[v7,44/45] virt: sevguest: Add support to derive key

Message ID	20211110220731.2396491-45-brijesh.singh@amd.com (mailing list archive)
State	New
Headers	show Return-Path: <SRS0=AzIT=P5=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1FC346112F Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; From: Brijesh Singh <brijesh.singh@amd.com> To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org> CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>, Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>, Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>, Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov" <kirill@shutemov.name>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan Gilbert" <dgilbert@redhat.com>, <tony.luck@intel.com>, <marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh <brijesh.singh@amd.com> Subject: [PATCH v7 44/45] virt: sevguest: Add support to derive key Date: Wed, 10 Nov 2021 16:07:30 -0600 Message-ID: <20211110220731.2396491-45-brijesh.singh@amd.com> In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com> References: <20211110220731.2396491-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Add AMD Secure Nested Paging (SEV-SNP) Guest Support \| expand [v7,00/45] Add AMD Secure Nested Paging (SEV-SNP) Guest Support [v7,01/45] x86/compressed/64: detect/setup SEV/SME features earlier in boot [v7,02/45] x86/sev: detect/setup SEV/SME features earlier in boot [v7,03/45] x86/mm: Extend cc_attr to include AMD SEV-SNP [v7,04/45] x86/sev: Shorten GHCB terminate macro names [v7,05/45] x86/sev: Get rid of excessive use of defines [v7,06/45] x86/head64: Carve out the guest encryption postprocessing into a helper [v7,07/45] x86/sev: Remove do_early_exception() forward declarations [v7,08/45] x86/sev: Define the Linux specific guest termination reasons [v7,09/45] x86/sev: Save the negotiated GHCB version [v7,10/45] x86/sev: Add support for hypervisor feature VMGEXIT [v7,11/45] x86/sev: Check SEV-SNP features support [v7,12/45] x86/sev: Add a helper for the PVALIDATE instruction [v7,13/45] x86/sev: Check the vmpl level [v7,14/45] x86/compressed: Add helper for validating pages in the decompression stage [v7,15/45] x86/compressed: Register GHCB memory when SEV-SNP is active [v7,16/45] x86/sev: Register GHCB memory when SEV-SNP is active [v7,17/45] x86/sev: Add helper for validating pages in early enc attribute changes [v7,18/45] x86/kernel: Make the bss.decrypted section shared in RMP table [v7,19/45] x86/kernel: Validate rom memory before accessing when SEV-SNP is active [v7,20/45] x86/mm: Add support to validate memory when changing C-bit [v7,21/45] KVM: SVM: Define sev_features and vmpl field in the VMSA [v7,22/45] KVM: SVM: Create a separate mapping for the SEV-ES save area [v7,23/45] KVM: SVM: Create a separate mapping for the GHCB save area [v7,24/45] KVM: SVM: Update the SEV-ES save area mapping [v7,25/45] x86/sev: Use SEV-SNP AP creation to start secondary CPUs [v7,26/45] x86/head: re-enable stack protection for 32/64-bit builds [v7,27/45] x86/sev: move MSR-based VMGEXITs for CPUID to helper [v7,28/45] KVM: x86: move lookup of indexed CPUID leafs to helper [v7,29/45] x86/compressed/acpi: move EFI system table lookup to helper [v7,30/45] x86/compressed/acpi: move EFI config table lookup to helper [v7,31/45] x86/compressed/acpi: move EFI vendor table lookup to helper [v7,32/45] x86/boot: Add Confidential Computing type to setup_data [v7,33/45] KVM: SEV: Add documentation for SEV-SNP CPUID Enforcement [v7,34/45] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers [v7,35/45] x86/boot: add a pointer to Confidential Computing blob in bootparams [v7,36/45] x86/compressed: add SEV-SNP feature detection/setup [v7,37/45] x86/compressed: use firmware-validated CPUID for SEV-SNP guests [v7,38/45] x86/compressed/64: add identity mapping for Confidential Computing blob [v7,39/45] x86/sev: add SEV-SNP feature detection/setup [v7,40/45] x86/sev: use firmware-validated CPUID for SEV-SNP guests [v7,41/45] x86/sev: Provide support for SNP guest request NAEs [v7,42/45] x86/sev: Register SNP guest request platform device [v7,43/45] virt: Add SEV-SNP guest driver [v7,44/45] virt: sevguest: Add support to derive key [v7,45/45] virt: sevguest: Add support to get extended report

