From patchwork Fri Oct 20 02:33:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10018677 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2C0E460234 for ; Fri, 20 Oct 2017 02:40:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 166FE28E6A for ; Fri, 20 Oct 2017 02:40:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0B0A028E89; Fri, 20 Oct 2017 02:40:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9596928E6A for ; Fri, 20 Oct 2017 02:40:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752167AbdJTCfc (ORCPT ); Thu, 19 Oct 2017 22:35:32 -0400 Received: from mail-bl2nam02on0081.outbound.protection.outlook.com ([104.47.38.81]:36505 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752035AbdJTCfX (ORCPT ); Thu, 19 Oct 2017 22:35:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7kfvlvFxkIOgYSZTWSVb6pcKumbCH/aUH8gS+x5DpQs=; b=vFcIID21hybzzLSsOEI4DbdqsdHNfbshIO8ypWddul0A8M68A6sK8O3FvYi3rGARELGaebSpDy5ge1wX8Vdk5vKBmJOejDbsz8Gi78TsCviXQKUUtnnHVw25WFYkvLsKWAZKBnqvV8pvxTymKIfs4ZwOm281TB5i6Qd7yYfUMi0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 02:35:09 +0000 From: Brijesh Singh To: kvm@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command Date: Thu, 19 Oct 2017 21:33:54 -0500 Message-Id: <20171020023413.122280-20-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1701CA0020.namprd17.prod.outlook.com (10.172.58.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9308e94e-e368-4d3b-ed3f-08d517632f4b X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:pQaqGNyyw29Jvo+77OfqrR9Ih1xG5EE6W5E8P+VsdYAyy9M6yXEmNUxbaLw6U3eeakfMh0VFuQyzZCOrlFMR8+TSLeLv6483msST+Qk4RVidQH1OSCHISaKECeF1GNjJ2IwpvcK7UhIer2Ok9wgVvNR7+jFBJBaS6dG2mHBkS757tcCyypLyDZwrSEsz2W2PcsUG+FeXlJ5GRUL2f2xtrSfvhOYeCftaIaov0AtEUAGWAayO7bSYaFXJ49J/PtXI; 25:LI6kP6EoIfh8dmckKkb2hPdaR6D/FiHq32Qk0PXqG3hwIg+M1wfXZ9fnMhWvZI29ChVeHSQGiu4x2hHXJlFcde89vPr3oHOe0Tkc3DAUm2SWmMnpoqj8g/c+uDtenyUcYoql2D4UENKUJG5AYiczvAsszSbtudr46O4VnSggAXPRxH7GDWUCM568iA8wD2HJGgT/+w2mbh/qDmfmHndVknMrWjYbKcNzkA3nC54cyW85hxgd2H9Gy7lhorTItUYoSP5hqil7S2V4UQO+kFgoHvA818vUrEb9SskyTySZM5TnfG1QWon9+jWu9SCCLt2mq5JC/pxtkKiNx+IhVepT0w==; 