From patchwork Sat Oct 7 01:06:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9990993 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C5F9C60244 for ; Sat, 7 Oct 2017 01:06:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B76FA28B20 for ; Sat, 7 Oct 2017 01:06:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AC13828DAF; Sat, 7 Oct 2017 01:06:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 24FF428B20 for ; Sat, 7 Oct 2017 01:06:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753136AbdJGBGh (ORCPT ); Fri, 6 Oct 2017 21:06:37 -0400 Received: from mail-sn1nam01on0081.outbound.protection.outlook.com ([104.47.32.81]:49120 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753137AbdJGBGa (ORCPT ); Fri, 6 Oct 2017 21:06:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=retqzzHnxQnJLcH4o94XZg1qNGk3yEjXiWtLmUN+jVU=; b=174Ek2E8G2Gjb/UkirG9xR2wwM9OQ1D6YUHAs7Qocz6CmK37f+P6q211KQZUD4hGun9jN7UYQmhXC9IrVx0YUAfLUR07U2c1iaCxSSbol24gaWrnZoLCmJhyqMwbrUFiDhD4/9c69sgOwk3bLipNz15tBsm9iue48EWtRbh/h4k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sat, 7 Oct 2017 01:06:22 +0000 From: Brijesh Singh To: bp@suse.de Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command Date: Fri, 6 Oct 2017 20:06:05 -0500 Message-Id: <20171007010607.78088-7-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171007010607.78088-1-brijesh.singh@amd.com> References: <20171004131412.13038-13-brijesh.singh@amd.com> <20171007010607.78088-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0085.namprd12.prod.outlook.com (10.161.151.157) To CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f3c28ab7-ad7d-45da-cb17-08d50d1fa0dc X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY1PR12MB0150; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 3:A14w1R72IS+1zn6a1aek3lOKk8NwUcKdubDLF/jhAnRMLSu2ppocCOnDMA457wXhOsa3a0fmpO3rJMCCEMCsT7VcygFW5u2Gy6RpPXzTt/96s8aPWA5x30H4+MvdJ6XqP0XNfIEuwPPRauuPq0ZGAIX0uwcpYpvV6kS8IodFwiH5r7eTqcXvhtLHHz/lfoQNjWcWNcpRf23AOSMk3yro4sn7fjP9ZYONrNKvnKDzTbgpHRwjMCIpKnpIk5IxBgaL; 25:VTcSDrEHGjCuXemKltdZVIuu3Dhn67u8DeInLRthjQhj+GFCCkOS05qUuHWL1IYkCHPHQkTywfnVfr5L1bbc92cnwkjuN0BwaI5YoA+JcTQotl/dbi5z4P8GSZxDCwM7ZV78KuXeIuZnJT4PDS8tCTHp9fZXNBDSX69WyYEA3sLc0mX0G66VtP1cjkcZwYJ6uQUeRFTCCzqHzrJg/k34GCrVq22UueNNng++S7vcUODSydo8dltIsUEHouxUIDkYaxoAoO3A18fpm5CK6G3acDAxSeQvRdLK2Td/+TU7qKoFxGm6wWJdzsEK7qD1yiG5Ew34SFRJ5s0l07VbTNovHw==; 