Message ID

20211110220731.2396491-45-brijesh.singh@amd.com (mailing list archive)

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1FC346112F
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>,
	<linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>,
	<linux-coco@lists.linux.dev>, <linux-mm@kvack.org>
CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
	Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H.
 Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini
	<pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly
 Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy
 Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>,
	Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter
 Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada
	<srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>,
	Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>,
	Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>,
	Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov"
	<kirill@shutemov.name>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan
 Gilbert" <dgilbert@redhat.com>, <tony.luck@intel.com>, <marcorr@google.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh
	<brijesh.singh@amd.com>
Subject: [PATCH v7 44/45] virt: sevguest: Add support to derive key
Date: Wed, 10 Nov 2021 16:07:30 -0600
Message-ID: <20211110220731.2396491-45-brijesh.singh@amd.com>
In-Reply-To: <20211110220731.2396491-1-brijesh.singh@amd.com>
References: <20211110220731.2396491-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2021 22:09:06.6040
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c9f9fa53-63f8-4908-4466-08d9a496b6b7
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	DM6NAM11FT008.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1905
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=iwk9uti8;
	spf=pass (imf27.hostedemail.com: domain of brijesh.singh@amd.com designates
 40.107.102.89 as permitted sender) smtp.mailfrom=brijesh.singh@amd.com;
	dmarc=pass (policy=quarantine) header.from=amd.com
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: A7B2F70000B7
X-Stat-Signature: b935ghsfgeugsoqg9ayq7moddtwrbeqp
X-HE-Tag: 1636582151-656969
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Series

Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand

Commit Message

Brijesh Singh Nov. 10, 2021, 10:07 p.m. UTC

The SNP_GET_DERIVED_KEY ioctl interface can be used by the SNP guest to
ask the firmware to provide a key derived from a root key. The derived
key may be used by the guest for any purposes it choose, such as a
sealing key or communicating with the external entities.

See SEV-SNP firmware spec for more information.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 Documentation/virt/coco/sevguest.rst  | 19 ++++++++++-
 drivers/virt/coco/sevguest/sevguest.c | 49 +++++++++++++++++++++++++++
 include/uapi/linux/sev-guest.h        | 24 +++++++++++++
 3 files changed, 91 insertions(+), 1 deletion(-)

Comments

Peter Gonda Nov. 18, 2021, 4:43 p.m. UTC | #1

On Wed, Nov 10, 2021 at 3:09 PM Brijesh Singh <brijesh.singh@amd.com> wrote:
>
> The SNP_GET_DERIVED_KEY ioctl interface can be used by the SNP guest to
> ask the firmware to provide a key derived from a root key. The derived
> key may be used by the guest for any purposes it choose, such as a
> sealing key or communicating with the external entities.
>
> See SEV-SNP firmware spec for more information.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  Documentation/virt/coco/sevguest.rst  | 19 ++++++++++-
>  drivers/virt/coco/sevguest/sevguest.c | 49 +++++++++++++++++++++++++++
>  include/uapi/linux/sev-guest.h        | 24 +++++++++++++
>  3 files changed, 91 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/virt/coco/sevguest.rst b/Documentation/virt/coco/sevguest.rst
> index 002c90946b8a..0bd9a65e0370 100644
> --- a/Documentation/virt/coco/sevguest.rst
> +++ b/Documentation/virt/coco/sevguest.rst
> @@ -64,10 +64,27 @@ The SNP_GET_REPORT ioctl can be used to query the attestation report from the
>  SEV-SNP firmware. The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command
>  provided by the SEV-SNP firmware to query the attestation report.
>
> -On success, the snp_report_resp.data will contains the report. The report
> +On success, the snp_report_resp.data will contain the report. The report
>  will contain the format described in the SEV-SNP specification. See the SEV-SNP
>  specification for further details.
>
> +2.2 SNP_GET_DERIVED_KEY
> +-----------------------
> +:Technology: sev-snp
> +:Type: guest ioctl
> +:Parameters (in): struct snp_derived_key_req
> +:Returns (out): struct snp_derived_key_req on success, -negative on error
> +
> +The SNP_GET_DERIVED_KEY ioctl can be used to get a key derive from a root key.

