From patchwork Wed Nov 1 21:16:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10037617 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 737A3603B5 for ; Wed, 1 Nov 2017 22:07:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64C0D283FF for ; Wed, 1 Nov 2017 22:07:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5985C28C18; Wed, 1 Nov 2017 22:07:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BDEA4283FF for ; Wed, 1 Nov 2017 22:07:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933525AbdKAWGJ (ORCPT ); Wed, 1 Nov 2017 18:06:09 -0400 Received: from mail-bn3nam01on0087.outbound.protection.outlook.com ([104.47.33.87]:27280 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933321AbdKAVRI (ORCPT ); Wed, 1 Nov 2017 17:17:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6N7xqIKQVaCbELhLJ9EXaiFaA+21mRQsS1wjkBeR0BI=; b=IkzcwSuz29U0botS7g9ExyOua9VgpI3j76KIDRelZrc6sGY4vXSugnoviFQIiLhmLz/dXwb6LnO9toIgF+K5qfbuAhSZazF0xNfbzHJKXIQ2AwVMVY+sxpDpNL59hUCaIqnsl2K4MfuSyKYBNKQVV2oJGhrEdvtBCj4k+A8H2Xo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 1 Nov 2017 21:16:48 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command Date: Wed, 1 Nov 2017 16:16:03 -0500 Message-Id: <20171101211623.71496-19-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: df5cac4a-16b7-4b9f-11ee-08d5216ddcee X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:Uve5RQ7jVNnCw39THMvRnwx45cifEzERDr9r1dPBnEdes8r94xw9pU3DWGl37gf0ADIO87IsZL9XO7JjdSqo+qGpbQIZHSwg8lk0N1qUt1irwU8LcwJ59iJ2qZYFkXyHMubjAMoymzI7e14iT6/8+kWi/sDRT786wHte/r9KrwcZN8jFO4aK+qfU242yn7IfFDKMuntTL3AHOVQvulU0miM2XQ4D2gG3soy05myiRRz0ZN/HxZPeGHJJWrk0VNWV; 25:f4bcwb08IbesmwbI12FKuzILzC5jdlQsOn95Qoi35T4aoa8KI3Q6Q50tmN/8rjuQGPTYV6nb2VJkH8wXxkS0SLA4JgoFtjUIxFd/FxoEK9gql1x3xJPPpAsMzeEjFy9pY99kGTOO94HiA8dbhwqdwa4hwmq/a449CmnkzHcT0Mf/cjoeaHJQJJbe7TmXBOSVslro8dLeyfYNWr0cA7GhdC0qhJdbtrAEL1tYRaApMa1+kqGf3Vpe73ZHHm4Oe1hQZq+jndml9BF9e3rk3EIEGocGfxsLLhD/r4Z6PXK6y63Mtz5sWYX1OINevua4gESvsQt8FL3AUpC4bSwjHj1NXw==; 31:wKQ8PE3XPRYnfV3SNSUFwx3r+TNr6R4QJoOtIKVethNeOireL37/v1KxpDZLYY/eHg7VXCh2RVRpVD1Fk0PwsisgORh6FMIYdBBVjo+Wmad9TuJ8Ioixi2RY5btcOhAfCPuOCwtbiS04xlCGdTGaYPiDqXZQIsdyDsMiiMztGIi3JDriNZl/IirWrGvuGDKs49LXlCpmhpJSu1E50XUQb3JEOT5SQVZNd/CN+GsXgG8= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:QuCkvFB3lCNRsCiO12uXDjZuzE/npMZXtTm2v0lEWelujuKv2vYE50Pu3trvImSFGuvCGcMFa4dgOUR3z4BN0ZlA90HIlz1yuxbUOeIay8Mrv5rESzdM8QZPZp0D0ReNu9B7Pa6riQw7/5GrbpoKgi16tFNbT+YxEVoPaCxL7dVPOizIkITH3kaUrqQ9sQ5BPPtem6u8kT7a4xtXDNpkcJMERWLec4aJYts+zpQE4X679aqsA5GeSPgkOphS6K1OBpb4buaw2vLxq3Nc8s45mqeQjNyTMpRNhy1XSDzsLHTSBYq5HtC5DI9KL6dizJSg27Rlrn3bb2PHveXJ+llE7G4w/xUdk4ejwPRcRPAevkRqZ7+9RtKkSygRTl6nDuZEetr/rgCVMJD3w3sx+3SLejl1BURcswdx9C50/tFe9kwn+gr1UU7sv45g2TRNQXe1aAATpJ44HG15pmeZMzC/OBcvhixxhops+r8QGFMcqoVAXkJUBmwsH5aQw7551OmQ; 