From patchwork Mon Oct 23 22:10:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10023285 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 76A2160245 for ; Mon, 23 Oct 2017 22:11:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6898626212 for ; Mon, 23 Oct 2017 22:11:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5C9E7284AF; Mon, 23 Oct 2017 22:11:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB0C026212 for ; Mon, 23 Oct 2017 22:11:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932204AbdJWWLA (ORCPT ); Mon, 23 Oct 2017 18:11:00 -0400 Received: from mail-by2nam01on0085.outbound.protection.outlook.com ([104.47.34.85]:42760 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751209AbdJWWK6 (ORCPT ); Mon, 23 Oct 2017 18:10:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xBBbXTNFBnBzRpt6vfh05lkPSsi9AmRZbLjcnOuZfz4=; b=N7EKhI8vXWX90jGniwdRjjtIpdjWhopRyA35kFnGs6TiUAt+TnyXlEJLHIGyNTr6wCi/7zf6+70rLU2ln3nbeIwZyF2L5JdK9ZheP7MEaVf6gOq2uZ2Id9C7v6LIKKA0ish0GkFzYNEUHAd8uoOT3rq18H8pT3HCZhGfPYH7rjg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Mon, 23 Oct 2017 22:10:54 +0000 From: Brijesh Singh To: Borislav Petkov Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command Date: Mon, 23 Oct 2017 17:10:09 -0500 Message-Id: <20171023221009.46924-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-19-brijesh.singh@amd.com> References: <20171020023413.122280-19-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR1001CA0004.namprd10.prod.outlook.com (2603:10b6:405:28::17) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5f5d3132-da2c-4ef1-0a73-08d51a62ee8d X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:MJnqi8ersBJnFoSqzqrnHx1vG1ZvD6euRfbUFXWNmzqN+V8fdWgfCuv6BTLYDfcKFFgOAFHnmfx/fKxN0KkaalWsTDUzJ39P4ULB2xudGKb9ZYHWDoYURu0Mr4BNOjHSpXhoTWb6wfUsmIdC5sagKWxTY7HUv7UpZ8TqkiUPEMb+UNMGmrbB/BGpwLIUNHWjeMNoMyhSjAE/XXAdDrHNV8JwuH1PZFRnpMQ6XOGIsuoNPyh33DNAkbM1Y0KvanHq; 25:sKRWtbKW+o8McTVDWZo7nlrvfQI+QHH0TVAYklL4ZWe7PLQFtPwoYSFrkQ1bSPdJ2jj5BgLDvHyQNUMfM4Bpz2AvQW9mKpfrMj12tWSettxvop0D2VyEGLtvq/KDZkcp9I0whg8gbk8FRt5Kl5OuViudTpPtw3x4ZVKCgvHUduNH15/GfDd94nzJwZxpFJYlxXOJQT9tvOOYc5i15kIjJfCzrBhgp12fndQdGCQOm6ugP3ZicP9xeuNJiMxSI9HdUxbRoyPdTnpt1+f5FO1xcN6P83VSX0zaKziZnzCdxVeJPaDE3Fda1we9I0lJfpGisk/zOuPGCMwvonYpOQ+pnquAmL4h14+8w1Dtavp9jp0=; 31:VDsLEgJAoqEry51683tIcMjBdoaJavt4inp+5LHM4fIj9p0ThOgdEdiFSz1t6aCBm/UUpiR4PaPe7sFHgEsLu3H4RsKp622BmNDyRHF4ovKO/xvhv/MiuTxTZQ/CiKLI/wGqQbXpXIoaXVp+2GJ2TnxIspRaSiLklcRPeasU+1+UmQdXTTxQfu2aslkDjgPqqntO2f5ZWwrDvF6/yFSFi+ru/iPRIrzSG9URIa5eyd0= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:5dQg5GcH9lNhaY+HrG7OvNo1ZABdJttq9OW5NbaCsYj8ymGUmh5tuoOB72DZGArUuVY1ZuOSr+SaUR0VbNT76EWzbeC3Pnf96BDS0SYEJ3/UAe8I1OMHag1pE1HmBGGod6Ta1i+E33McdzfKwrTlberqeb6xXBhi+ohiMvlDxSHZDvoMo/LH7wiQYz/dDx8OXsO+xtaA5ARiZVFIlw06mxEIKIdDE+r1MlwAKv5eN/PE9ArFK6a3XrnL5/GmmVtdQrHpd502nGpxv1ahGrEdZmF2bAeLvtSqjr6MQy8H9dVakIAXL7Jp6+Zx58iB7K8rhiB7j6kIJvp4RY66ycndF7FAW6mUz8HZ36QSPfhGHJwOqMYyw2U8bMve7aDPOgDa3WiTEvH4dSwYA421llNlse5XUkVZ4qApMdZ/q+e2FuVux++2y+cuOiDNWj+QV4utJaAxxL7Yw7ma3qGv+SLaH20XGPxbAQhsmXSaey/rWYZKX5UX8Ltzd+7fezR/f4Q6; 