From patchwork Tue Dec 5 01:04:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10091903 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 64B9760327 for ; Tue, 5 Dec 2017 01:12:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59328294DE for ; Tue, 5 Dec 2017 01:12:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4E2A3294F1; Tue, 5 Dec 2017 01:12:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C430D294DE for ; Tue, 5 Dec 2017 01:12:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752588AbdLEBMA (ORCPT ); Mon, 4 Dec 2017 20:12:00 -0500 Received: from mail-by2nam03on0083.outbound.protection.outlook.com ([104.47.42.83]:22016 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752486AbdLEBFm (ORCPT ); Mon, 4 Dec 2017 20:05:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TLfRk1Eh81IxCvUuMImKxRmLudIf38GPIAAQ2k4fxns=; b=li8uzD2XP7rATXfPlHbR4VpHetRbFV8ayxioHEyKyAlx4F8Xzvqji/y9HXmqD8D/Rqq07HD5qKBGB1XkU+Ye/FU3Xx47BvxzSZeozhDbJLUQ6lQ5NH0F0UrnT3XEofZke0biuxrPI+mtZsU2hskAZEeWigZogTgR+u3Zsgsez0g= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Tue, 5 Dec 2017 01:05:12 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v9 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Mon, 4 Dec 2017 19:04:20 -0600 Message-Id: <20171205010438.5773-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ee30b9b4-ddaa-4392-43ab-08d53b7c3d14 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 3:K1dhdoItb9CrnmZNMeuvFKxeHHrYT1Dsnifhm8hHhajY5EEiKC/zPxrbzE6c8lMAXF3NlZFuHP8aJcYlVOwlvUN16VnuXw/n0oesd7S4kes526d3BH+BkuKf/b1eP/sXPKV2OiAKsPFT11jIcRSAjomk4Dqm8QYv9qY3iZVX7OT1klIj/t+c7MNVlOVTJkMDpDyE8XiDMTYnIq4Eg+y3uzUdBHk5kltd9ih/0aOaIrJp/SRBsnTM7L7TK2vmlwGZ; 25:eVE11RHRcwYfBb93g5ygtp85zdHhOmPjXqrAPhuTCAYUVAXFzkgleFU4g0HVrbGue4OID2GycZD1CnpeiWxShUI31yLkrpgFgUkegnS4yJtAy4xDKrzYzlkEcY/Da+lruspKNAndG90cYNVvWnIl/lTMSU9BaeiLih/FWXmjj6+ynPwHm7LU9xG92wnoekNPr0Dz/tWd2ZM4AGn0temdOfT5BZDl4GMvaUDNCKXy22xduFEnBJ6HcAFsq3yQ0/ZvW9BUZDLVEWhAESReZ5f2b7avL9madRjLvX99dS9juKlcpIw1pSPt/iLLms+OWwdX12vjT7cuGzQW1HHZrv2Dhw==; 31:UkNTIlKN5aso85m0u/Lbo1CJtdQeCMJetc5ZchZxKi+wy9hFEsSYaklpZaZ/YW5H/dTwAjs7pjYVSl9hXOodGxK3kvyZQkWkaaft9+zgFvKZ+NpAQrvmPcKNYmNyAWn93Q5mI31fYwrCmLqaeDiorfYLd+9IFxMIMKtwo72j/W7AJ7nxE97apxw0ZeRhcWFF0q8MhA/DjhEJ+9CD2XCJrwQv63u4nh/T/vClb81HWyA= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:Ejl/eCwlUTYc4ip0uoXkQMHFyh9XFikNtuUnaooJpr+T/P7eygYYkFy5bqGFmjpwuLawtIseOS3u41YZfUsJ+fULOyXmlujCZog6FduSLp/Rd0FA8WRaXLz8qgL3IVOMGmIl269Lu6OMHUQcr2ZlnSYKeKjBeQJ7SFujT9G5qfU0m1Sf1gRx5+6PJwdepqzg4ZTsIb/Xdav+GLsUYc+5o5yZAGapQrrKWGncohG0DWTVD5NRSXtM9qNwByjjy0o9pG5qlFXQYgYIRAUwGrUcJKzWzUl/17tUqT+0t+kpmjLuQ9Kq+iwF7cEuKrRlMPNLTZP3tXmwgMWIFoR9ffvEZKWVBCYcfLlPio1JZEVT+jX6Z320PiOhN52pkXuHlaVAgZcFRFZ3N/Nf1ZRzxfYx3tvjf+ZXgpCHOfgZNshK31kAyKAD4m+1On5woxvsX/awek1sdTXv8jxhfJMrm/JMcCe+tvkRu07lW6lnmAcw/v8MC2CR+70WLensty1B3OtE; 