:48 PM, Borislav Petkov wrote:
...
> On Fri, Oct 06, 2017 at 08:06:04PM -0500, Brijesh Singh wrote:
>> The SEV_PDH_GEN command is used to re-generate the Platform
>> Diffie-Hellman (PDH) key. The command is defined in SEV spec section
>> 5.9.
>>
>>
1 - 100 of 333 matches
Mail list logo
