From patchwork Fri Oct 20 02:33:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10018701 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3D10B60234 for ; Fri, 20 Oct 2017 02:42:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 281B728E8B for ; Fri, 20 Oct 2017 02:42:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1C6B428E8D; Fri, 20 Oct 2017 02:42:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8DCD128E8B for ; Fri, 20 Oct 2017 02:42:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752306AbdJTCl7 (ORCPT ); Thu, 19 Oct 2017 22:41:59 -0400 Received: from mail-bl2nam02on0071.outbound.protection.outlook.com ([104.47.38.71]:59884 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752111AbdJTCfY (ORCPT ); Thu, 19 Oct 2017 22:35:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KsWbO8TNNlQEgQHBPx7MtntAOI0n+5Lny9vQ4FJOyBA=; b=S84LLthwIksSie9d4y71kcvrnkqX4klhXOZMo/6iRc8nbHXXiDWpKOgJpMFgVXLODzRYV8pXPmvJfI283Bl9du6HQeMgGCft9WYnMJsgjr4ry8jzlAElgMrYIz8HWmYOn5y/Zjj7rvWuENXY3Oq2zMDosLK7RiwY7owbFPyu1rc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 02:35:10 +0000 From: Brijesh Singh To: kvm@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Thu, 19 Oct 2017 21:33:55 -0500 Message-Id: <20171020023413.122280-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1701CA0020.namprd17.prod.outlook.com (10.172.58.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3928d228-2f8e-4200-6abf-08d51763306c X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:F6xm+m5p8wEpBXxQ8bwO50D0G/TXc6rnkr0Gfngl/DMr8NwGWuyCeMBX3rGD7wSrDG0UdGC5Ffko1MhepOWrUFwx7Aat1BGtWFruGRGG2jKXfyjwAolAy2qT/tMWon++kbFbEUnir9EAexTDyiR4IOFIPjVNYfIWC+GrdMDdahMiNexhyOesyGdjuuHRtiS1TCRxSV4BvpTBoLDXf5LU8tXVH0DcVoy83s7Esg3T2sx7QMuTLzTDbCw7dgRscdQ5; 25:e8sC0gV8+dSgGxdLM22C1Fn+Pe/YmVlQMG4M6V3BXB/kXGbm5kiNurV4cQ2Lhl401B72FgKNlaWGTKpK2EgYtM3qybo/hWSdVDZJpHcFIFYbrhlqrUFXEf39XuqDU5aQmMs+LW+4n1K0RzfmDMe2NEwF7tiZCdwPranAdAyfa9ijxfjs6/MSVE4jDGaENT/wD0SG/6rQaEMVbRTNOSGe4h9iIq4xGGszFygxzOftBPxh1oOPaIegUwGs1ERF6l0ILM9XvZiMyL/Vzr8ueEcdA61QT7I99pcZGshvYqtbpgfMW9OeDl9CpbYIMm/GtZfOnk+uBpXGigdv8kWaxKYXjg==; 31:LjQJhhdmchkRK/sZlQwp5iujNWKoCJE4VCxAzAC246mPGPo3HuyWZsikaDVY6e8Jf3Z94hiE6jQbi51wH8yQyBP9Qn0vpvA0sx9HH4+mwOdP0pqYqm6n9fGqvi+FcSXSVzBE/ku3DmziAW2LSvIuYh52+7OWV8VYLZFk0c6Z7eBMvMz1k1o8+0xldxHQiQ0Q0JEQWfgHaF6Cgpa25RTMVFzL7x6DwebeQhbboCgsC7M= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:Oyu6LbofEp5Cy/u5hXeVhZjX384Tm6hEoCThFX6eq3aJn6XKsnJ3WsCGfcvOcjqZcW/HKMCCRNzCMc/SllP75X6czxzIjl55FBhRuDoesc3/cV0ntqDzXIQX9pIl8O7NwWDfNp03TCPymQt5+6elOFdsuYrWL24l22HN4pUp62G/fTGyv6QRPHAUj30B943fiUdTQvCnTtmDqMyjz0AL1AXqHlywfixpDmBW91E7kIr0KpySYwA2M18OLulZQ+wfYQCIjE+nIsVYiug5+C4/q5HxmgjqR+kghKuHkS8+UJa4hjVEwfws2SLAwojRDNKq5pGYcdVPBRRQls5eXRHEMeRWPXKVRQ7nC+Lrp2bO3DtzuqJRLZSbCOEtmZq/m2MPh5VGSngvdfuRLSInCSHZM4nR3Zl5/bxQi7TBMfdQR/5l4T5mivHQCriAj63Bze/aWCuyZOEaoj55bGBkMs9SB7HvrgHiy1SkmyPxQYTyFoqf8K/vGhh9quUTm9Yvg5go; 