From patchwork Mon Nov 6 18:11:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044077 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C486060247 for ; Mon, 6 Nov 2017 18:19:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB50E29D7A for ; Mon, 6 Nov 2017 18:19:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AE32029D3B; Mon, 6 Nov 2017 18:19:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 24C562905E for ; Mon, 6 Nov 2017 18:19:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752629AbdKFST4 (ORCPT ); Mon, 6 Nov 2017 13:19:56 -0500 Received: from mail-dm3nam03on0078.outbound.protection.outlook.com ([104.47.41.78]:9872 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932707AbdKFSMe (ORCPT ); Mon, 6 Nov 2017 13:12:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TLfRk1Eh81IxCvUuMImKxRmLudIf38GPIAAQ2k4fxns=; b=dr1LNFzqiVmBpbCLcBm5Brn2tCrwtdq+93o5jD245Pp8chX6V7LoWR3siRRSHCK4Gmp3V/74jULy94qnNgYWTHcT0/m/e4lZl9bEcbfdGxXgTIMe8MFEhO40HqsqKnXNR9Z4szRpz1RPv/JfqIm/icc4jPhJ2jQU8R2tjo7SF+k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:12:20 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v8 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Mon, 6 Nov 2017 12:11:12 -0600 Message-Id: <20171106181130.68491-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com> References: <20171106181130.68491-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145) To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: be08a1de-2c46-48ff-ad20-08d52541ec45 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:SN1PR12MB0159; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 3:36ZhgaRLDGrZeKj05L2ykBWnm3LnecLHAx4VopYXU40wEA8J9i/9VDgpo/kXo2aWFVR47qzCErnMehRBS7HB2SqOIjkVIzVff2if2NgJ54Zts2fVhKB7DhotWKmCSAsF8B+RuPGeRcKGE+36cLtHWWAPDo8X9Vzhv0+B0/SVld7PSE7Y9mFbhdvxFQfZmkhzjntufZv7L3jp82ELHk7jx2csd80OZFA3vXvMgDAGvvZAl4s29qi8uabn9ZSmYeNF; 25:qmGKs0duRrpnB+CLr7YsRPAaZaofwg3yYg84NC8lMMs5HxXN+WTvfHwi2KxQQaQB8q6vEDXmYvBMJY8r5kkJftf0EMLBhSM1xVBvjs7350X1XIYS7LZrqpzfbxo0eeZKLigSLbA7IOfi5ev5WtXQFNLOt2LxVZTNPcXDE5X8AMmn2IQEGe/RV6a02244CZAS+8zrGwo0fwI1EW3QI6JJDVWMakFeuJgTPxQzvrLTgLmLf/DTlspcr5TKe8s0XMLj2vrycDE57rKuWgPzZ5VvrC8xTc5ClDHH1KdFBF7F05rkTuVSsRsSJ8RlKyAOaLlk3Bu+OkUzvKx5dhwqC6dNOw==; 31:PpFIbrL8Gnf+++Tl7usQW6VIaWs5lJyuHIGMpjfvGtn6X6pFmvqFDIoRGqusKV28LHSElZCMfuqd/gG0yOGxQpsiDFFEIQF4TTKAUeYCbCD2y9OZp2HEQAcO2Kx2KSsxJ/0aIuDhrFRkq+RFFuFPTlhYxKzo2BzQAyNCHJiALDHPRUebGSCpE7jW4F4caTQi+d32wolMRXqZXHWYOrCfSewBX9PZ42olyMjNNra8gmI= X-MS-TrafficTypeDiagnostic: SN1PR12MB0159: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:c7IxNrFJDl8ij115Ot/VM8HfQ5vPZI866s8y35QueyzJpSrQ95e5O8HS73qphlio9pqWYn8awRhY+D8Y7OmLOyThL35hZ9fmfUhbXRonzc14zDNkzA8TfydRt9PYJd8iievBDnOE3tpHaB6roJOiHqKLuuEzohFo7ZCcDZhO712IaU+cT6W1ibAOXnY4gKqZ5vNsqAoIqfsaP1tn8DuR0Hj54RFXlayDklaupXWIjIgAbwMviLLm8SJZ+dWl7C9dZCxZJKnmYNID/NJpwcjd0JwEPGRx0Zun/ZiwUQ0yuizXYFBUy+3Dxd/2eAKg7T0SjYcI55QWuhGg5ifyGXQ/ZwL9cd9bmJl9rmEV7wGfTr56Ffuaf69YaZNFbJBdZexzb/4FjeeCavmVVjKZavl5ohuHR5/00X+kS+0MpUl/4p/nuCO5/Ods9TKL2YOIMrZktG0ZFPxEvtKRgPwD4gjB/vlou/PG0zaq2eUv1u5y9izYnDM3AhGG2FM0mnthZPZj; 