From patchwork Mon Oct 23 22:14:00 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10023297
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1D1C860245 for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:14:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DC7828614
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:14:50 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id F37F928695; Mon, 23 Oct 2017 22:14:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5129228614
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:14:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932296AbdJWWOW (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Mon, 23 Oct 2017 18:14:22 -0400
Received: from mail-by2nam03on0079.outbound.protection.outlook.com
	([104.47.42.79]:17793
	"EHLO NAM03-BY2-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1751266AbdJWWOR (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 23 Oct 2017 18:14:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=QQnLb2yiIBGYOa0N24Ku1F5nsiv54MJF1RBwYuX1cLE=;
	b=PYfBdNGaoO/i8+fm1yaPmQf5s4+sXX7vU5oVNbWcNz5vF54YuWLFeQvqRBokWzB8EDoK/+86OfZSEa3GbGTXyl3WZp8CFFWTcNCzK5c2cG2wxkxi/MWMgXmAt8JUKyM/EboA42kAhZEXtnH328cJQm87Nt8w9GwRPAYdq6mMbcw=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from ubuntu-010236106000.amd.com (165.204.78.1) by
	CY1PR12MB0151.namprd12.prod.outlook.com (10.161.173.21) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.156.4; Mon, 23 Oct 2017 22:14:13 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Borislav Petkov <bp@suse.de>, Herbert Xu <herbert@gondor.apana.org.au>,
	Gary Hook <gary.hook@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [Part2 PATCH v6.1 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT
	ioctl command
Date: Mon, 23 Oct 2017 17:14:00 -0500
Message-Id: <20171023221400.47047-1-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171020023413.122280-20-brijesh.singh@amd.com>
References: <20171020023413.122280-20-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: MWHPR15CA0032.namprd15.prod.outlook.com (10.173.226.146)
	To CY1PR12MB0151.namprd12.prod.outlook.com (10.161.173.21)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 83a4e3fa-7814-45fa-8b4c-08d51a636522
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199);
	SRVR:CY1PR12MB0151;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0151;
	3:rT28ixWqLlqXoyIvxzkATxghO7ldlgxguX6jMTUZrNZ7/8pIf6/+pfQoABuUEsZglapfFlJF9UYjxhVMgLq/LA5Bd+bhxDoddoK36aEwGkNnCN3JfoV+MA298BQ9VWDmVMyUQypa1hM2L5RpFMZsZ6fEj5yR0Xb6mWuSU1BArpdnbDd6hY26+xRfT12IrFyssaIv2aD7vwmcPmk2AV2ZPKixyNR+onLJmcsTmfN8VGsUuvFagyl6Q6hS8zwav/v9;
	25:HHQi4Jq46rm9zGDokH1JdwBjCM77KhmLHoofVpHbeYinCPx1wu9/vsTIjMNJZh5fJVlhhQfwRT85DaPrYqUQWA2eWT+1zp/Tp7vW7+l98Y2R93FgcU6ZKvRWQrw6ghwDNpSRQyZQw/4Ts//p7SbfPP8ZcRlntqzFuvcP6EyPPHZp83w9f0YaQksPcjXtVOd7+wZATHBrllpxlHyzCTVPR1XUDgOqRKoAV8fUg1yyM4dt479+raEvj63SLP8YQYTTUHuO5tIgDaPIAaHJfQ7h+zypk7wvmi4fqhe6+kyllBsJetlAh/QF4NHVPXKUjKO4fOfuQT41oNkg16w4o8FBtLRA1aEg7awMrVKYPwavQF8=;