4:q3VeA2FjwSCik6N2XQTF8TdoyeEBAnIHQMww5O+0cQHXtc2+i6XZQE4d5wZD8gomR8LisTg4+CcgdnRdxLcyzV/zolly6AkXqXgBdHyR5jVXE3njI74YqkVZ2SCJ3OTBiaQI8woYNZnanGCQckUjiTe4+3YtnB/e1rZslm0C2KpfyH0U+fwY8/mtxfAlxO9AqHJ0GUTyMr/tHSuAbPE+YiIXmcuf2dFSJSMj0XOOfpYZ1oxxsUvcLFBHQBOjlQTiHsvwNCUxiettiEpwyEqLsLA5wkdtx57TwWBQJNLfMLA0LRqJkUzSjOAGRd7KdPIcBBkZMWWW0RGpTcTnXCq6cA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(36756003)(7736002)(68736007)(50466002)(1076002)(478600001)(4326008)(16526018)(316002)(53936002)(6486002)(86362001)(575784001)(305945005)(53416004)(54906003)(50226002)(2351001)(106356001)(101416001)(81166006)(105586002)(8676002)(2361001)(76176999)(2870700001)(2906002)(50986999)(6916009)(23676002)(66066001)(47776003)(6666003)(97736004)(6116002)(2950100002)(189998001)(8936002)(3846002)(33646002)(81156014)(5660300001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOkVCbG1Bc2Rnck1HNDNQeWZSN1JXVDhKQVJk?= =?utf-8?B?VVI2enQrQXRGb2ViNVloSEQzTnpxVTVzRmx0UTQ2QkV4UkRIdTBMbW1BZjFF?= =?utf-8?B?Q2V2NzBrNHlvL1orQ2NBQk1QYkJPU0hOMTU0K3JVb2FncTlLTmlzb3czM0pu?= =?utf-8?B?ckNESzBOb1IrMHMrOXo3ZXdBT1Y3c2FnN2RCblhURU5sZmtXR1NFRzQ2NTVi?= =?utf-8?B?VS9WT3QyNklyUlF5MzhhdG9aNVFnQTNieDg3V1RBVGxEaWo5MEgvL21NNDRx?= =?utf-8?B?eHRUd0d3NU5udjBvTlFXRFBVTDZjNHoxMHRpeFEzMU5iR3ZzTm1vQ3pRZFc5?= =?utf-8?B?NVZIcnptZW9xL1BVVHZHUzdGM25EWFdCYzdZcmNlMU82N1ZXZ3l2ZVAzcitR?= =?utf-8?B?UHRUS2EwOHA5TTFVdEcrZ0NkN1pNV3NLSVM0U0N4UHZic0F2N2p2aWxzQnFW?= =?utf-8?B?N1duWWowSFFJU3BlbmJMNWE5UC9OWWZ0UndVcEdjcXoxN1BBRzN0VlV6OVBB?= =?utf-8?B?cnI1bk9mb0Z4ZzhKckN0OURBWDNwMzVnSmFHQThsK2hhUXM5bzV0N1hoY256?= =?utf-8?B?THJDSE50L3llVEUwSXBLYUIzaURPMkFxL29tZTFUY0hzOW83dktOMVUrWHky?= =?utf-8?B?azFucnRhdEwxSUZDaEt1TlVLcXZTU1dzdFFRczRSZXVDaE9jb2RvbzNEMnpQ?= =?utf-8?B?SzFUSVdodTVBb0RGd2JlTGFmcTBjcTM5c3ZIazE4RC85YkVpM3ZDcXlqaTlX?= =?utf-8?B?eDhvM01tVWhzRjRHZGVTU3Y4Y1JOOVZUNjFDTmhyL2xTUU9nZ2tUS2cwRStZ?= =?utf-8?B?TndzRTd2a0VMWjJSUFBnUXdYbkFpZzZtVjlDMlEvVDY3S3Mwc3pNUElPNGV0?= =?utf-8?B?Sy9YeVRUY1R2dFVVZDN0MVdTTjgxS205ZEtjZmhab0ZxYW41aG5CS0YzTHFN?= =?utf-8?B?WHZLWFk2TlVLTk1KbzhwU3JOQVlzZS9QTFhhSUpWdXdLVDk4bGszRk83d3dj?= =?utf-8?B?b2Uwbk5FRUpCMUhEL1dscTFTNVhKSDJocTdMZmZteCtiZFRnVCs2WHVBdm1a?= =?utf-8?B?dkhSUnlhQVEzbnhBeXg4ZDQwS2t3aisvNGRXYm9ZckdqWW5WTUpoQUdicXlJ?= =?utf-8?B?Nm9vYkhzOTc3Y2lEMWV1OWlhVklSSEFIbEpWbldnVEU5VFdhbVN0K3BGZ2Jk?= =?utf-8?B?dE1zTG1NeEY0bi8yMjhMVmE3dkE5ZzNFVlA1NmUwQ3pidlZaNXgzcm44eHFN?= =?utf-8?B?L2U1ZW5kYWJqdit4N0QwZGJ0c1V3SEJFeW5weEdGeERNdTVUMWNwWmJqZUhK?= =?utf-8?B?UUJqNWNESDNaMlA3WmhNa2RtU082cDhJSG1EbDN4ZFhvYzNzci9lQmw0RW9x?= =?utf-8?B?YllFZjFKd2NoSUpSR2JxZzZsUWRWRmdkWldwZjdpbFN1cHFEWUNoSXdVUllD?= =?utf-8?B?WEF0azladmdWYnEzTWpKbjF4TUZGM3Q3UTJ3WjlLQWJQN3c5QXdPMGRiU2xw?= =?utf-8?Q?bhe7zmQ0xJdiultqgXbrXD9q/xHULFFNX9ChmffD+ysmbs?