4:zSyhkYtAL4qtypL8cCva1lmAK11ThXTHJao2kQ2pHfkmNIaprThvYh2SC8wvbhCZg/+qDD0MBHtUOcFxkSDNXyEHAz7RAdpeQnIqqs/66wUqh4mnjRw+miqSomRanV1gJSIXPjRWkRywYnUxvb1NLbdY4RUlp2XBgksw9CYaJVotx9pTwnsyM/RJZbFsS4OA+cwGkXgaFV9lShkGCIVNInQ1ESVwFm0ktuvlRdMRVhOaGXz3/zaC3a7E0PBlIMqoQ5wJ2yWYYxOa70VBiySw0VM5+/i2Egtq5Fp3qeTXlsicI6P+lnmVzVmOe8RBftPQoCPR4DYwX6qdpknWrV7IOA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011); SRVR:CY1PR12MB0149; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(6666003)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOjluWk1uczZUYVZXeHY1bUhwTExiaHVrTHNn?= =?utf-8?B?NlduR201UEMyN2t6NjdUcE1pN08renZvcGJBdGNlYTc2aU5KUVMwMlVNeGY2?= =?utf-8?B?U25xdHVCcUl5anI0bXdRMWoyRU1RUk5Md1o5dE9nNkw3bTNyYUpHSHI5akdV?= =?utf-8?B?QjAvUHNDa3dSbDF4KzRGeFBiQ1VHMWF0RHVxdE1vZk10eUh0Y01WT3VwREFT?= =?utf-8?B?UGloQmJmMGs2STlsL3lTYS80dWNaOTdiVTNBOWh6dHQzVlN0L1ZDbnVwSU1H?= =?utf-8?B?WG9yaFArS0d5eDNQV3ZKa0xyL0NndEZyMU1VbVFla3c0RUdkUnpXTnZkOGFh?= =?utf-8?B?NUFWTGg1b05aazhoRlFYVnNCMkVCZkxiR1JkQTBSaUZITndRcXZyYmc1R1Rq?= =?utf-8?B?SW5BVElsNEdnVHdyNTA0M3FSOVJ2OG1rZjZhMmNvQk53NVloVEYrcENrcnFY?= =?utf-8?B?dVUxcFVoT0gzSlJxQVdTOFVPbFdCdTVRRHJRdEFIenJ4THB2b2JUZitkNWRt?= =?utf-8?B?UGxuWVR0OTJ6eDZESGF6Ymo2RzJ4U01VU01Pc2RmT29tcmoyN1l4V3M3eEdJ?= =?utf-8?B?Ty9GSWNKM2dpTVdUV0xGOWcydzRsMzBZMTVMTS91Ti8yV21oT05ScU5wdXB4?= =?utf-8?B?MndINmQ5OThHeVA2eG5yM09DS0IwUlF4U3Q2Y1JLdjIyUVlSRERKbXpYSkRH?= =?utf-8?B?UmF6K2ppdzlUb3duM1BDTzByalFDNnpTVE1ZRENzQjZjaXpQUUs5alNxTkFU?= =?utf-8?B?QmM1eWxlVkZBT1hEY0RYbmRVMDVWMllFNzB0cXRRemxrQkgzQXo1cTRhVnFu?= =?utf-8?B?OXE4WjBwOTJwWVk2ZDIzcmkzcVZ2VkVhd05yaU1ocmtUUklrMitrdjh1dTVZ?= =?utf-8?B?RjlWVWdONmpJTHJ5dURiMCtmQjJvcTE5MWRnNHJNcERhWEs1RTdSRzJ3aUVV?= =?utf-8?B?NlphNU55ZU05Sm5TSzBtcS9NWDVCV0pJd1hjVnVIZVptNjhENTlqaWdzaG11?= =?utf-8?B?NmNOVTdNdEFLbVpVcHM0MnZseGhqbktvbW9zdE9NVlY2TmcwUU9mdjRrY1NL?= =?utf-8?B?SFpqQURCNFhac1hnVlBEYnNwbExFWk5vcXFwc05MbmlDMnF0Y0Zlako2enNk?= =?utf-8?B?aXpyNDBUU1lRREU4aUlZdndKWjJEcHBWdmtuUjJubTgxZHk5OG8xc3BjU3FL?= =?utf-8?B?NFRRRjdiS1oybEQxNVhWQ0p1clRGUEtZMFhmSm9yU2diSjlGMlRlcEU5bXo4?= =?utf-8?B?NkkzL2VPZ2hURGhXQVpyc2N6UFlzZVMxVnhEOHBZTEhjcjFxOGk1WVQ5SEM0?= =?utf-8?B?ZnJDM0tEazE2Rm03LzFIY3MyTzY1Yk5pYzVFK0pWc2pGU0hYd2VyMlJFYVlq?= =?utf-8?B?NVpGMUlxSFM5Ky9FMUNLVjZMVS9OUWFVc05UaW1QZzdQbXBIVnF3dyszSmxG?= =?utf-8?B?c01YWmZGTVRNdmJNQzRrZzByYWhhcGdrVFMxbzdwaG10S3JjZHA2dlMvNXRL?= =?utf-8?B?ME5zQT09?