4:2j4827p0E8lGHWq0WQaTn24nC3LKjacbZQkC9aCf+93eXSWxtBOIcZJSv7UPxuRap5pU8nnsvkg1lKPPxjvtJ43ogSC9TwXgDld8icXainsrIBJbZg6FXQWiHSuuUasgKob13M6t8xX46ZA/GjJ700PcRpP3KK+xEW2euWlESgbOc8Q+DZnjJsc8pRZZMmBp1puatThA3qqMUn3IazmgtGNFgYAK5PqzPT4LVAA8XeX+kESj442PIIlUO7gUf11VcSv+qExhraDZEwOVpti5Mk4d5A97ttlyvBHpeidBKGqghBwo1ShjMM1gpGIT6u+kCz8LUlMk/HBFI1uHSssd6w== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3002001)(3231020)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123558100)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR12MB0155; X-Forefront-PRVS: 046985391D X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(199003)(189002)(105586002)(2870700001)(33646002)(106356001)(54906003)(1076002)(53936002)(53416004)(7736002)(8936002)(50986999)(6486002)(6116002)(4326008)(8676002)(3846002)(81166006)(101416001)(23676002)(16526018)(47776003)(81156014)(76176999)(97736004)(305945005)(36756003)(6666003)(2950100002)(50226002)(6916009)(66066001)(2906002)(5660300001)(86362001)(25786009)(478600001)(68736007)(50466002)(316002)(189998001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOndyZkRacVNyWVBWVG84R0VOUksvalpiN2Jn?= =?utf-8?B?aHArOU1VRHB5UjFNckQwVmVDTlhYcmxDT0xXQzdhY0o2Tytnc0J2Nmc2U3Ix?= =?utf-8?B?aG9JK3F3ei9HK2Fza2dzNm5QN0JKQVJEWEY1K2svVjB4bXQrT1d1WHQ3WXB2?= =?utf-8?B?YzNzczRoU3ZQcmZUWkxqWnNpTUcyMHhhL00waFkvN3c0dGptTzBDZXJGYkRl?= =?utf-8?B?Q1F2N2lCaFhNUVY2THA0bERpRXJhZFB6UnEzODdLNkpxQVZWbTNmaG4xUXpN?= =?utf-8?B?bHJrYnhTZWZDWDh5cHlYa005dVVxcE5vMXNpbEhZOEJZK1ZEMzQ5KzJWbmRZ?= =?utf-8?B?WTlWZ0JBYU1RaXp6a2dYRDEzMnk4UzlBai9HUkRTbTZYRHdKWDcxS0ptU3RO?= =?utf-8?B?WmpKMkFoMk1LUjNzTEhlRDFyVk5oSEJBUlBvR0g5eWM3VkwrbWNVcGh1YjYr?= =?utf-8?B?ZndRTWo5bU5uR09VN1g3ZHRJMDJxZlFPMUdEUElVdEl6dFdCM1ZFWElqU0tI?= =?utf-8?B?MmUyKzZyTzVXMGNDRmhHTkNRd2xnKzc5TVMzTXpORWh3V0F0aldNQ3FzNWg4?= =?utf-8?B?R2FCRTkvNkcxb3dhMUlrd21oaFdXR3VsMDNyb25PcTRFRnBxZEczUTNSMEVN?= =?utf-8?B?T0N4bytzTmVVQVBjS2tWRDhhdHFsTENDNkZDZTJhYTRoOVlIZk0rdEdhbmtz?= =?utf-8?B?alE2M1I1UktXajVhbWJNeXVkVkVQeDRYQ2xrV3E4VEFpMHl4dnY3S1hMNlF5?= =?utf-8?B?elVMczM5M3JYRTVnKzBMSkVWUitmT1J1MG5Ed1NRMENSUVRERUl5OHY0Z3Zv?= =?utf-8?B?c0hrdXd3NUVvaCtKSmhQZi94Zm80aWhzaDQySkdqUmJ3bWZNUkd1UHRSbXdO?= =?utf-8?B?bWwrUUd5SmMxSjU0WTVSMzRsV1MwNFVhSjQycTlyZitQejdSbllBeXVuQVV6?= =?utf-8?B?OUljVGtZQ3pGZDNaWHUzVE9OM2o2SkxNZmFCN1NvNngyY1ZvRzZpRUltVTlH?= =?utf-8?B?ZlBoMVFSVmNxZWJzT09McFdVQm9sL01zUDJ6Uk5tMTNlamtWTGVjWmtONEhE?= =?utf-8?B?ZFViMkV0eWozQ1ZkUlNXTXFKcWsvN0w0Qk9Vanp5cFFBTllYcnI3MEJocDVR?= =?utf-8?B?bGRkRnNXV3lBOXJEbFNSOWF0bkF5SFhQV1BoWDVTdTB5Tld5MUJyc042OGhu?= =?utf-8?B?aU02ejVTZ0VwTEVNZk9OV2N0bUR0WXVMS1RMajVZcndJWjBUSDBsdElqdWFC?= =?utf-8?B?T1ZEVHpyN2YrNUttVDRUU3F1bldyTGIrSW1UaGJUL01kV2ZSRk9nUE1FeGlQ?= =?utf-8?B?YjRnVjM4Y1A4OHVXZ2FBUlBMRzlnN2J5aTBVQkJldTFLY1ZBN0hOR25ZZWM0?= =?utf-8?B?aXcySGxZK0FsQnZ2TnJaY01JSi9zSjEyNVhHWmV4WGFaZU95TmViMm5VQktF?