4:w3VFnVvIcmHA0Pbw/XETPRX12+5PVUYvr5pMu+vnfml0+xehdsRWPFOMRYD1qUrIP3YfLlHYlnGVHDLxGwSia7Tk0U5992HlWJhW/pLwYG71+2iYXTZmYqhuiEC2GrLRt2ODlpuxwXqhiNPey+TWxAfZE6UsVFjvs4OwFpo91SEJKKbo5khxNTLRlmNcK0a3yEmiKbKrDaTzOr0E+2EjtEEcuqjJdrKNFhe4X9ZwtEKp+Lxtfe0/QVr/njx5UT5TABmEuUlE9nz6C0eXWPuTZbuhIvuhnSUrNZjtQmtvpTt+GEDAHF74grM1GL47tSOJy3tOkR1nwAxoVsKKZVP//g== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0159; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0159; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(76176999)(478600001)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOk1TSFZ4bWVISGJrTUlQWUFOS3ZEQ3oreGR0?= =?utf-8?B?SHZYNlZwRHhZcWdwbTdRbkZRYjlaUklLZVlsb2pCa2s0azZEcGlJaEsvNW10?= =?utf-8?B?em9MWXBRajVaOXRPSXI1RjJzUzVWbkJhdXR6VkpHUU1VZnkzdm1JZGNFQ3pr?= =?utf-8?B?NTZjdTIwenpqclJBaEh4RTRIcXdydDBkLzZlUk45RHE5Y3ZySWFDZG9IMXFU?= =?utf-8?B?Q1htWU9Kdm9PVTMyb1RSQUVaZ2w2NEtoWUJSYmo3N2IvTVVpZ2NHRFJEZU1m?= =?utf-8?B?NUhLcm96Skc2ZEVOVmJ5aG9ROHZBdVZxVnpPeU1pWi9PNjl5MGdUdCtUQ3BP?= =?utf-8?B?VVBldlZJWU90TG1TcDdTQkYxYzRaTUdsV2VzN0ZFblQwMFVJbkxiNVFnTWs0?= =?utf-8?B?VXB5UE5wMFdUUDFVd2Q2M3VqbEFpUGR4MExMZlBhcG5yL1U5L29FT0k4UnFm?= =?utf-8?B?V2RIaEx4UE5PdW1TNXVpTFVwRDN0U2dpYllubUdidzJ2QWFvdE1ualJDS3Ja?= =?utf-8?B?YVhnNTE5UkFsZkdMcXZ5NWV6OTVTcHJyelIwNUxpUzdFTmJ3VjJ1Njh0aFJH?= =?utf-8?B?UGV1NzBkSCtucVdWMGFrenJDc2Z6QlErUUdPQko2TXV1QXB0ejBubXdja3lo?= =?utf-8?B?ZDhnWi9kaVFOUWZJeWhBRzd4bFNXbkppT1phZkp6VnVGWVkyQXdxQUlLMkcz?= =?utf-8?B?aGNYZW5FYVpFYUhyc0lCRTAzWit6WG9aTDFUN2ZIMlVRV1IzNVBieHRKbUUr?= =?utf-8?B?REJUTVlZZE0vQUxMMm1kbjFmcGdHNUxQa1EwSFhQY21vVmp5SHJ4cWtlYXRx?= =?utf-8?B?QWJnUXZFazR6U01Na1V6TU9FNzM2ODFrYWlXZWo0YW0zb0ZaOGZCRUZSZ3g3?= =?utf-8?B?Z0hyeWQ1Z3hFWkc1d3JvUXFKcFFIbTY2Y0E0NmtTZ0I2SktOZmpNbTRldExB?= =?utf-8?B?Mmw5cW83bUlnaHEyZEgzWWZJb1BXdnllcVFRc210S05iR0xBRDNxbGZXVmJR?= =?utf-8?B?SjEyODdaUUhyaVVGNWJjRDVYOXVLVndxR3RycGE3bmRXWG9OL0ZCZFE3VjhS?= =?utf-8?B?WXBzRUU0Z3VwaUhMdkFSakxEVEppY2NYT2ZjRWNaN1U0WFQ1dTBTUko0SnJO?= =?utf-8?B?ckFMQjVEb2pmdGVCSXpsZTI0WDN2UFA5TWh2dGFEeWNqRDlRalZ4YW1CRStJ?= =?utf-8?B?eXlWdm96VmNFR0lmWUhZa1hoN1N5d1RCWk4wbXQwWG9STGM0SWE5eDFZZFZI?= =?utf-8?B?YjBDemhMcXRXdEJjVTJzUklkTVFDOUxNT2EwQTV4UzQ1eWlGN0gxeHg4bW84?= =?utf-8?B?M0dQdkxXMjVTV2kxTEdJbUQ5Ri83bHlWeXRCYmJuTTVUeW55bjdmVVhSdWxE?= =?utf-8?B?SGswcEp6SWc4L1lvKzNBNWZtc25VTU13V3hmSzFQRThSVHdQaVIzVDR4bitz?= =?utf-8?Q?iYL/iyVUfHRcS8BBtKMDDpU4AjF?