Message ID | 6a7be399d095373d2677440ff1fef406f97bf0d0.1575438845.git.Rijo-john.Thomas@amd.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
Series | Add TEE interface support to AMD Secure Processor driver | expand |
On 12/4/19 12:19 AM, Rijo Thomas wrote: > Read PSP feature register to check for TEE (Trusted Execution Environment) > support. > > If neither SEV nor TEE is supported by PSP, then skip PSP initialization. > > Cc: Tom Lendacky <thomas.lendacky@amd.com> > Cc: Jens Wiklander <jens.wiklander@linaro.org> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Co-developed-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> > Signed-off-by: Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> > Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> > --- > drivers/crypto/ccp/psp-dev.c | 46 +++++++++++++++++++++++++++++++++++++++----- > 1 file changed, 41 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index 2cd7a5e..3bedf72 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -53,7 +53,7 @@ static irqreturn_t psp_irq_handler(int irq, void *data) > return IRQ_HANDLED; > } > > -static int psp_check_sev_support(struct psp_device *psp) > +static unsigned int psp_get_capability(struct psp_device *psp) > { > unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg); > > @@ -66,11 +66,17 @@ static int psp_check_sev_support(struct psp_device *psp) > */ > if (val == 0xffffffff) { > dev_notice(psp->dev, "psp: unable to access the device: you might be running a broken BIOS.\n"); > - return -ENODEV; > + return 0; > } > > - if (!(val & 1)) { > - /* Device does not support the SEV feature */ > + return val; > +} > + > +static int psp_check_sev_support(struct psp_device *psp, > + unsigned int capability) > +{ > + /* Check if device supports SEV feature */ > + if (!(capability & 1)) { > dev_dbg(psp->dev, "psp does not support SEV\n"); > return -ENODEV; > } > @@ -78,10 +84,36 @@ static int psp_check_sev_support(struct psp_device *psp) > return 0; > } > > +static int psp_check_tee_support(struct psp_device *psp, > + unsigned int capability) > +{ > + /* Check if device supports TEE feature */ > + if (!(capability & 2)) { > + dev_dbg(psp->dev, "psp does not support TEE\n"); > + return -ENODEV; > + } > + > + return 0; > +} > + > +static int psp_check_support(struct psp_device *psp, > + unsigned int capability) > +{ > + int sev_support = psp_check_sev_support(psp, capability); > + int tee_support = psp_check_tee_support(psp, capability); > + > + /* Return error if device neither supports SEV nor TEE */ > + if (sev_support && tee_support) > + return -ENODEV; > + > + return 0; > +} > + > int psp_dev_init(struct sp_device *sp) > { > struct device *dev = sp->dev; > struct psp_device *psp; > + unsigned int capability; > int ret; > > ret = -ENOMEM; > @@ -100,7 +132,11 @@ int psp_dev_init(struct sp_device *sp) > > psp->io_regs = sp->io_map; > > - ret = psp_check_sev_support(psp); > + capability = psp_get_capability(psp); > + if (!capability) > + goto e_disable; > + > + ret = psp_check_support(psp, capability); > if (ret) > goto e_disable; > >
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 2cd7a5e..3bedf72 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -53,7 +53,7 @@ static irqreturn_t psp_irq_handler(int irq, void *data) return IRQ_HANDLED; } -static int psp_check_sev_support(struct psp_device *psp) +static unsigned int psp_get_capability(struct psp_device *psp) { unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg); @@ -66,11 +66,17 @@ static int psp_check_sev_support(struct psp_device *psp) */ if (val == 0xffffffff) { dev_notice(psp->dev, "psp: unable to access the device: you might be running a broken BIOS.\n"); - return -ENODEV; + return 0; } - if (!(val & 1)) { - /* Device does not support the SEV feature */ + return val; +} + +static int psp_check_sev_support(struct psp_device *psp, + unsigned int capability) +{ + /* Check if device supports SEV feature */ + if (!(capability & 1)) { dev_dbg(psp->dev, "psp does not support SEV\n"); return -ENODEV; } @@ -78,10 +84,36 @@ static int psp_check_sev_support(struct psp_device *psp) return 0; } +static int psp_check_tee_support(struct psp_device *psp, + unsigned int capability) +{ + /* Check if device supports TEE feature */ + if (!(capability & 2)) { + dev_dbg(psp->dev, "psp does not support TEE\n"); + return -ENODEV; + } + + return 0; +} + +static int psp_check_support(struct psp_device *psp, + unsigned int capability) +{ + int sev_support = psp_check_sev_support(psp, capability); + int tee_support = psp_check_tee_support(psp, capability); + + /* Return error if device neither supports SEV nor TEE */ + if (sev_support && tee_support) + return -ENODEV; + + return 0; +} + int psp_dev_init(struct sp_device *sp) { struct device *dev = sp->dev; struct psp_device *psp; + unsigned int capability; int ret; ret = -ENOMEM; @@ -100,7 +132,11 @@ int psp_dev_init(struct sp_device *sp) psp->io_regs = sp->io_map; - ret = psp_check_sev_support(psp); + capability = psp_get_capability(psp); + if (!capability) + goto e_disable; + + ret = psp_check_support(psp, capability); if (ret) goto e_disable;