derived

> +The derived key can be used by the guest for any purpose, such as sealing keys
> +or communicating with external entities.
> +
> +The ioctl uses the SNP_GUEST_REQUEST (MSG_KEY_REQ) command provided by the
> +SEV-SNP firmware to derive the key. See SEV-SNP specification for further details
> +on the various fields passed in the key derivation request.
> +
> +On success, the snp_derived_key_resp.data will contains the derived key value. See
".data will contain the..." or ".data contains the derived key..."


> +the SEV-SNP specification for further details.
>
>  Reference
>  ---------
> diff --git a/drivers/virt/coco/sevguest/sevguest.c b/drivers/virt/coco/sevguest/sevguest.c
> index 982714c1b4ca..bece6856573e 100644
> --- a/drivers/virt/coco/sevguest/sevguest.c
> +++ b/drivers/virt/coco/sevguest/sevguest.c
> @@ -392,6 +392,52 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io
>         return rc;
>  }
>
> +static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
> +{
> +       struct snp_guest_crypto *crypto = snp_dev->crypto;
> +       struct snp_derived_key_resp resp = {0};
> +       struct snp_derived_key_req req;
> +       int rc, resp_len;
> +       u8 buf[89];

Could we document this magic number?

> +
> +       if (!arg->req_data || !arg->resp_data)
> +               return -EINVAL;
> +
> +       /* Copy the request payload from userspace */
> +       if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
> +               return -EFAULT;
> +
> +       /* Message version must be non-zero */
> +       if (!req.msg_version)
> +               return -EINVAL;
> +
> +       /*
> +        * The intermediate response buffer is used while decrypting the
> +        * response payload. Make sure that it has enough space to cover the
> +        * authtag.
> +        */
> +       resp_len = sizeof(resp.data) + crypto->a_len;
> +       if (sizeof(buf) < resp_len)
> +               return -ENOMEM;
> +
> +       /* Issue the command to get the attestation report */
> +       rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, req.msg_version,
> +                                 SNP_MSG_KEY_REQ, &req.data, sizeof(req.data), buf, resp_len,
> +                                 &arg->fw_err);
> +       if (rc)
> +               goto e_free;

Should we check the first 32 bits of |data| here since that is a
status field? If we see 16h here we could return -EINVAL, or better to
let userspace deal with that error handling?