	31:kOb4N0WYKopTix2cOoOaHg2AFvnCWavItyZbILpLs0/sydDdHAPYmU8753K191c/6KQmm3rkNlUcQNym94jKIi0q0FJXe9BDKQiT8BeYF52WSru+VuR0EuOIID7NT9b8FKwaefSQwMroqNL51FqNStKD7mEzjBHNMNvWe+pd4FHOnuuRnafrTx5QOx9QvQnFb4QnehC5RWksvQ8bfYMC85EmNgoFmh4C+lk4Jad7zrQ=
X-MS-TrafficTypeDiagnostic: CY1PR12MB0151:
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0151;
	20:Q0ORZxtWY+QzHlpv0yrPEF9uYpw29lVJzfCEJFZApUMq/gLwc0pe/Xn2vDqtVsc5Ume2yWyZ1wNmWP/ApYFUw4ya2YbK5gpL0zobWrLYyHfhusY4R+Xq7lnFzt5k4vZmTlyitRR8HUwbt/vMAdIVwip/AK50Mt4CstHJDDqofBavpaRamzgZtFV3H+MQxVZzbd+W9tbSbDPEXU39HyWgyI5jSOl1rY3w6vVa/W/hqoKlVNAylsPfewrDLpjy93sqmJeezAs+0eyN16WP6bzX1q5fP9GF+Pmath9Q8fm+87v0wQWzvlPuk2Hzfv/HkYnEJPkp9VEsbJXOSDvmJ50Uhv27jrTrhNYVHbmKpamyMn9OgL0/AQ+QUqf0Z3bspD4ILU58i8n4ve/9Q7/GLFobRJ/K/LsgAYmYEWUqTLlbV9388YU4+2+z9van+8iZWlZWMrURr0k+9t5D6AoXWMbMWv7GduTMXT3U6DIfFARiiDc4dipoV9tPGKaGQdoDEy8P;
	4:2FVf7+eRKwAiy6rWNZrTnS42eeRtE1VduM30EBAo7wlEOQ83xEBxp1ighMAA2CJ2mzbSr3k2mhek9jkoiuqQC9YoDHajnB/wSHChXi19JStY7PBcIYORilDlwixXPTNU11T2wTD19O48hTby8NKNgh/GuDNGCgbrX6uvTIJm6VOTaU+KYwRQKc3INyxW8oQq+pQj1d4LuPHHPmMSKMNACRUUgQiug/5ixNPkGH0yODeS2iV5njKbGTEVF2Uws9NH+793a8OVDyqj64lkTnwPGLJDNBB9aGCNJQ57xF4fboU741380TL0E7mANSyMEkTWmdheXY6caotV6DivI5xHKA==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: 
 <CY1PR12MB0151FC463CDB5015D89397D6E5460@CY1PR12MB0151.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3231020)(3002001)(6055026)(6041248)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:CY1PR12MB0151; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:CY1PR12MB0151;
X-Forefront-PRVS: 046985391D
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(376002)(39860400002)(346002)(199003)(189002)(101416001)(305945005)(23676002)(36756003)(3846002)(6116002)(68736007)(8676002)(6486002)(53936002)(4326008)(97736004)(86362001)(50466002)(5660300001)(316002)(2906002)(106356001)(50986999)(7736002)(16526018)(53416004)(478600001)(2870700001)(105586002)(81156014)(81166006)(6666003)(8936002)(50226002)(76176999)(2950100002)(54906003)(1076002)(6916009)(47776003)(66066001)(25786009)(33646002)(189998001);
	DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0151;
	H:ubuntu-010236106000.amd.com; FPR:; SPF:None;
	PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtDWTFQUjEyTUIwMTUxOzIzOkRkL2dqUVNJeFA3TEJwVmRCMGplN2xqTVBj?=
	=?utf-8?B?cnpoVldwcC9YWmFldVJiSE9zL0xLem1Cdkd3VmN3dDR6d3A2NnY5MXVOandN?=
	=?utf-8?B?NWt3bnlhNlVadkhOTTN5bGV6d3F4M3EyZHdIZC9HTlRYR0dGU1JHUUltc2hG?=
	=?utf-8?B?WXAwc3piY3hRQzRJVlRGSWxvUUFoTEx5dDB0UzBtdjJJTTBwWWduWU9Ib1JR?=
	=?utf-8?B?Z01abFdwaldoeGNyWUszNG4wUFhaS3JKZHAwNHR0dHp3NDBDblplQTZLd1Fy?=
	=?utf-8?B?U2dGS3drMWlqbnVWRE1hK055Smxld0dLeW9qTWh3OFZLVzZtSko4RlpSVjJr?=