4:br5hn3Zi2PicHPl9fFOsBuzTVk0UAsPaZUlKWcybWXvy+8Au7O3I4nYTupctWjflf+r8vmfOqdgCxPIydQqoigS9o3gMmLryuoYoqEfY3hIjolaJaa70tpHyB2TKP6vDlxzC9uP1hBNC/7Xn3LQnlFao6g9XPBEdsrBI8KKcHad9NtBVkRoXeoTcst95vLvhqedmj6scZr+eXuQXkWE3DLR0SSVJHEWJWIiSr2FmtCEgvLnoAk0nJek4XAKvwcztTTlhwTEjdyQsszr7ooe72ro1khEfD1cVolY1/xAibF8oguMyyuditeuzFS1OdgIFPAprWe5Rg+eXRqHUHHtlkw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(81156014)(81166006)(105586002)(53416004)(575784001)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOm9wNmUydGUrRWxVWDVKRFBmTG45ajVQRUo4?= =?utf-8?B?cU1CVTFRaG90WkFoZjJOS1ptbmt6blpkTEdiRFFucDQ0Y012bG1OeDlQdUUz?= =?utf-8?B?VVY0ZkFDWGI2a2REdEluNnZZM2lTZDRFL2dhSHRiN1BnRVdGaUNaeVBUMnd3?= =?utf-8?B?R1JaWk9PWW9wSkdUUVhRelVnQ3REU1dNRCtmWFh4M25tRWZRSi9tRHJRNEN3?= =?utf-8?B?N2hkc2ZMVDEyVWtWMlhhcEx3VWZPWURGbmVEV0YybUhKU3dBVVRZNFYvcmZX?= =?utf-8?B?WEdESkJqU0JnVnUzMG9xM056dnlncWxmeVhmMHo1K0t5ZkFDS3ZNWkN5TmxX?= =?utf-8?B?cVNUUzJRMW1aYUlxVTVPdjRjSDh0ZHVRSDExa2NlclJtVVpxWjJsbWx2VWR3?= =?utf-8?B?cThPdmJJVklsM3NFT2cxSk45UXY1RnArOTJneUFSK3dJdXlQaDM3bTkyck9k?= =?utf-8?B?clRrTEZYZ0pqY0kwUHpMeGRDaW1FcWcxOXovWjlaNmFSUmNDWXlTd1N0U2l5?= =?utf-8?B?ODAra0UxWDVFaFVXQ0VsL1lTdElBbjhOd1dYTG15SWhLMHhDTWpGVC9vc3BI?= =?utf-8?B?bXA4VWl2WDdNUDhtWTBDRmJjQ0w2bmk0cTNBNTdJaW1nWHlncHV6OVBvaVNn?= =?utf-8?B?Sk1ZUE1YVFhsTDRrMy83RkV4aks0UTlpSE0vcTcvQWQzOU5tMlpNVjlRQ011?= =?utf-8?B?YmJqOU1TMmdWeUtaMGsxdGI2OU9XbWZacGsxZ1N5dVM0YUFvbUJMVTk2YXhT?= =?utf-8?B?REVNVkx2Mld4blZsalN6R3NQK3NRdHFmU1phMFgwSWdINDVGUWlLSXBncGgv?= =?utf-8?B?Qm9VaUVhbjRySnBwbWlydFc2WGl4c0dJT2hnWVVFbVZ3OVUvN0t0bUoweS83?= =?utf-8?B?SHI3cS8xeDZLSUVPMkZJejBWWkNJVDMyZ3Z1ZW9kdFFJRW1vZUVDSGtFYURB?= =?utf-8?B?SFhPSXhudjBZTkFad2h0bGUxUEkrVjlkQUkwcHBCVUpwWUxZR3dUSmVBVWlB?= =?utf-8?B?eUd6VW15ZzZFQS9rWnU3K2g0ZkdjV0E1ZDhOeldXTTAxeXgzMmZTazFtaU5h?= =?utf-8?B?MkZoYVNVSzlqQ3pvU1VEUmRSNExhclN6dnNvc1FaVlVBaVcvYy8wQkdYcHF4?= =?utf-8?B?VFBuYW90UWZJelQ0RHJ6OGlQZ3JWR2lpYWZhOUppU0VqMlNUcEk2UityOVhT?= =?utf-8?B?b3ZkalpCa2lyYXo3aWh2eTIrTXp6MG1wYVV4cExHb0RVcWpGT3ZwR0JDYnhW?= =?utf-8?B?Ulk1djBhRHZvTzZsdVBRc01wQk9NemJ3cm5EZHRBTmgydWowQWFZVy9MeGVT?= =?utf-8?B?MW9RSERVdXdKUThjckpBSTBsb1NNQ0ZxN0RkYVBHanRXaWRGY2FQLzVQVEM0?= =?utf-8?B?bVNRSmFIVlcySzA0Q2JjQUErdDF0Y3NnL1FBWmRIRW9GYTQ2U0ticzJBeDVt?= =?utf-8?B?SDFSeHBMMExOU1ZvU3RYWTFLLzNKd25BbzF3cHFuZWkvTDZBN1JNQ001SlZa?= =?utf-8?B?SHQzdz09?