= =?utf-8?Q?oELPsk=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:d91X7ZHm/izl2tmltCF6lbAIc8dhq+KtstUlQWMkouG/CLXWgqdx2OD55Vl+yOu1pbADUvvhl6xpIGsjHNunjlnmC7A1QX+icOsenYZj82y+v77XHJs0mUFRCOD2gmCQiMbgBgqOzsSYmjzbLCPuUVWl1NHyLu0vbNiT0F5vT4MDVuC53P90XMLODeOyL/5FnL+37SA8W/pz0oP9VHmEyuQtm2R69c3MuaDJ0faGqIy1LyqzBjnHcqxMyu+338XU94oNUSmppVu9/zPgz3+TnnWpXdXNhRPmnzuAqP/ekAPjZi6Ke2iOFpiyh2B3TYLv75TCbswk/EOCrHFe+VSTBA==; 5:l12PwTpidK0vjAFEn5G9l+4S8Yn0tSGCCusFcG1jnR/vsHYJYtbnKZC4AsXKSuqw4EV6pGVufxSvqO3K6um6IM4FJTVfMZ82bHOcCaRpTa+VX9Zrc+1cLzJxkk/4Fs2CJKi8Ig7Jj37NMCFEI3C+7A==; 24:gVVPQGJpRSnLBrz97r6y+QoV9/lvWf6KBFsmDie9pZFFuZ5aidF4lUMfHhLT1b7/48j/Em341Uo2F0Lpz2bDRjNIOX9IACiCK/9nnyJZpAA=; 7:IwyKXk+o5lQ/wqgu92nEBMgFAosaykyAC7JAngz0u+c1OuD5Ql21b85GLb59yK1yOaij8uM6urhKeb54Om3nRNISKE3URishu39l1tWqeHptOWRB9lo1ws5Y/cdgNSLgUWBndjQCVoH4LKMsBmlJfbIB4y5RJNM2aBIgCPeJK1utRNxgv21DNLxXHsjRR8HqzFQhUv+2BMpmKsEVhHFF6R/qQzK6TzdzAftLhTSxtcY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:IiA9CCkKD1w7qC9Oe79I1eskVss9BTqhJT/yfdc9ynEA4EZJrdGdTGWUZx9doeCoS6EgKGM4Rb/s8iMcVoIGOy989ou1N6GdLml9JFaTb+fzPfOKL5PQtoJ7aNb7vdzfO2TxyMBB3S+eAlzTXujRy5v6vZS32o49zWUIoveBOC1y99n4FxrFq8lgIUO5VbzvmAD6lF85xFiNHvkcEnUqc3dwfxgLyReipGyrraHidZoFRon1oWVLyGoYjgMtCXo0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 22:10:54.3818 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5f5d3132-da2c-4ef1-0a73-08d51a62ee8d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- Changes since v6: * when sev_do_cmd() and sev_platform_shutdown() fails then propogate the error status code from sev_do_cmd() because it can give us much better reason for the failure. drivers/crypto/ccp/psp-dev.c | 81 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 3672435150cf..aaf1c5cf821d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_csr input; + struct sev_data_pek_csr *data; + void *blob = NULL; + int ret, err; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query CSR length */ + if (!input.address || !input.length) + goto cmd; + + /* allocate a physically contiguous buffer to store the CSR blob */ + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } + + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; + } + + data->address = __psp_pa(blob); + data->len = input.length; + +cmd: + ret = sev_platform_init(NULL, &argp->error); + if (ret) + goto e_free_blob; + + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + + /* + * If we query the CSR length, FW responded with expected data + */ + input.length = data->len; + + if (sev_platform_shutdown(&err)) { + /* + * If both sev_do_cmd() and sev_platform_shutdown() commands + * failed then propogate the error code from the sev_do_cmd() + * because it contains a useful status code for the command + * failure. + */ + if (ret) + goto e_free_blob; + + ret = -EIO; + argp->error = err; + goto e_free_blob; + } + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_blob; + } + + if (blob) { + if (copy_to_user((void __user *)input.address, blob, input.length)) + ret = -EFAULT; + } + +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PDH_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input); break; + case SEV_PEK_CSR: + ret = sev_ioctl_do_pek_csr(&input); + break; default: ret = -EINVAL; goto out;