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:qdQH3ublMT7ahuBALeJgz5QtTRov9GclXbGda7gXeiMHqBDL1FCJo7/wNqJ+gtN6hp84QWCev0k1Pp0o1FvxbcQ2657EHsQV30umA9MvYERlavB0vZ4wMFEpmU+GmxN9Lm3Fqa8vMgcN12sjFPuZRFBTszshorKan/lcl3d8GVfROcvFMOt+qJ/8e1EJnQGTX3ZoDouDicgcp4QkPI2fwCFYCNHXsfyK1NNp5ZP0oXcV4oq4JqUCV7got66VGJgBlf2hOqp1Gu+m3ETXlRtLnF+fYJF0M+n3fZybL+FLLQ9DpcjkeRmVbwv5mmwCa0NC2DQBawR4MQIHS+Gs9rgjvg==; 5:12izjc/jpu5oMkFARKSZ7uDBA0lCQabbdn6dJ+4+cmhVO0c00PL9Yqtm+Cqj5lD9dTO/QH7GqMCh6l0DieUxXxJhsEDQ4j8ozJpU4WrpBECbwyteLHDXILeG8GeP4ocrM3JzTaVR4vXNRd6Ci8ag8w==; 24:N9duykE2xIuJatI9nUxgHPqtgU80ALpD5EfJsB8KwYf11b5aCBsdtkilorsPwkyT5KYH82yeHdAMevmQGlDpmxmVSR6lXXUCHYf+tqoVmSA=; 7:diYrphIX/IIgf4bAxrjCJ0fdb7HwKwra2usdZ4/jqkHKXAC2jZ92BpErpUWvW7RmxmV8/pUl1cq14FFWp/LmElXXq+9HcymNRz+JDmRqeeWNAHURnIEzPFx61nXe+XMKo1lBvm6cv6FQtkhzD6R/CMJMiLa9uwSNw9OftHeDNCCCaoZqiviULXI7WhcktYx4JLRV8SetZMS22L0p9dNCvP7TmTIyD5Uriao+Qz7egAk= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:JqPNU+otBEfw/n9IPW7yE1qLIy+v54wOji4+eM6/lziF13DN89a6ImG9xOd7hXuKPH29AqDKCL5X1OQjKI2jAL/dogefSrE9iMYcrvNMIH2+rItp8mcK8aB2saNdEAQucBycKuVgnf5MZCJLHsglPMGJLaHzpTj02apoAd6cF9aAnLFW8auJS3VTTvIhE+aeT4MItu6YL5+sufEYo5c8yi8ipVJdq23rmKexCYT8R28HVizOMaVxrTv94nNgHZ7g X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 02:35:10.9405 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3928d228-2f8e-4200-6abf-08d51763306c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 99 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 89242d4d1067..ad4f67bc0d71 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -359,6 +359,102 @@ static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pdh_cert_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + void *pdh_blob = NULL, *cert_blob = NULL; + struct sev_data_pdh_cert_export *data; + int ret, err; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* Userspace wants to query the certificate length */ + if (!input.pdh_cert_address || !input.pdh_cert_len || + !input.cert_chain_address || !input.cert_chain_address) + goto cmd; + + /* allocate a physically contiguous buffer to store the PDH blob */ + if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len) || + (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + + /* allocate a physically contiguous buffer to store the cert chain blob */ + if (!access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len) || + (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free_pdh; + } + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + +cmd: + ret = sev_platform_init(NULL, &argp->error); + if (ret) + goto e_free_cert; + + ret = sev_do_cmd(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + /* + * If we query the length, FW responded with expected data + */ + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) + ret = -EFAULT; + + if (sev_platform_shutdown(&err)) { + ret = -EIO; + argp->error = err; + goto e_free_cert; + } + + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free_cert; + } + } + + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } + +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -394,6 +490,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CERT_IMPORT: ret = sev_ioctl_do_pek_cert_import(&input); break; + case SEV_PDH_CERT_EXPORT: + ret = sev_ioctl_do_pdh_cert_export(&input); + break; default: ret = -EINVAL; goto out;