31:wpNXBjdnb6/w/09AUDRTKOTCQI++tQ4jSmzcgYzN+NUwawzmbsnWy5m38fq8PPHHPm+aAosY7kY4ORE1jcg2ouzxbyD7iWNi87GlklwBCRrqZ6lXqzHtU+N6BWDZyRDiKgTTIw7C8NdAO34Ma+iEm28jfWAuWrxjRYDCPghIpo1WRVKaXcrSQ1ny1MmgNm57+31/biP4nAkvBBtt+RjYwQ6OMjgPZNYjPc4eSttidMQ= X-MS-TrafficTypeDiagnostic: CY1PR12MB0150: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:VdGjIsoHsyfH2T15QSw/y2/q0FDpwnEG3ZLbqGpwrwH9LC+txRRjM+9i5IgIkDah/QOc99Tn+u+n0Grk7daTkk9jxsfh15f083FFkJx3eASIeM8dGeM/x3Sh9lOKsSQGewmxan6Df02cQH1vrFRtTGhUaf85oG2Tp2woX2i277Tk3mv2AvyrgwGdaTERjddnz+OzVGizywBlA4/KayS545933/wrJ7npG0F3lWjt+A89B2eKUBYMLqUhXbGM3ntThoVUtjQcuFHBOFbAMAbVZCBZ4eE5oEgg8dbj6xE3BFrqF0yyU+hD2koazC2OE+eqxfhWM7V52g1H4xgYHrP5BgUvAnQKBOndv/UxEqyPRH9QjEfFETjXVNpnJTfXzcno5HFVx4b+LQ9r67+nA7KjPJnamAlYIddaIOlQ28KfUHNcYM3gCy9d//DsSpKTvgxHY2bM1UKAyfIqcfdGw+4kmI+p0Lsl6TZuAwHjN9HH7LVZKTcpZwdtJc4X3qWwAbL0; 4:E///i+U5rWOU79HbEsrB61prZXLuUttUfxpQfFMvYfQAJMVSzfjKu6ev6CRJT2HF/ivjajkc88V+neKI3Okku9m7Bw+QayvflvUN9nXfjT/PMJtntdmyIvZ04faGvxa6Mbl/Ge3DpWVJ2YLvWVpUr79ZOH5CL7PDcH4o7R1P7waYtV04r8/q/6+dpjm8utkGWd9Cr7Mwc/2kQOLcADl/jl3zWvLpjIPg87wKk3Ngcqto2WiwZDQI9k5KpV4maMUFFCzY7+qGQsIAiS65IeOlF7C1CCE+Yir3T/Q+Fe5cVYefnlA8brqBXqE3xJBWeNTNxUONjhHhYDJRqoJlaEquAQ== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123558100)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR12MB0150; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR12MB0150; X-Forefront-PRVS: 045315E1EE X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(5423002)(199003)(189002)(6916009)(53936002)(316002)(50466002)(36756003)(6486002)(25786009)(4326008)(2351001)(16526018)(478600001)(5660300001)(2870700001)(2361001)(2906002)(47776003)(54906003)(53416004)(6666003)(86362001)(76176999)(6116002)(106356001)(3846002)(105586002)(66066001)(81156014)(50226002)(68736007)(101416001)(8676002)(97736004)(305945005)(1076002)(33646002)(23676002)(50986999)(8936002)(189998001)(2950100002)(7736002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0150; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTUwOzIzOjE0cWRNeU9KTU1XdzM3TktGaWVUblpCQXdR?= =?utf-8?B?V1lYRmkxRVdhYWdqc054dFpyOW9YM3pWMFJKWmJ2WHVET3FGRE5hcmh0ZnFI?= =?utf-8?B?YzdIK25FWDc3L2FybzBUcVRXTVhzTDVNSFYxLzFuL0ZiY2I5U1AzTURhSWhw?= =?utf-8?B?QWh2M0JvRjZ3dVAyamh3c1RidzVIZjhKY2E0a3lUVzc4RldIVTl6UVg5b1Bu?= =?utf-8?B?VVJpdWhPMmdqbGZQTXAzUzU1RjVURk43RjlrUjNNKytGZW1ZWHNiR1RjMkZy?= =?utf-8?B?cnpIWUNMNHZzL2ptNm9YaVFpaWxpN3BTdlYvb1ZBVUZDVkNjWldkM3BJRmxh?= =?utf-8?B?WklyQzdNMU84YkxCSCtlQVhhUFE3M1ZzeGRIa3ZxVVZ1eS9Fa0JQNTZVL1F2?