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 6:wQzeAdSL4efvjobrM//MewJDnNilL7BPFYvIT9JlHsfyAyLaLNFsW9BE2LC4xjfMGKq9HSjzx/64i5OZIdvEMYS+DovsHVQMTHs9ijFBbGWlCL5dTTsLwXcq9bBBy1LtKq2tX58teHqScoKFPzHGw7WyEANpZko6/Psm0Rbq5GhNu02UCxWJYqJtRMP3KdPGpyucoyCkYsnyFd5BfmLfh8a9+JWX04g7BAB8A3yRxpTxgbbXbqglnLsNV88Dq33VmOf8h44wTVcQm7OVhcF+keLOV6fVJvdVIX2YWODBcVpApPOfNm+9zHzdE5Tpc6JF4bZH7TQfHVTNsQsUNeCMy+kmgsI3qCfrjZNOeIlvMDA=; 5:yc1+eIms7ak0F6Tlc1LSTLa4fkBzNgR9jTjenw9hLugOhXVhMzjf9wLSs9yOpnyF3ox0w3lzPTacPMVDsAak4SleO+Gx3YgpdssACYmiJmGnWGNo0JNBz1uqa1PzEc6s2/zTzR2a6/As3t+eCwbn+tzp+cr3l5XlyAIXo0/X010=; 24:kXUfvLNYLtJfEJZ8C/L9ggiM7XIqr+h96/poHMmAbbbL5Zn1+8aY0x0PVShlwvZIDmPUb6M6ZKWbmMcUezX7btGre4L+Kkr+8VuZBtV9JFA=; 7:g3V1Gzl20UggpqPeHPcAwZ0ZqU5gJ2NMVC4z2+02Ewtthg0/D5AV/RBP5dvbeQtmHxCRjMsrhTL8ZqFe0A6cBz9hXCSO2Ijyg7HIoAhQ8cpZPsLKdRxLwqqWz5+SxGoHQH1Wfzlz1KBUrkRr/Po5M6Zg7RCBDAG62dQNDDqD8zyD7v4mFiFf+oghikZTbCbAjWZzdCBAU6RQdE5LUQRw/nhM4yXGAWPkCy8TyngBIRis0fV5x+9e64xDW+oTaJBg SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:eVUCWlk21PUUVwAIk3uTQu2Jf1Q3+djsiA2foB2zJVl6TwwOtBl0m4z/ZWxe8k9SCMGcCphFRD1DLI/tq4h+sweZKWW3DRpSLSbXzaw3DTC493Ug9CpTQX+2aI4jZiNo3M8z9a3Xi8JYhAc++HdTPmpXadJTpBZPevpivlI1EejYOCE3V4YOdHTeUEcjmcMwD9H8u4QjgOxR+zHxvzsTPTeICWEKSuU9esQRBsoNR2L6ryi/h812E7iTi4XlEQRa X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:20.1290 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: be08a1de-2c46-48ff-ad20-08d52541ec45 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 9d1c4600db19..fcfa5b1eae61 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -443,6 +443,100 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + void *pdh_blob = NULL, *cert_blob = NULL; + struct sev_data_pdh_cert_export *data; + int ret; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* Userspace wants to query the certificate length. */ + if (!input.pdh_cert_address || + !input.pdh_cert_len || + !input.cert_chain_address) + goto cmd; + + /* Allocate a physically contiguous buffer to store the PDH blob. */ + if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free; + } + + /* Allocate a physically contiguous buffer to store the cert chain blob. */ + if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + +cmd: + /* If platform is not in INIT state then transition it to INIT. */ + if (psp_master->sev_state != SEV_STATE_INIT) { + ret = __sev_platform_init_locked(&argp->error); + if (ret) + goto e_free_cert; + } + + ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + /* If we query the length, FW responded with expected data. */ + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_cert; + } + + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free_cert; + } + } + + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } + +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -483,6 +577,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CERT_IMPORT: ret = sev_ioctl_do_pek_import(&input); break; + case SEV_PDH_CERT_EXPORT: + ret = sev_ioctl_do_pdh_export(&input); + break; default: ret = -EINVAL; goto out;