From patchwork Wed Nov 1 21:16:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10037599 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 20F06603B5 for ; Wed, 1 Nov 2017 22:06:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F394283FF for ; Wed, 1 Nov 2017 22:06:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03EC928C11; Wed, 1 Nov 2017 22:06:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F6BD283FF for ; Wed, 1 Nov 2017 22:06:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933520AbdKAWFQ (ORCPT ); Wed, 1 Nov 2017 18:05:16 -0400 Received: from mail-bn3nam01on0043.outbound.protection.outlook.com ([104.47.33.43]:12256 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933525AbdKAVRK (ORCPT ); Wed, 1 Nov 2017 17:17:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5wbUcMCH0mD2uPhOVH2AhY3ohhS+vHvsOX7UwM0Mnbc=; b=zgliUAqfhtf2y57p6xbqf+VSgomQli6pcfAJgrCg1q6fh0qjjtBqBwbZ0ZUDmViXGrdZc+uAWp61eshkk05Qipxc2gtZTsb+v73mynKWruS9RI7vkdcqUnR0j4bBp5aRbgxleXL/Df3xnQbcSIHrSweuPq+NijaWHk/GgnI4uKM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 1 Nov 2017 21:16:49 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Wed, 1 Nov 2017 16:16:05 -0500 Message-Id: <20171101211623.71496-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9fdeac69-ea80-46fc-cd12-08d5216dddac X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:UEhWHzpoRIW34kJK5Uqt79CYNxV6PLrZenzuNz/YM+gpbHmuhKS03a0W/gkP2b0rLP/q7cocuSmVq58WQsU8oP4JUSdx+Rugke9gfbmWF/b2IKxyJIollkSd/tgo2XpC9pKY+1KjSlt0QaAs+RClDArdUVx/GJ465tqQE+ITHGXLyVqLM6tkHm5hIOhGf0B/ReZWscHYWe+eQ3SLL4/UOICS/GJdRs5EejuWVbBDO/Xbs0RSNdFAABu6eGa35Kh8; 25:Sd7AYOYbs1Y4UCGO+iXbZ7TFU5Rw1jvamxmKTS+pCJkJXQrI60beGIi6Q/C1sB0Bs2anKxgr9InOen6RNELOWiB1LtYWyps6tLxgoZKa/AItKP4S6EP2XoL6eT9oU/KLvqK62sQEIncXyfDJtFFkHNGMZnfVfdh0GxhdaiotLhOFlVEFg5xQzyrmftGlhOwpQzffSQtW3ESWyWnb/74SqJomQyOjNaK2ccxKvhl8YKDSmgVKImcnWzKRKidR2gv7GKnKnCjblMtDQl3CNnkI66Bm0BFsAdzF2u4AD+CDvLRFazyk+dfU4pZ1PVjGjF5nvjolUgTg6Doh2dHCdoPnQA==; 31:88b02lu9DdqKtldvbLm93RqNVWqyYIDYU56pqGWN0aiMuLB65J6h1Bo7WdU9/e7VcUDVbnoF9jRxK1otTFDEOZB92ZZZ5zhDfGRmDXZgrqzUvhctlw0smA6BJ/oT6J8NgzJCTeCff1LzaGp3ju4K0I3e7UtH8bkAYvaUehvF+nuLINSTtv5wjhLimKloKMof42ZiKD5wlXlLI0Qxlcq7q+JnzuI6rXiGL1ruzgbt0EI= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:Sk1f/Nt306ULlDwz2LJPVLr1EV7TvWXotANtGJL2D9vInxLPBb/TMg9gAF7WktN0H/VJiyPMpq/cvCJ1eyIKu7aLzBnSjiU7RwucSTwy0mgctW3rS7htDEANKZP0ugEeH/99eEZMnKTGFugdwUOVI5RFxvNHhdNa94Ax5Us27SWd28/uaDVA4uxInU2dqz9EKOzK9bdpUfLCSyAVk4Uao6m3EvpchPDb4ke/ka+nicFarW0IdXJj/O3juXkLxLMPdPLfYFUKv2C5QPjjbVGLEpblREl65B4CQLOeNvr+enKivA52XqMmplnKz5sHD6cANWmFjcchIl31UJjRsyKdlYsqP3mFlYQ+xhMLL3ZrstThdZ4jg8WnwjeZL2LevBwQOhNZtmq73+QJ1H+iNhUAloInk/ia3M1AIc57Xv9DNRhlKKn8Z7cQGqjVMGDZC8HXAAhONz8B/wANFB+iBtsripx69QVGyS6WjEDb5KfR+7tvl6OFLT5W04BW14mqepUf; 4:gBPSfXl4pZlSpbwtGYGLmvY/tdiDl2FZpkBAlPxe/UmfUnyb3gpF12CibrNypXoNngzVpdzeQnp5BzbFl6rYlxVe4f+2t7W/fRQ0tYRSth52u0rtnLvahFBNBmkJ1J+GxAlO4DtATwWomiM9MRwyJDEC3zIMC/lvGnsCBw5094Z/3r2xlHtX7ZwgR+Gai0LV1EX59MGBpxarVqT9FWyufUF/JlLP3q8nz6MbfWoF7UCBfSBWSc0jBlFsfU7063lP3ltyUqZ7PUYKa1Kggrx0nYnDvc2/A9RAqaG92LUhrUsjXE53fkpTkHPnhPs6/NcuKxFbhS/Vjp+UF75s891xAA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(81156014)(81166006)(105586002)(53416004)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOlVrREJXVHIvVHdUTUQ2eGZqQkpQVzJ3MzlE?= =?utf-8?B?NmRibVlkRWFMNEZyMy9rYnpEYmVsaDVHdU8xK3hWejVoMlNPNzQzOUJSZHdv?= =?utf-8?B?NTc0TmJ2RWRMNXM2YjFIWjlRaGsrNDRzY3I1eGU1WlBLb1BXdHF6SlVOWXY1?= =?utf-8?B?VFNvR011bUNMOHE5QlFJcEtQVkc1V3V6Rm1HSHdQQkk1TFdmZ21pMjhxdmVG?= =?utf-8?B?V1M3d2w0T3FSckN2U28xbGthVk5pVTZKVXhnaTdiY2tCNE5XQ0pza05hdTJU?= =?utf-8?B?UFp3S2NDZDlsOEdtS2VlcTZxOEJBYW5hVWxpSGRTTnlmUTJJbUZmK1lKRVdV?= =?utf-8?B?Y0E5TGhDbDh0MnRsWW5JKzVuZWRKOEZncTNESDFOQklwVk42ZEtvT2V2R1F6?= =?utf-8?B?VEFUbHVwdUdnL0R3aEVQY1oxdzlYSkNaVWhhZmROT3JlWTY1MFd6UGx1a3JX?= =?utf-8?B?VzJEMUkwaUhReDJIQzJKOHZheVZYdFNxSlN3Wi83aVlWeUM2azV2RXZxKzYz?= =?utf-8?B?VWtnZUVmR1MzK05SYTdhaWJDb0orc3VUZEFyMlJ4akZUanFnY0s4TWFsRXdx?= =?utf-8?B?bDVkcjdhUmFhVmFEK3lXS05MeXkreElQbWZtOUg3Ni84NFhkb2M2SFRaMGlG?= =?utf-8?B?cjEvWDdvWCt2WDNqYWtTSmQ3TzdwcmY4d21jYmV0Zi9iSDcvNnduOXlFSlFY?= =?utf-8?B?ZTRXL0lodGE2NWlrTkxVL1RtbVRlMlhNZjJXbEEvcEZrb2VQODJub3R5dlBv?= =?utf-8?B?M3EvZlNNMHRVRVFiQkdOQjlyM2gwMGkweWpmOE9ScS8wRTk2RW00ZGg1Y1E5?= =?utf-8?B?RjJ1Z3JmQ3JNSllpZTNqTHdRc2hFWlVoaWVkTWo4Q1UwU05vcEFTQTFPWTZ6?= =?utf-8?B?V0ZHdnhScHJnaklzYzNBd1NOYTJaUFZ2M0lDSFoyaFdDTTRtaVNnaktZOHlt?= =?utf-8?B?ZlNSUUpFUnNJMzY5Zy93NEg2NGtFUHA5YjEzUnc1TUZaamFyZGpOSjFWc1pn?= =?utf-8?B?SWkxa3NQbDF2dERkUUJkK2JpVzJVZzBqTG44cHZEa05VZm5PaVF2YW1GT2wy?= =?utf-8?B?eUY5dlU4eXBJT1cwN3VRYmFBK0E2QjBia3VaOEhpT3c0c2pycC9yUkdLZUo2?= =?utf-8?B?SkdRa1c5cUJyQWc1RVRhdGE3bWk4VGpJQmlBbXNvTVNhUStUTGJYSXJPM1ZV?= =?utf-8?B?ekRLY0JBeWpCa1d3YXY4eGNlM1FybnVYdGVVN0drMkdpZHF5eis0SlJyTCtT?= =?utf-8?B?VlpLcTN0UExnK0pKUWNsTEd0MnFBZFRuQzNyU2d0K2d4TlRjZlJSakE2MTJJ?= =?utf-8?B?SW9BTFRIVUdwVUNTODhsb2xlekF5dmloaWpBdVFYMHMxQ2lqNmsrcVBOSW5P?= =?utf-8?B?VkpwNm54U2ppWUs5YUVwTE9jQkdDVVdtVlBIRzNOajhPRDE0WHBSWGRVVXhm?= =?utf-8?Q?9dDUIt/tcdZqbJiECKKzogftDEZ?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:YRik/aPSaqsDRNVtm19KTTPpTmNF8EXaeDKf3dwPKg+5Bt1Zl3CAoe8RrE16Dti997iR1JYbHhQ/+rcv6Nkj4LoW5nhDdHBKp+nXyDHaZjPF7ebMCz23Agjq7p4kXGJKGAjm/CT2VgoCJzSAr83+OyyEKtBQlrEo0h3j6QpCXrTjgpSCRZfW4ugbwq+aUTFmEB8kNuC38FiVuvU5Yj9V/RyGCooZw1OWfRBcl6zBVsjK7bjkW0ib4GQ7CzJUqZJw2ihWERTBfhHeKc2sWeKIibKFLfsmxSurw4vodJt+KZVVxsnYK9xZe6KJBsg2Q5Cef1hW54DhQs2YZanBPlyFj0fafjVeKSrxcua5jgGM6GY=; 5:99FyCI4E+LxvUKdu1Wk7PQuxy0Wvxtjl6OuwI5dcajKHzZVeUpTy4ubwCFCmFWlX2w43o213uSL5sAXeABHHtc14EvTh95nc+dBCoVT+May8Kh31coB0lwL7JBSQr8eV5NuBGONYn1Ha8szZXri/3pl+F4D0abcT3kUTxGjaPrs=; 