= =?utf-8?B?dkRqOE5pNnBiTE92b2NFNExvVW5wWTh6NE42dGtTMGxoYVJrNm1yaVNXWW9B?= =?utf-8?B?eHpDQlRLRURVV1oyTDB6bDN1dm42OU5qSlQ1RVR3WTl5Um9mZEF1TVQ2VGpK?= =?utf-8?B?OS9aNzR2RDV2RTV0WXZvUjZuRmdCYUo0TVJiYmNabEJveVBycWJMMG5hNGVH?= =?utf-8?B?d1AwNXpKclNZTWhCcXB2TnkvcUt6Z2l5bE9xcmVkS2IyOWR6RDNiS0txNFdu?= =?utf-8?B?Y05QUXU2TysyMTNNYlpHRHJkM0YzUHVzZitEaDh1enhWMC94TzkzZHdKckVB?= =?utf-8?B?Zi9ycjMrQUNOWmFqWVpOeWlDbllhdytTbW5HemRBUERtc2lpRUQ1cmFBcTNi?= =?utf-8?B?Ti9RdW9yOEdFdTJ3VzN1Q2xTd0ljb1VKVEtMak9UeHNTdTBpY0wrQXJWU0F1?= =?utf-8?B?NFhUaHE2WThCRmNlYWtsanNaRWhwQXR1bVA0aGpJUWNhREJvYzhieWd4VjU2?= =?utf-8?B?Ri9wM29BTXMxKzJlS0dEUU9KNDU3bnRySG9Nd21kOUp3ckxheWFhTytTdHJ0?= =?utf-8?B?VFlaKzJPTHVSS3ZYZDR6YzF0WllpYmJXcmYrL0dzQ1dFSVVTck5RaWpDWlRT?= =?utf-8?B?M0ZYSHNWK3JYTldRUStBVWFxZkRPaXZXZWN0em0wa2FtVXBGNkcxcnhxUlBq?= =?utf-8?B?WlFDeVd4ZkkwN2xrQzNHUXVoWnVBZ3pHK0ZXLzQ2VmUvOFo1VnY4RFF2NDRX?= =?utf-8?B?MTNKaHlVRE9ZVFBPTWsxRnE3eXgrZlBuMEVGN3VQbVZadEFiZmNzbFNFeksr?= =?utf-8?B?UzY5VlF0SGduNWNaa3BRb2F0RWo5RTJCQ0QzS3hMUnd0dG1la05CM0E3WW5T?= =?utf-8?B?dmlkV2VZSXlSclJCSlVNV2liQW4xbWRpeDhkeFA5NGQ4bkF1dkhsZkh5cXpH?= =?utf-8?B?RWZNWkxUS09uOGcwMmQ4SnNwbi9KS0F5djFoclFHVkZHejdUdG5US0F5eTNp?= =?utf-8?B?UERrMnZMYXArRC9DUVQveHJ0SkRkNXh1dno4aGxIRDg0TGh2NTNuVnkwS0Y3?= =?utf-8?B?bGVMbkdXbU1YNjRWcEhMV2ovMVY3NGhvcTVTeE40RG9OWm9nVjVtYVk3Z3Np?= =?utf-8?Q?HJIkZpgz5Fjqgx6ZAoMOuiqTI=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 6:de13hDbgwsBNf052D+SZB/ETNiZiJl4ovAUPhiZyu7Z6/Sh6weE0J8eLLK+dv6GkKxBwfInLQU0QI/LZRqVbhRuv1VoLQUZaIKujuOysnJcbbrpAzFE3YwC+HM5kiei5Sy2HTFpg+GgAEL6Z5gn+WHP4slws3E53I29aJIGeTDfgps5wd3ScXYhp5TkfD0MaOtoe6CJBE4eFug0577iZYpw+tc1H2G545CilMRw/OkNIYkX3eiL4yDidv4Foyjb2gjdvof/NyT7kleX7Fn7SMTF2l/LO9JUHmiz6vgf5U5lVClKxRTNRR7PeLuYsHL9P4CPhZ5ic97qgIPVbAYTJ5g==; 5:lzt09rvddT3vs9PiMPFYW+nLm/oHkzHSQ7de2feOLvDALSx8FON8+Yt4vXAfWaXZfHYPzKkQyWfc7mF6pTzJW0LM9ZsdUXp+7CNPNiyBMfgs6g+uLu9tjQa3xxxfZeB6aqWb58cC2UgM6dO7Yb8Law==; 24:La0vHhOmM3IdZ0dWElniO6OWu9T5PiTjO8H17o4uvwWIUBF7E/CzuyZwr+eAgnlWmjjvDhdYHaRpxOeH24/OSuA2RiYPfTRWXOSFA6oxleE=; 7:oYmCyU4LyKsLTT8Df/8DBHT8KXlQMC+idLS5BtXwQYQv1seBVmacEHUuFLD7qxJYOoBe9m5q4zv5JKMzbaOFz2D8spUMyizIpgUKdwxj1XpGa60/IT1LKLJh2PRW3q7EmlQRtUrBGUk8Dy+53RVAZlY7z89ieucZi6TV0I2OKrabqlU/OqoVxk8cofHYdduWNA6XOw2UKstt3VQzFYEG7maDvY7lADgKF3vpZ7/itjc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:7JHh6XAi76VyPE5fI6+XJ32j7q41d16bQ9xfNk3OYSEgKkaG0V4oavhGfT944UNwonPkLHbzDBwD97bw8qc8gtEp46k/zbftMWM9J7q2axvqGbUKgOTqEMcwr52uKKLsmGYmzrWChquiFnAw7VVtofXJifLWIxPGck1qtQio4hn1/WvD3UVAyE0om+tI8Ui04/Wkv8u46VmswBl2zId8ztyY6o1hPbQ6bwvDHqAUjpthTNngC+5BnuiBoG/aGL82 