	=?utf-8?B?djV3K3ZycWo3a1hKak1kZkVYZG9QeDJaaUV5cUx4S3Q4aUJPOXZXcG5zUzcr?=
	=?utf-8?B?QVFiUTNRa3JtSUg4c2xIYXFyc1RpanQxa0FNcUd1eldiSFlmbEh5bXZTalNp?=
	=?utf-8?B?ZE1zeUg5Q3R3K2M1eTh5L3Q1dGFZQjFZek9USFV4SEdxT2NDQk1weXowdllB?=
	=?utf-8?B?cDFNSFRvZGkzVE5GaEQ0czJWcUVHUlV4R25oOEY2M2ttb1lhUjhYTEpmSitk?=
	=?utf-8?B?SXM2UWdJZ2J0dm1ieG1ZRmhNMHZJUVlFUDNYSjIzOEtlRkZjTlZWRWw3YnFO?=
	=?utf-8?B?Mi9SUXlTQ3VZT1U2RVkxY1V6cGZYK3lXVEtjMnZMcWpjUlNUc0RTdDFicktu?=
	=?utf-8?B?TlpCY0ZRQWZaeVBEN29EUFpIZmdJem9MWHRCZDdtZnh5V2N5MXlKd3Y5MFFo?=
	=?utf-8?B?Wnd0d1FHSUltSU1tSzRqTlFGbGI4aUJNQWx1TnNCaDM1dmxvRTFRWlVwV2s2?=
	=?utf-8?B?a2Z1aVlvK08yeVhmUzg2MEVOOVNLWXFhMlRVOWlscnFVSDZ3dmNZQUY1Q0V4?=
	=?utf-8?B?Ui9yYmM0NlVJZjRSVEpYbWRrVzBYOWdZNFFYQU96cWtYdlJLMFlHenFSaEF6?=
	=?utf-8?B?Z0N1S21JZ3FnN3E2MEVHTStmVzJXV1E3dEpPMTR6TDJCWmRMbHYxY3JsY2pj?=
	=?utf-8?B?bG1Obm5EYzV5VUY2Q3U3Tkp6VjQwVkZUbDRNRHkrRUw3NzhIMStEQlV5dWg2?=
	=?utf-8?B?cjA3NUQ4YlJNYnZMclZ5RGNyUlVja3JMUU9BaXBhWTV2SDJSRE1qeWZPdXM2?=
	=?utf-8?B?VytYRHNSOUFSL1lGQmtOTUtmR04rTFUzMTJxcG5zQ3A4U1ZTeGUwOUZ2bmRG?=
	=?utf-8?B?YUpkZG43bFo4TzVhMnhUOXZzaTg4dW1uWlRFa2NUZHdBMnNFK3NFcmFUQktL?=
	=?utf-8?B?cFBZcGFxbWxuVFlTMzZ5anpWWDBGRlZBVnZNTnR6cHJXdEtEOGFXWi9RcEFV?=
	=?utf-8?B?ZEJsK2FjV005b0Fac2t0R1JLYWJYMmZkLzF4ZldLOTFkS1BZZG9JcmdxSm1p?=
	=?utf-8?B?QVNXQXA0YXlJY3RYQzhseWNaT1lhV21ORFpPQ3NXaTk1K3loemRGNFBqaVRw?=
	=?utf-8?Q?jNYbKAM18NJ6hZQGC/el2D4RqC/?=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0151;
	6:X2qgwdkOE9zqdnQSVpf43+FjPPYnpFwSH309Qjs43yXEgR7xf2z6l1gT5iQOTJV0GEgxq30TIp2SejersgHhxe0biD8abIu4gQtI9Hmni879yPo6FwClQHlRHsISFMFzxnSyV1SbHI49L39D8HV+V2oCYEEY2PA8o37EKzauVoC4wt6lqYDoatZwK/zT1UtrP4GxjicdeS1Ydgi7D1v0z1YsZh3NWPV2R163J9Wx7/+eQrceTvh3ASbag4UKsaIM0xdSIGs/XMeHpegirmIzcSq/U1K1rUSuLyM+5FR7EWH8RkjKOMES71yo2ek0wzXKRxOxKj6GI8mL0cLF+580PA==;
	5:6aXGT77e7unpyPaIiqUiEb/LNc9NV+xvwjuK/ApK/i7K/c5mIxC8dLESp5ZZJEBw/6sxWcn14R/BOtOAcw9xknw24UxCF2SVz5dSXWASqWKXUcX/JKj17Wil/TMOnZls/vMaXQE8/zwbmc7UUbkkUw==;
	24:r2NUtwRBaYUeUDvVeE4SASGooabc3wzGDBcFM6nEiGi/ocxK+LvUzqgcaG4pCLgT4BW2J1qLRj/2etVDGgRpzAh0BhbaMRAA7qKbnCMW5Mo=;
	7:CD4AQG6KF0KuoGYLQw34pafQaAnvdqb/nU6lCUlFIExf9anjylvOiJyRj1pwYvZFicIr7cNo6kuYm4FANXw0qkPIT1XHqwVq5qL3JbfVrmN0DMFIZEFRIR8ZSQXk6ZZALZhJDezo9x7i7qZdrZ82CZ853T+KsBUa4NZR6KIezEMtCgEKXcsJ7Wt377v0jW77XUk7aMgXYzGdgENf0Y2gpOkD2Qvsici3ed9XkU2SmlQ=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0151;
	20:CDSt9qwm78UuwKI4pL83/aRZqPe4BPye32b/g0RriX1p41GgIUlxMUkuDK2aEEwVeW2nyp5JGCBWQqD50e7kgzZwRTMQmjZw21G6wc4qr1vXV6Byibkw7ss3zbxdoXCN3FDCoqYmPHuwPJf52bjne2ABLCKinkq39GvhftPU/OmuONgVIKtA5SECIsufyTTYghVyJL24HWGgPpBN/DEeSfEE7IPfgynSKJnSeL/pcr5BtNrPBv01/CLN2E8ehalT
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 22:14:13.2077
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 83a4e3fa-7814-45fa-8b4c-08d51a636522
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0151
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
---