> +
> +       /* Copy the response payload to userspace */
> +       memcpy(resp.data, buf, sizeof(resp.data));
> +       if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp)))
> +               rc = -EFAULT;
> +
> +e_free:
> +       memzero_explicit(buf, sizeof(buf));
> +       memzero_explicit(&resp, sizeof(resp));
> +       return rc;
> +}
> +
>  static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>  {
>         struct snp_guest_dev *snp_dev = to_snp_dev(file);
> @@ -417,6 +463,9 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
>         case SNP_GET_REPORT:
>                 ret = get_report(snp_dev, &input);
>                 break;
> +       case SNP_GET_DERIVED_KEY:
> +               ret = get_derived_key(snp_dev, &input);
> +               break;
>         default:
>                 break;
>         }
> diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h
> index eda7edcffda8..f6d9c136ff4d 100644
> --- a/include/uapi/linux/sev-guest.h
> +++ b/include/uapi/linux/sev-guest.h
> @@ -36,9 +36,33 @@ struct snp_guest_request_ioctl {
>         __u64 fw_err;
>  };
>
> +struct __snp_derived_key_req {
> +       __u32 root_key_select;
> +       __u32 rsvd;
> +       __u64 guest_field_select;
> +       __u32 vmpl;
> +       __u32 guest_svn;
> +       __u64 tcb_version;
> +};
> +
> +struct snp_derived_key_req {
> +       /* message version number (must be non-zero) */
> +       __u8 msg_version;
> +
> +       struct __snp_derived_key_req data;
> +};
> +
> +struct snp_derived_key_resp {
> +       /* response data, see SEV-SNP spec for the format */
> +       __u8 data[64];
> +};
> +
>  #define SNP_GUEST_REQ_IOC_TYPE 'S'
>
>  /* Get SNP attestation report */
>  #define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
>
> +/* Get a derived key from the root */
> +#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
> +
>  #endif /* __UAPI_LINUX_SEV_GUEST_H_ */
> --
> 2.25.1
>

Brijesh Singh Nov. 18, 2021, 5:43 p.m. UTC | #2

On 11/18/21 10:43 AM, Peter Gonda wrote:
...
>> +       u8 buf[89];
> 
> Could we document this magic number?
> 

Yes, I will document from where this number came.

>> +
>> +       if (!arg->req_data || !arg->resp_data)
>> +               return -EINVAL;
>> +
>> +       /* Copy the request payload from userspace */
>> +       if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
>> +               return -EFAULT;
>> +
>> +       /* Message version must be non-zero */
>> +       if (!req.msg_version)
>> +               return -EINVAL;
>> +
>> +       /*
>> +        * The intermediate response buffer is used while decrypting the
>> +        * response payload. Make sure that it has enough space to cover the
>> +        * authtag.
>> +        */
>> +       resp_len = sizeof(resp.data) + crypto->a_len;
>> +       if (sizeof(buf) < resp_len)
>> +               return -ENOMEM;
>> +
>> +       /* Issue the command to get the attestation report */
>> +       rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, req.msg_version,
>> +                                 SNP_MSG_KEY_REQ, &req.data, sizeof(req.data), buf, resp_len,
>> +                                 &arg->fw_err);
>> +       if (rc)
>> +               goto e_free;
> 
> Should we check the first 32 bits of |data| here since that is a
> status field? If we see 16h here we could return -EINVAL, or better to
> let userspace deal with that error handling?
> 

I was trying to avoid looking into a response structure to keep the 
flexibility; e.g if SNP firmware changes a response format then we don't 
need to have any changes in the driver. The userspace should be able to 
deal with it and it can check the "status" or a new field etc.

thanks

diff --git a/Documentation/virt/coco/sevguest.rst b/Documentation/virt/coco/sevguest.rst
index 002c90946b8a..0bd9a65e0370 100644
--- a/Documentation/virt/coco/sevguest.rst
+++ b/Documentation/virt/coco/sevguest.rst
@@ -64,10 +64,27 @@  The SNP_GET_REPORT ioctl can be used to query the attestation report from the
 SEV-SNP firmware. The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command
 provided by the SEV-SNP firmware to query the attestation report.
 
-On success, the snp_report_resp.data will contains the report. The report
+On success, the snp_report_resp.data will contain the report. The report
 will contain the format described in the SEV-SNP specification. See the SEV-SNP
 specification for further details.
 
+2.2 SNP_GET_DERIVED_KEY
+-----------------------
+:Technology: sev-snp
+:Type: guest ioctl
+:Parameters (in): struct snp_derived_key_req
+:Returns (out): struct snp_derived_key_req on success, -negative on error
+
+The SNP_GET_DERIVED_KEY ioctl can be used to get a key derive from a root key.
+The derived key can be used by the guest for any purpose, such as sealing keys
+or communicating with external entities.
+
+The ioctl uses the SNP_GUEST_REQUEST (MSG_KEY_REQ) command provided by the
+SEV-SNP firmware to derive the key. See SEV-SNP specification for further details
+on the various fields passed in the key derivation request.
+
+On success, the snp_derived_key_resp.data will contains the derived key value. See
+the SEV-SNP specification for further details.
 
 Reference
 ---------
diff --git a/drivers/virt/coco/sevguest/sevguest.c b/drivers/virt/coco/sevguest/sevguest.c
index 982714c1b4ca..bece6856573e 100644
--- a/drivers/virt/coco/sevguest/sevguest.c
+++ b/drivers/virt/coco/sevguest/sevguest.c
@@ -392,6 +392,52 @@  static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io
 	return rc;
 }
 
+static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
+{
+	struct snp_guest_crypto *crypto = snp_dev->crypto;
+	struct snp_derived_key_resp resp = {0};
+	struct snp_derived_key_req req;
+	int rc, resp_len;
+	u8 buf[89];
+
+	if (!arg->req_data || !arg->resp_data)
+		return -EINVAL;
+
+	/* Copy the request payload from userspace */
+	if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
+		return -EFAULT;
+
+	/* Message version must be non-zero */
+	if (!req.msg_version)
+		return -EINVAL;
+
+	/*
+	 * The intermediate response buffer is used while decrypting the
+	 * response payload. Make sure that it has enough space to cover the
+	 * authtag.
+	 */
+	resp_len = sizeof(resp.data) + crypto->a_len;
+	if (sizeof(buf) < resp_len)
+		return -ENOMEM;
+
+	/* Issue the command to get the attestation report */
+	rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, req.msg_version,
+				  SNP_MSG_KEY_REQ, &req.data, sizeof(req.data), buf, resp_len,
+				  &arg->fw_err);
+	if (rc)
+		goto e_free;
+
+	/* Copy the response payload to userspace */
+	memcpy(resp.data, buf, sizeof(resp.data));
+	if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp)))
+		rc = -EFAULT;
+
+e_free:
+	memzero_explicit(buf, sizeof(buf));
+	memzero_explicit(&resp, sizeof(resp));
+	return rc;
+}
+
 static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	struct snp_guest_dev *snp_dev = to_snp_dev(file);
@@ -417,6 +463,9 @@  static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
 	case SNP_GET_REPORT:
 		ret = get_report(snp_dev, &input);
 		break;
+	case SNP_GET_DERIVED_KEY:
+		ret = get_derived_key(snp_dev, &input);
+		break;
 	default:
 		break;
 	}
diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h
index eda7edcffda8..f6d9c136ff4d 100644
--- a/include/uapi/linux/sev-guest.h
+++ b/include/uapi/linux/sev-guest.h
@@ -36,9 +36,33 @@  struct snp_guest_request_ioctl {
 	__u64 fw_err;
 };
 
+struct __snp_derived_key_req {
+	__u32 root_key_select;
+	__u32 rsvd;
+	__u64 guest_field_select;
+	__u32 vmpl;
+	__u32 guest_svn;
+	__u64 tcb_version;
+};
+
+struct snp_derived_key_req {
+	/* message version number (must be non-zero) */
+	__u8 msg_version;
+
+	struct __snp_derived_key_req data;
+};
+
+struct snp_derived_key_resp {
+	/* response data, see SEV-SNP spec for the format */
+	__u8 data[64];
+};
+
 #define SNP_GUEST_REQ_IOC_TYPE	'S'
 
 /* Get SNP attestation report */
 #define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
 
+/* Get a derived key from the root */
+#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
+
 #endif /* __UAPI_LINUX_SEV_GUEST_H_ */

[v7,44/45] virt: sevguest: Add support to derive key

Commit Message

Comments

Patch