24:s5o2doWtyWnIJ0xkkoD46yPHIWbTcHVrplxg0IjaJi2bWB6e7YiOoWd/q+KUfe0i90oQ6EnO4dVj4/f2Zkqbl3L65Kb2efphY9ufkVcFxss=; 7:Uj9AAeJfhjgNNg4CUQ32VXw2kXMaqN5ltASx1JIyFST4gvIV5fehrpNoimJ2qpLWggAZJ4UMxc32ARukB/CKT2RN8b4MYjCjeHZcnPL+ox72SllJWtRZ65P/iTbPEcKkgDn4bPqjRiODwmcFoBqBjci/tA+0O5mwdWMaIwjKIg4ScMPVnRnoPegcLyAIl7HJcUnB+qHi6+9Kwu4ajZFySWWoCR5Sv44Q/3AHkwAIp+xy1EwPj0IbNt8SSvquvUrq SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:57W3uQkVzy+Pa6Znm9Ov2lAbgxX5EA2osj4LPpfwCKC+cz5pyFO//ijB5omcNw9scs+HFdmcJuqRYBp4/lB3u+oWmOeo2pUBVoXLS5adWbOWm9WkSVpr/vLf3fegZVUFV10F5mjHBYzjEh05byaA2QB+h/VPmgF19dDAOA0Z2t0DDHVRPMpSeFPDWnoAcfT+qRoh2LMdgDtg5Wwio7Eib62t9cp/YJ8B2NLJibmtUA4i63nRVoKg1HNc/o3f+HQ6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:49.3753 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9fdeac69-ea80-46fc-cd12-08d5216dddac X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 98 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 2648faf33a19..96739ff105e6 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -441,6 +441,101 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + void *pdh_blob = NULL, *cert_blob = NULL; + struct sev_data_pdh_cert_export *data; + int ret; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* Userspace wants to query the certificate length */ + if (!input.pdh_cert_address || !input.pdh_cert_len || + !input.cert_chain_address || !input.cert_chain_address) + goto cmd; + + /* allocate a physically contiguous buffer to store the PDH blob */ + if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len) || + (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + + /* allocate a physically contiguous buffer to store the cert chain blob */ + if (!access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len) || + (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free_pdh; + } + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + +cmd: + /* If platform is not in INIT state then transition it to INIT */ + if (psp_master->sev_state != SEV_STATE_INIT) { + ret = __sev_platform_init_locked(psp_master->sev_init, &argp->error); + if (ret) + goto e_free_cert; + } + + ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + /* + * If we query the length, FW responded with expected data + */ + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_cert; + } + + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free_cert; + } + } + + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } + +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -481,6 +576,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CERT_IMPORT: ret = sev_ioctl_do_pek_import(&input); break; + case SEV_PDH_CERT_EXPORT: + ret = sev_ioctl_do_pdh_export(&input); + break; default: ret = -EINVAL; goto out;