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2017 01:06:22.8952 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0150 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 85 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 28efb7a9245a..8038ca7aef03 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -299,6 +299,87 @@ static int sev_ioctl_pdh_gen(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_csr input; + struct sev_data_pek_csr *data; + int do_shutdown = 0; + int ret, state; + void *blob; + + if (copy_from_user(&input, (void __user *)(uintptr_t)argp->data, + sizeof(struct sev_user_data_pek_csr))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* allocate a temporary physical contigous buffer to store the CSR blob */ + blob = NULL; + if (input.address) { + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } + + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; + } + + data->address = __psp_pa(blob); + data->len = input.length; + } + + ret = sev_platform_get_state(&state, &argp->error); + if (ret) + goto e_free_blob; + + /* + * PEK_CERT command can be issued only when we are in INIT state. + * if current state is WORKING then reject it, if state is UNINIT + * then transition the platform to INIT state before issuing the + * command. + */ + if (state == SEV_STATE_WORKING) { + ret = -EBUSY; + goto e_free_blob; + } else if (state == SEV_STATE_UNINIT) { + ret = sev_firmware_init(&argp->error); + if (ret) + goto e_free_blob; + do_shutdown = 1; + } + + ret = sev_handle_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + + input.length = data->len; + + /* copy blob to userspace */ + if (blob && + copy_to_user((void __user *)(uintptr_t)input.address, + blob, input.length)) { + ret = -EFAULT; + goto e_shutdown; + } + + if (copy_to_user((void __user *)(uintptr_t)argp->data, &input, + sizeof(struct sev_user_data_pek_csr))) + ret = -EFAULT; + +e_shutdown: + if (do_shutdown) + sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL); +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -332,6 +413,10 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) ret = sev_ioctl_pdh_gen(&input); break; } + case SEV_PEK_CSR: { + ret = sev_ioctl_pek_csr(&input); + break; + } default: ret = -EINVAL; break;