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:DNoniXHlqQqM74uNiBaBCQvixPu51oNeGtGhNkzdjTlSdTyFDI79nj0gObVmdw/6kO5bR25Emo/3Bte9c1Z0GOAXWE6eNpPkRLC69K4lBPBecO1VvWnag+4FL//+YW1EtG9VpTfpaASyRcrKwrNvt/eaYRi3ENDEb9pJz1xKIazjVzClwwKogQw6ePCO1qYoqZdc9A+2S7pX6svMn1N6VpHcaQQ7Wff8v//vKJGpBWIhGiFGZHknEpAbGoXUNkt4y4wFuCo6UeXM74ObIvWM3bGmGKvDMpzSUb8RHUw1KcNbi2+2H9r2ng78E7GkU/D69pSfQPKhafoMfnJvwq7EL0INHgyuE9F8m+Yj/pOmbEM=; 5:kisJ6bsrDeRRTRiPOnGZBofNs9fjYXc6ihDFFr783KitnCnNpEEJi/G9gya7wENxeWSdoL1q9XaZtXsag4ErFgMakksHN1n7qcIg8olitVeqBSozC80xWs/0qHLmLeSY4Kz1wLnPGgJ6OE0eABWG52HX10IQb4HwuWNBuV8eafo=; 24:rK1+5szeyKwNzwpHI8wub+li8kPuj/ExRTJZD3rm/Z9nNjafnaPS1nOpumhgnepgk4NqliKKFEQMbZ7gKnU5dDyF5eUg5ePH2W1e2FjjN8s=; 7:beDAKW2oYsu3HHjUSfr0iH5xjUgNpzeJpeV8NDCzA5IwOJdhlSLvfCTkMk2WQSKyuHe00jEBZAJ5ldc/8ot8oQwhHVcdVTtkKSsSv4LH0wSWNWmPEXh5GJ7RvZC0/IdZpDyzxVmderV8TYjEVLSFpgP1f75C1IWwOpZuJ+NDtlB0XwmW4c5xRyTHhk6ZcluTfHnaSPov1CB8buUtcQu2Eo1CRWENPLSGUeIHfbQcyxEi9mh7+ZZYetVY59vC6jfP SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:iVooYj/SELvXu6AXLoMDpl3CJJy0SF4cvj4X7Leby8LYiQ4ItgO4gqYm09u++nuj9+IpddyKzQeVW1L6sv+JKYxMzEABUkjexwBQ+o02M69RgL1+p1emMoX0+6ZvbVYTcf/0WC3RMj+8FCwlbqb8tYfuvk1ZwtJNK3mcu90DA92Cw5y+iL8aUQT5N5JjEgCB4hLCkvBtwGEf/jAhSicZsuSep26yc29qW1yvrVIMvn/HKv1g4tZ9NNU5/PWIOsWx X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:48.0159 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df5cac4a-16b7-4b9f-11ee-08d5216ddcee X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 68 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 42991c2e9085..4e2f9d037f0a 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -298,6 +298,71 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) return __sev_do_cmd_locked(cmd, 0, &argp->error); } +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_csr input; + struct sev_data_pek_csr *data; + void *blob = NULL; + int ret; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query CSR length */ + if (!input.address || !input.length) + goto cmd; + + /* allocate a physically contiguous buffer to store the CSR blob */ + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } + + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; + } + + data->address = __psp_pa(blob); + data->len = input.length; + +cmd: + if (psp_master->sev_state == SEV_STATE_UNINIT) { + ret = __sev_platform_init_locked(psp_master->sev_init, &argp->error); + if (ret) + goto e_free_blob; + } + + ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error); + + /* + * If we query the CSR length, FW responded with expected data + */ + input.length = data->len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_blob; + } + + if (blob) { + if (copy_to_user((void __user *)input.address, blob, input.length)) + ret = -EFAULT; + } + +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -332,6 +397,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PDH_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input); break; + case SEV_PEK_CSR: + ret = sev_ioctl_do_pek_csr(&input); + break; default: ret = -EINVAL; goto out;