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 6:gygYXtZ4KksElwVOenhTxMRhi+lKhrEC6+NZYV7gqgTQ3eIvnbyl2mf3BrRkmD1Z+jn+BomQWgCWioeeyESXFnCHIiyMrwqymoEf6tmN2qkLwygWvw5mC0PPIctWonQTpyMwvod9nj3AhueQk317bwq076n0mjHTcvNCdk9c4rO72Us7lhmtLtJ/CrzrlvlzkG6evLlu3gP7+WMUx8+MBjL1rWM85G5JPfBAIqJdJJTC431TFNU4ZqfFreKt9gvwGZbeAcIsC/XNcGpcZa57oom3fIITXXQkyKrRRhLZBj4QKB1JJO3NLzteHwp6pjDMuVry3XZnXq2T4O6TmUEixSzT9uThTro8XOe3R2Gdt6Y=; 5:m8535QF+OklT5tgO/nRDVv90qEdyq2IN6ID3wBTNHOvfQmhrRGvRFVf51V1EtZmeG3ZubvtCNMqRLOHTMalYwt+CdEIJEYchxQKZmHv46X6eiJb5K9J+GC8JRt7YrGdO1ZFh/leUw64jfkj4PGMN1fLQqEUwlkbPfh0ZDgpaDrM=; 24:0STaSNBJhmjEV3SFWVdFfzPhBtyhrTsbrlDzeedZChX9coRdZDyoapJB7v/ZY++Xna2YlEmONgb2FyCcvPuFfPyXcuThCejvxk8cNQPu1Oc=; 7:2uFxb6xRGc/Wr+k2NZKwjD2lFi4NyYnQLb9k+HLHEiE4brdiS+0zZIfwt2C2dOK/SdcZdzpAtn/sRG9jTt4bKVH1uoBtagoQCz9woUuM3azmnpg/UG4J8I+AQf/ZuDCMn2hH9o+qGlFCNTzqmT/av6b5z/umHpjOOAXHX2R/BxnUqhHz0feUF9McFGX32bPMEpiSYxame/9KVBZ6SuI7UKwi7f8ocvLANv8bazATOPj4jApEutF+/dtuGRQR4FFH SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:xZwenNBbbcl4GTvjnVJLtOzGngCeKMxGjP6h6GFAdBXFSfeiZ01pQb2v5Vq9r4W81YfGWKfKJgPAXzDUeKtx3Z0p/fJhc6pgiwidihuyoOgxjTQ6zNqpxoBMMmCat8Thw7pvzbjemZaKF7WUhNs7tmbjQEj/GI/eto70FYh2hQhQymp3xGSMNdCV4jOlqDPPBnLwUOKjSX5d9WGNPW2z50kbmD/U6QHRFIbQVlYJxtmsLMl8LrTDh43awyANs/Yd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:12.3890 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ee30b9b4-ddaa-4392-43ab-08d53b7c3d14 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 9d1c4600db19..fcfa5b1eae61 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -443,6 +443,100 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + void *pdh_blob = NULL, *cert_blob = NULL; + struct sev_data_pdh_cert_export *data; + int ret; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* Userspace wants to query the certificate length. */ + if (!input.pdh_cert_address || + !input.pdh_cert_len || + !input.cert_chain_address) + goto cmd; + + /* Allocate a physically contiguous buffer to store the PDH blob. */ + if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free; + } + + /* Allocate a physically contiguous buffer to store the cert chain blob. */ + if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + +cmd: + /* If platform is not in INIT state then transition it to INIT. */ + if (psp_master->sev_state != SEV_STATE_INIT) { + ret = __sev_platform_init_locked(&argp->error); + if (ret) + goto e_free_cert; + } + + ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + /* If we query the length, FW responded with expected data. */ + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_cert; + } + + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free_cert; + } + } + + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } + +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -483,6 +577,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CERT_IMPORT: ret = sev_ioctl_do_pek_import(&input); break; + case SEV_PDH_CERT_EXPORT: + ret = sev_ioctl_do_pdh_export(&input); + break; default: ret = -EINVAL; goto out;