31:A1ZhSFOkw8P2LU1KcOhagNlaXM6+3BUzOlqv5X2OZZRJrdJk7VjelfLirLBDDZzcr8ZibB3O7nYUDDrwJ/nVpwVUrT+IKBDcW2jUmXj2QtVHIoE8W7SDyzMNmF3Z5qVwrVYc68LfaHmBgeyFc9WLfZFrbwZ+kRhZfpYBqnznF8eyE/+TdPkM8Kg29L5wzPL535cXQBdK8O2n1atcxwSXVCwf48JR4f2aKy0mLZ4Jggg= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:ZHOvBpxGhbGyTgm+ZbIFlImDqjbtXdLYju3h+bqbHMx/k42NiI5en4p0a510nQ2HYTfWzP9zgqg2C38S1NmDmWgXkgY1eyURNy21L77FQZwTjsXmlGWF0qEO/+/o4bJ9U74mzQbQ7bLspaNVK6drr5Ipy63FdwGv1hkQopa5g1pS490H5heOVcYP1FmVjKFHJlDFLfqkowN7wjetsK4fpEgkXvylR+HC/tVHWgVV4GuoMHGr6Wv7Ncq9WFZUigxbBsvWF6MLt4RSuzOdwsVBfz4tFb0cDcQ7rozwTfh+s4WxdcoRkQ7zT30+Kc4OCukcix5LjLmpNzr4xgxWq8eYTiMMawNir7XtFcyBCCWED6N5ZYNC8QsztuEeSgcbHWzpA3rTV1yK8kYHnXgsJGdl7JYjOZGLVpaAsYhh0uGsiua0dUIim3SbUZjbY3LaHUGngp9cGINAtVCuu9Xv52Zfny7YIHr3awhsCg9yZsZFkpCXCnqAqzRo7hed0ACxOjrw; 4:K/oLOGLejdT4/r/5TC6dxCL157tmNLJT8/0zUm2tcGn29eYECqY3pZKluEleCkx4gk19KnBYARndKJ5c3U9LJaUZcEsdujiQkcJVeF+9zXxOtB49hqISoqI390MwZ85zsTmazLb55OUlYAf5+jFLo+gHw9r36L+pz2W7Az5aL85yGfcSIPoRvkRR1psSFxS4YfuRhQ3DfOJa0zv3+JMreee1HMVbEHaFib7H5TaAClnizGI9/dJZx3NeaP9rWc8hH6pXGpkH3GN1QJuO929MtvL5pvWqW70H4aVPUl2vjFzi1gHMd7R6/qyosGfiU6PN1gpda9xa6yyRkuLMmjxfMA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(36756003)(7736002)(68736007)(50466002)(1076002)(478600001)(4326008)(16526018)(316002)(53936002)(6486002)(86362001)(575784001)(305945005)(53416004)(54906003)(50226002)(2351001)(106356001)(101416001)(81166006)(105586002)(8676002)(2361001)(76176999)(2870700001)(2906002)(50986999)(6916009)(23676002)(66066001)(47776003)(6666003)(97736004)(6116002)(2950100002)(189998001)(8936002)(3846002)(33646002)(81156014)(5660300001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOlMvZXFuS01JTVE1R1hObitMSjY2bm12NVI4?= =?utf-8?B?ZkRCM0ZISVRLazByVEZEWGJoZHdzK1Z5Q3F6bVh2TXIrYVhUOGZmckxFOXpR?= =?utf-8?B?c1ljbVFlU0YwclcyckEwMVRITmlaVkkzQ3c1L0Z4ekZoZ2g4aisvWDI1RFF2?= =?utf-8?B?RmNtWVdTTnVIY1dtbXFQdFhtNzB4czkrZDNOZEFUMnlyL2dSUE42WTFzL2U2?= =?utf-8?B?bWxUZVBFUUhhd2plRTNPdkJ2Y2R5MlBqNnU1NHljdEh6UU8yYmtCM203ME16?= =?utf-8?B?RUpHTys4Q3RhcmlxUEpLMkdFQlBWYU5pUzh0M24ycmcrUmZQeEFUUGR2ZVZh?= =?utf-8?B?WE8wSldERWNDWDFGWHI2OUhIdjFVZHNWYUpNa1NYUkNoNVk4ZlQvcS9PV0Ra?= =?utf-8?B?S1puVFcxSHBEUmpCcjJURTJzMHA3N3lWVHhIVk1neERBbndFN1BaMC9EVnQv?= =?utf-8?B?aG50UDlIZHNOb2ltVmI1THRwS1hTUWZibmhsQ0R4S0hnWk9NVXJCK3gvZHZu?= =?utf-8?B?MFRlWGFTVlFFbEM1cmg1RVY1aFhac0VYZk9NeEZGakFIK0xLcE9MbXQwbTFn?= =?utf-8?B?d3UrclFTYUpFQjR6Mkp2L054eEtBTHk4VjVjQW9vZ2VrNjNET21BRzlGQzRW?= =?utf-8?B?OEZTSVF1WmdiNlNLbmp3SUJwM0xmbk1CalVUaVhsT2lQbWNZRkVKTFp1OGdh?= =?utf-8?B?V1UwUWlrU1VZa2FmU3YzdThmbGZDbEtPM1hqTk5CdmNnRHRaR0VrSmN3cjhL?= =?utf-8?B?aG1EbHBZZldldjVXMTh0VHBib2dNSC9lU0FjKzNlbmZMVTBEckVNOEhQQVV0?= =?utf-8?B?Z3hJNHBINk5uaXUrcmxGRm1Lc1laU2NlelFzcnNoRmQrZzBsVUlhbEl6VDNz?= =?utf-8?B?NmJBNzl6ZTRCMlY5cW9STjZOWkk5dVY0U3I3ZitYYmR6UThCM0lFbW5VZ3pD?