Changes since v6:
 * when sev_do_cmd() and sev_platform_shutdown() fails then propogate
   the error status code from sev_do_cmd() because it can give us
   much better reason for the failure.

 drivers/crypto/ccp/psp-dev.c | 92 ++++++++++++++++++++++++++++++++++++++++++++
 include/linux/psp-sev.h      |  4 ++
 2 files changed, 96 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index aaf1c5cf821d..108fc06bcdb3 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -301,6 +301,95 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
 	return ret;
 }
 
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+	void *data;
+
+	if (!uaddr || !len)
+		return ERR_PTR(-EINVAL);
+
+	/* verify that blob length does not exceed our limit */
+	if (len > SEV_FW_BLOB_MAX_SIZE)
+		return ERR_PTR(-EINVAL);
+
+	data = kmalloc(len, GFP_KERNEL);
+	if (!data)
+		return ERR_PTR(-ENOMEM);
+
+	if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+		goto e_free;
+
+	return data;
+
+e_free:
+	kfree(data);
+	return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp)
+{
+	struct sev_user_data_pek_cert_import input;
+	struct sev_data_pek_cert_import *data;
+	void *pek_blob, *oca_blob;
+	int ret, err;
+
+	if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+		return -EFAULT;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	/* copy PEK certificate blobs from userspace */
+	pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
+	if (IS_ERR(pek_blob)) {
+		ret = PTR_ERR(pek_blob);
+		goto e_free;
+	}
+
+	data->pek_cert_address = __psp_pa(pek_blob);
+	data->pek_cert_len = input.pek_cert_len;
+
+	/* copy PEK certificate blobs from userspace */
+	oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
+	if (IS_ERR(oca_blob)) {
+		ret = PTR_ERR(oca_blob);
+		goto e_free_pek;
+	}
+
+	data->oca_cert_address = __psp_pa(oca_blob);
+	data->oca_cert_len = input.oca_cert_len;
+
+	ret = sev_platform_init(NULL, &argp->error);
+	if (ret)
+		goto e_free_oca;
+
+	ret = sev_do_cmd(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
+
+	if (sev_platform_shutdown(&err)) {
+		/*
+		 * If both sev_do_cmd() and sev_platform_shutdown() commands
+		 * failed then propogate the error code from the sev_do_cmd()
+		 * because it contains a useful status code for the command
+		 * failure.
+		 */
+		if (ret)
+			goto e_free_oca;
+
+		ret = -EIO;
+		argp->error = err;
+	}
+
+e_free_oca:
+	kfree(oca_blob);
+e_free_pek:
+	kfree(pek_blob);
+e_free:
+	kfree(data);
+	return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	void __user *argp = (void __user *)arg;
@@ -333,6 +422,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	case SEV_PEK_CSR:
 		ret = sev_ioctl_do_pek_csr(&input);
 		break;
+	case SEV_PEK_CERT_IMPORT:
+		ret = sev_ioctl_do_pek_cert_import(&input);
+		break;
 	default:
 		ret = -EINVAL;
 		goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index eac850a97610..d535153ca82d 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -620,6 +620,8 @@ int sev_guest_df_flush(int *error);
  */
 int sev_guest_decommission(struct sev_data_decommission *data, int *error);
 
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
 #else	/* !CONFIG_CRYPTO_DEV_SP_PSP */
 
 static inline int
@@ -648,6 +650,8 @@ sev_issue_cmd_external_user(struct file *filep,
 	return -ENODEV;
 }
 
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); }
+
 #endif	/* CONFIG_CRYPTO_DEV_SP_PSP */
 
 #endif	/* __PSP_SEV_H__ */