From patchwork Sat Oct 7 01:06:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9991015 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 94EE860244 for ; Sat, 7 Oct 2017 01:07:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 878D628B20 for ; Sat, 7 Oct 2017 01:07:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7C83428DAF; Sat, 7 Oct 2017 01:07:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1659F28B20 for ; Sat, 7 Oct 2017 01:07:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753139AbdJGBH3 (ORCPT ); Fri, 6 Oct 2017 21:07:29 -0400 Received: from mail-sn1nam01on0081.outbound.protection.outlook.com ([104.47.32.81]:49120 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753148AbdJGBGe (ORCPT ); Fri, 6 Oct 2017 21:06:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HKr96q3h2o7ms6802CEwZxTpw8DoNDqYC5JqeDB4a7A=; b=eWFNApTFH8LCeR0/Z9EViblqHo8V0x87T6CbICLzSuXhZWVj8ZuO1Q1GiTIWSMduPJgq+s2DF9vMsnz/ytcktFGQrALdULbX3W5RZgA8N7m67aoY4yi0hryIZr/iorn3Hri0DSlGMukWapF/+JcFGwFyQolNNDg2ksq56pS9DhA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sat, 7 Oct 2017 01:06:23 +0000 From: Brijesh Singh To: bp@suse.de Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command Date: Fri, 6 Oct 2017 20:06:06 -0500 Message-Id: <20171007010607.78088-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171007010607.78088-1-brijesh.singh@amd.com> References: <20171004131412.13038-13-brijesh.singh@amd.com> <20171007010607.78088-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0085.namprd12.prod.outlook.com (10.161.151.157) To CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8ff04751-eb38-4f9a-9de9-08d50d1fa151 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY1PR12MB0150; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 3:BSlK8fkfTSdZipCIg2pGCbPuRgp6WABfnGkTCZiQM9F7yCE5w1cp+GvuBUalAOAQaMApYwD3zBo0psxim7tw4Q5FA9KkvrXtQni+vVkAy3ZhSA2f84EYVSYYFdxsmffWz3U2Pw82eHczjXdx5AXC2L5PtztvrBn0j2URR19fQUKSGilSucB5xgVcQ2VppjTcXGxhEga5se6IO2gvijyPn0w5n4d10Y1RbywWDZlxqGcaLsWHG6lH9b1HmE6dorK0; 25:MdL18WQpVS2UtLKXs76qb3PpHrqBl9ZOGkIn6AnllSX+4QyseIlKY9jeyf32wIdZcu8MxHbKTMYpYtyFUMajFhcAja84UaTDM3U9QISw2E1nGcL2WJTIFIoDIXmDTyhHgbsJ0DS+LcznDPSVcah62n3c1zv7VFC4M9csaJtiKU0jUQTPBCVrol35satfoBtKZ6YAqfhqJ2x/BELqtOH7YlhStbHEqRDx6JI41IepLiPkC8MwDfUYoiaBQB/a1YNVAVVJdxVbAAN4eMsol3tXza+yw800axBtban9RJf4Yr8X4/1QwLnKYvYRftermVYIpdqO6NWkNj2Om5McXPgnFw==; 31:kXCVBBKCjfYXu7t68k/VZ0/VAVDTbTb7onK5FWnGWxSgi7PiVL7f7rUnxd0vaDpIZvn94x/qzLFfSxtVBAnhx+ZOUTCOCagcz/FOsa+/h4YjCDq2txrPeLL1a2906nMlGaWzNIINxVgpMCL/VGVuSnDhCEX3PZc8aKGLDQrXSVVHODPSk0osWDIwOKkP2aux2Ib6H77V37uGMy4ZQVl9/ZfV4fPEAnwxXyr3mp6cojk= X-MS-TrafficTypeDiagnostic: CY1PR12MB0150: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:LcaszT3kKESJMokyCe3NbA3+itmiI5FsATI0YTtAO+LdtggQDnmW5JvWL1DSU/Mqz/HWtrGwbK2kGRIbyqpnccbQ+z6LF4vxVX/to5/ATLnadEaNDs9jOV/pqBLOn8ADN0+qNeXwk41NUCkR5bL07mdjsT+UidVjNr8gx2Qji090BT3aG7KxLxNPxuH1CPDsNCE3VhB5P/jR9YNP6MNuR3EmPjQhmdkT3s7Ll6mnKxx75tVL5MB5zLRE1RYLLPoQH9pZIknsIaxTGJPg06gdeJ9EmSXPVi+ybRRoP5v0Q9Ux1BTOFXsf5J7oNBzG+opw6spjwquAdDjqCzlaGzcibZ5GUpGQUf+AYQMuWMINCMmI3He0BgCbSgaxeHp3UvJ4a/7Td4Sre37TTt6H8EWwrPshL/IQ/w4O1CC0g9fTteM2tTSMcx4nvZH5KUna6zwS2f/nVaKC7UXDdSEOkTRljDiCughbKNmBdqTV2wsFGsjXY5ih6d0dOQ4RerPT3Txa; 4:WO3BLSmfJdIoVT2lPcv0p81d9HytcYdRgsnXyctz8QOUpxUFl9IbpfaBEOOK1CZZfq9G3LCgpMcMaZZ5a9KZ9mJxBEAjRyfbyNsJJ8izU1PLzAbzvNCPxPItaHSHHImV7PW3vjrlrVuMMNCHnXFOqw9p7TWfFeXmiJC6YlTXbXrCa0yjhPaf/QnC6e9Nimu7HdxR68rIJort1CGywqRrHVBnKqNXr8KC7Ft16x/fr6V2LWq9vqcBzbcxeepSTu+99OrwiC9JdjneWpZCnGM3BtbVBIOXIWW97eZDdFPNqkhAOGv43AeSFnCOBwWtCqERx9Aop1h+TMrCoNPecVUK8Q== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123558100)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR12MB0150; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR12MB0150; X-Forefront-PRVS: 045315E1EE X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(5423002)(199003)(189002)(6916009)(53936002)(316002)(50466002)(36756003)(6486002)(25786009)(4326008)(2351001)(16526018)(478600001)(5660300001)(2870700001)(2361001)(2906002)(47776003)(54906003)(53416004)(6666003)(86362001)(76176999)(6116002)(106356001)(3846002)(105586002)(66066001)(81156014)(50226002)(68736007)(101416001)(8676002)(97736004)(305945005)(1076002)(33646002)(23676002)(50986999)(8936002)(189998001)(2950100002)(7736002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0150; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTUwOzIzOnRYdnVyc0ljRWxpY2llU2laVzZtREZyWHJm?= =?utf-8?B?azNWU3NKQUZPaVp2M1U1aTJkZEcvRUVCVG1HdnN3UmtENnJ3a3NaS1RBL21l?= =?utf-8?B?Z2dNOVlpc3JxM2duM3NPc1hhdjY1MjhDLzBscnNTWVRQbW9DNHdRcnE5a083?= =?utf-8?B?U1FYQWNQMmFrTC9yTkdPWVEzSnVsUlgrRTltT2Qra1NCN2lHTm9CRVc5dDZw?= =?utf-8?B?SkFNcEpJN3ZmeFVTaEt4K0ZuVDNnSlNxanhjYUsranVnYUtjdk96bTZqVG91?= =?utf-8?B?VzRhODhuRWhrYnZwQUo0eUpxelJyajZ5QUdWejRkWW1EQU92d1E3UW94M0RB?= =?utf-8?B?ZjRKcC9XMlVTaG10THppVkMyV3FUTUhhTVdSUlo4SjJxRzFHL3hkKzg3SHpM?= =?utf-8?B?QlUvY0l1Z2FmTlVZRjd5ekdKcmVtc0FIdUVVTGlvZXVScHFTWi9DQW9oeURw?= =?utf-8?B?L0V1RW5sKzdSV2NCTDcyem1Ldy94YUhpNTN4RmRVWXhCUFF6eEVwSnpKOWw3?= =?utf-8?B?NTdHb00xTytHWWF3a2FzbVpNSEVxYUI5MmEyamNYWHh1ZjRpWTNEUVhBWHZp?= =?utf-8?B?dTNvcE00dU1ueU4xV21vZjJhZXdoaURyamxoZFVkWmttKzB5amtiS0dUaGJ3?= =?utf-8?B?UVhETDRseXJxUGNVWEczbm44SWJwN28zZWN1RUs1S0hSUS8vTElhZTZlTWE1?= =?utf-8?B?a1F6bTNlb2pVRVhya2VmcVdiVE1MTEY0YmdDOGJjMWtxU2M0c1JWcVNiRXZN?= =?utf-8?B?N1E5T0lKSEQ0dmJhU0dlUU9uVy9YR1hQVHN4U0hoSk1lVWFUaEhFb3BTYm1K?= =?utf-8?B?aGJZclBySHVkRm9KZmV4bytOdUs3Q0VOd1M5RSt2bnJQYUYrbDlERkZCdXIw?= =?utf-8?B?bEFsYThrUGIwOFFXV2NQYTI4MDhjSEdsWHRCcFJwMXRHNjhBV3UzS0lmditE?= =?utf-8?B?NWZ1SkhwbFUrYXF3R01LanhuQWtpNmlERGJKWEF2cFBUQi9VSkQ4c0kxRHhW?= =?utf-8?B?NGZnWWVqZWxpOFgwbitWcElvdS9aT05RS1VuN05yWVAzQmx3T1c1T0xBUnNp?= =?utf-8?B?Vld3bVBTZ2U5OU9sY0FTNzJxS2prR1RQOHh5UWpscG5EOGx6aDZnczJ3dWFM?= =?utf-8?B?cW9XdHY2Slc3NisxQ0h6Z08yS20rZ3Uwak4zRUlHc043OGJOVW9PeHVTVnU0?= =?utf-8?B?VUNhQnJ6YWRYZkNjT1cvSy96QXpyd1Y2aGRZMFlVTW9xR0xNUmdsUytYZ2Vk?= =?utf-8?B?NkI5dnRmc2c3NGVSbVd2WEZFSEwwODlzU3A2ZDd0NGg4OGRqZUVMR1VwMHdq?= =?utf-8?B?N3B0SlRScXR0THNPdCtNRVpWS0xuWFQ0N1Bnbnpneis0ZjlIYjNOZElzVFE1?= =?utf-8?B?eU9YYndtTkhRTUNFcmQwNU1sUithU1ptZDJKclZCUTlJdGp0T3lxbzZPaXhE?= =?utf-8?B?SktPOWVVT3FobjVFRkJUaGV5aENmM2VxY3QrK0orV25iWHpyN3piUEpVcC9q?= =?utf-8?Q?x5rJmvQF1reFlefzUV1uKmJNI=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 6:UqWWURGQpQBORMvGEQaiOxXJ6W/MFXuN35NHrVyGG+5SwWs7wOwrItrgN9kNf2u/MFRRh6XNG+LZxAFz5C977ffcaxWCZo5NUETUFYgET0in+TwOSLfoEQkPcSb6XyNudSrqXgwN6ZYIDl5Amydhht1uJ2hg0nKGjBN9XNyPjWYXg1aQFJN0emvK/I4ldS9O3SwvePr1Ah9+ySNSrO6I6FMe3VPdK3x8Sc8rQ7hukpNSt2ete7YgoBbV3MeZyeC4iEi7ezxrVF2bb5r1rj30PzrLqVtWoGurWHHOuOGbsb+OlgkV2Gfh/7zxqrr4BlV9hqYkVQdU+M/JXQZ5SKwHTg==; 5:SGnasf39ZtgnBKBDQ18nGksnHVO5MzvOzKF9T5Bk3aGjkQmnWdvVPy4v58OFBtMbedGEwt1eceopfthMwHyrumwrC8Ewkov6owC2eQ75hVV9Q5IZvse08OH5q/9RZi5DCnfKSqcXLtF/24ph2HaqGQ==; 24:Pnr6g1opwMTluxogyukagVZZMB3GGaufVdBGFmGiyliyZ3yMRAG5auYqdA1HJBKchAD8E2KyPnoGNEzZ37e5Zea/UOB+CQ2pDNbDY8HQiIA=; 7:DumvPz2MHoeQZS0KmD00kSLQWVr50ErFjw8s+2nKoujug8fVJuJGgVCYPsTAQG+Tdq5i4bcehh1zGRsCtSVUzfHZbVQq4Em6J94+UW2bLkx5VvQI1ikjdRv2L5fVTA+8cpTgPtve1qcASl1386lChtSAN5qw8Xm9kV4J3Bd071uVHMccFr/Xg8wMQTdDp7bxyMnK5SCfvTQm7nfbqR/gMEe7bXVxltGajvclvaYklZM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:s6fTC7nxfl/6hHW/ADs8eL1gSDMKwVBqonj4NLmJddmlS1wwbmIr9877UBi31J73Z/3J4dWVy6aH9oaZ+eZQa1OQx71E7wK/Mdmb5BszVHOqWIsHzWeZwYjbunhhtiJ4c2Awvc21DMTPCKIQ3waaE+5kfFGbgh9LmT+ca/0/l54+4byas1C5Pd3eiUA1Epm/TXXDRJ71ZFjg3HOKoDqY+4mjweW115fP0XGKCMufCCjjXpmM3/n4HsfAlhS/wSOb X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2017 01:06:23.9421 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0150 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK certificate. The command is defined in SEV spec section 5.8. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 8038ca7aef03..861c44bf2910 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -380,6 +380,99 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp) return ret; } +static void *copy_user_blob(u64 __user uaddr, u32 len) +{ + void *data; + + if (!uaddr || !len) + return ERR_PTR(-EINVAL); + + /* verify that blob length does not exceed our limit */ + if (len > SEV_FW_BLOB_MAX_SIZE) + return ERR_PTR(-EINVAL); + + data = kmalloc(len, GFP_KERNEL); + if (!data) + return ERR_PTR(-ENOMEM); + + if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len)) + goto e_free; + + return data; + +e_free: + kfree(data); + return ERR_PTR(-EFAULT); +} + +static int sev_ioctl_pek_cert_import(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_cert_import input; + struct sev_data_pek_cert_import *data; + int ret, state, do_shutdown = 0; + void *pek_blob, *oca_blob; + + if (copy_from_user(&input, (void __user *)(uintptr_t) argp->data, + sizeof(struct sev_user_data_pek_cert_import))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* copy PEK certificate blobs from userspace */ + pek_blob = copy_user_blob(input.pek_cert_address, input.pek_cert_len); + if (IS_ERR(pek_blob)) { + ret = PTR_ERR(pek_blob); + goto e_free; + } + + data->pek_cert_address = __psp_pa(pek_blob); + data->pek_cert_len = input.pek_cert_len; + + /* copy PEK certificate blobs from userspace */ + oca_blob = copy_user_blob(input.oca_cert_address, input.oca_cert_len); + if (IS_ERR(oca_blob)) { + ret = PTR_ERR(oca_blob); + goto e_free_pek; + } + + data->oca_cert_address = __psp_pa(oca_blob); + data->oca_cert_len = input.oca_cert_len; + + ret = sev_platform_get_state(&state, &argp->error); + if (ret) + goto e_free_oca; + + /* + * PEK_CERT_IMPORT command can be issued only when platform is in INIT + * state. If we are in UNINIT state then transition in INIT state + * before issuing the command. + */ + if (state == SEV_STATE_WORKING) { + ret = -EBUSY; + goto e_free_oca; + } else if (state == SEV_STATE_UNINIT) { + ret = sev_firmware_init(&argp->error); + if (ret) + goto e_free_oca; + do_shutdown = 1; + } + + ret = sev_handle_cmd(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error); + + if (do_shutdown) + sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL); + +e_free_oca: + kfree(oca_blob); +e_free_pek: + kfree(pek_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -417,6 +510,10 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) ret = sev_ioctl_pek_csr(&input); break; } + case SEV_PEK_CERT_IMPORT: { + ret = sev_ioctl_pek_cert_import(&input); + break; + } default: ret = -EINVAL; break;