= =?utf-8?B?NXRHV2k1MTFzakVPeWw1L3JGTzljUXpHS2VKUnI4em9iUjdMRTdxYkNMaEdl?= =?utf-8?B?eGZ1Y1E4STM4OUdQdUFoR3dnY0dWUVVseEczQ0NkMndtSy90UUo2Z2xtT0Vs?= =?utf-8?B?NTNZc09oY1FwZ2drRGpKNkFRYUNLcTd0T1F2S2hxa0dXd2VpdThjY3grOWlC?= =?utf-8?B?ZS9hd25oSEdwQkNQQ1NZUVlJUXNjaVQ5TjlKUHNTb2JPMGNhaHJXbEhVZ08z?= =?utf-8?B?emVDQUJQWXNTZnNNdm5YUHJablpQNld4YlY5Vm9PM3hYemxhdFBBcExvM3JZ?= =?utf-8?B?ZldVbURKTi9oZnZiTXNGK21GMTJCUnQvclRFTzVLUStsRFIwTGtkaE9mbzds?= =?utf-8?B?M3NYMk5INDVOeHAwY1BPWTFibUU5aXNJZ1RRNHUvYjJVY2MzNFh0V2x3WGs3?= =?utf-8?B?WW9JZnhkVS9NWVpXellTdzlvdVpKWGFiVmVqdE9ad0Q2NDVKTE5mK3ovR0NE?= =?utf-8?B?WVNpMXlOcXdQcDRwcHkzOVBaMmtEZ0wzQWhpVS9pViszL1lXM0h3V3htWlkv?= =?utf-8?Q?e7ugLxmca6fweeRNtE3yvRkUCm+OIEnivihq9bE56j+r0Y?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:oEEn7Rd2qDEt4F3XXlVjCDY2KZEEWE/0iuZkhyO78H6/l84i6TbmoxgWlVJdCArh2uivedvj/veomsitljwHyA5iZB/OJhggWb2q1irw3ldUvrUyHlfafvGPYBzMss2m6nqKkEHVK0GnO+vRPXKvaY2I/0iuA/G2GxKkUjuUZAqe4Y5kdqeeLbZRopHBbWnE5PRNUF4q1rYf8PNy4wcb6q6EYqIKCtQ28uwW/vF9UWQF8CP9/Apt4UKS0J8uT7g6sgr7nmUH566fh2g8hciL1Nw7hfrlwlc8sVfqLJrZ1Hv7uTMqw2jugiTlGXE7onfAFnlqkvkp5L8UmM5vMIEucA==; 5:IRsoNNaGH8rVkGC7aEOuaELKohUgzblCcZGiD/d02fughmElC/SnxlGn3hGaPggto1xuo1I5aaYHcQbTTjaWgIRUpHYF/1CkxKAc3Hlumqw+iU+4Wklt5uWorAq9nkLVY2OouSHGC/enm4hX4/wRIA==; 24:O5JgDutsB1Bah05QU6bYschElxHWMzvCuW5d9y4neN3wAF7mAYaHU3mLYxxgpFv0QkdGTYuvOCdvSbVvjwgpCT0jf9txle7Posx34S0tlFU=; 7:cwjN9J5Ub+BJBmkagj6Aptnqil/vFxVYZWt3HdjeDMM08COLWwyh1vXUGHTaEZW+t9NCEmZ4zUp4FjDIHrr0t+0ZlZ7zryHP5vuNVwr7cI5lcHZFZ1sa1Xy8/8WT55o/zPQEUmTHdzavEJ5BkXvLH/LhSa2+HCMlCwzh34UNuEIc1Bp27oSeylG4AgXQr9SriS2asPvemY/VvC3pcU8l8x9v5qwv4OfuyrBH8s7u2eE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:uKegLuceclfUbklRDyJhYfLj5UNCN3JSMMlh+3pmM7LiWElM7FEAmyzIQmqZdJS21Br0D4LyK3UXHtr9FfP9UlsOEoBFL7689nVVwoU1nUW8GanGme9LCTGnyEVyX8DCZaS8/KkJcjOvkBuCAOrXfnHzkPZrgE92RO+vMomfSyae9egSvJdJL8Qlqrca4yVMreEcPFFJcyPS5WFgQvQnCB0WP2H1gQ/bPA9k/P3wjgTOI0ZlR4YWJCD+jSyaaNIW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 02:35:09.0655 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9308e94e-e368-4d3b-ed3f-08d517632f4b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK certificate. The command is defined in SEV spec section 5.8. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 83 ++++++++++++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 4 +++ 2 files changed, 87 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 26a365c9b0e0..89242d4d1067 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -279,6 +279,86 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) return ret; } +void *psp_copy_user_blob(u64 __user uaddr, u32 len) +{ + void *data; + + if (!uaddr || !len) + return ERR_PTR(-EINVAL); + + /* verify that blob length does not exceed our limit */ + if (len > SEV_FW_BLOB_MAX_SIZE) + return ERR_PTR(-EINVAL); + + data = kmalloc(len, GFP_KERNEL); + if (!data) + return ERR_PTR(-ENOMEM); + + if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len)) + goto e_free; + + return data; + +e_free: + kfree(data); + return ERR_PTR(-EFAULT); +} +EXPORT_SYMBOL_GPL(psp_copy_user_blob); + +static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_cert_import input; + struct sev_data_pek_cert_import *data; + void *pek_blob, *oca_blob; + int ret, err; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* copy PEK certificate blobs from userspace */ + pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len); + if (IS_ERR(pek_blob)) { + ret = PTR_ERR(pek_blob); + goto e_free; + } + + data->pek_cert_address = __psp_pa(pek_blob); + data->pek_cert_len = input.pek_cert_len; + + /* copy PEK certificate blobs from userspace */ + oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len); + if (IS_ERR(oca_blob)) { + ret = PTR_ERR(oca_blob); + goto e_free_pek; + } + + data->oca_cert_address = __psp_pa(oca_blob); + data->oca_cert_len = input.oca_cert_len; + + ret = sev_platform_init(NULL, &argp->error); + if (ret) + goto e_free_oca; + + ret = sev_do_cmd(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error); + + if (sev_platform_shutdown(&err)) { + ret = -EIO; + argp->error = err; + } + +e_free_oca: + kfree(oca_blob); +e_free_pek: + kfree(pek_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -311,6 +391,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CSR: ret = sev_ioctl_do_pek_csr(&input); break; + case SEV_PEK_CERT_IMPORT: + ret = sev_ioctl_do_pek_cert_import(&input); + break; default: ret = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 21511419bfe6..f9113d315cf8 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -620,6 +620,8 @@ int sev_guest_df_flush(int *error); */ int sev_guest_decommission(struct sev_data_decommission *data, int *error); +void *psp_copy_user_blob(u64 __user uaddr, u32 len); + #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ static inline int @@ -648,6 +650,8 @@ sev_issue_cmd_external_user(struct file *filep, return -ENODEV; } +static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */