From: Shirong Hao <shirong@linux.alibaba.com>
To: pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com,
wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org,
tglx@linutronix.de, mingo@redhat.co, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
brijesh.singh@amd.com, thomas.lendacky@amd.com,
john.allen@amd.com, herbert@gondor.apana.org.au,
davem@davemloft.net, srutherford@google.com,
ashish.kalra@amd.com, natet@google.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, zhang.jia@linux.alibaba.com,
Shirong Hao <shirong@linux.alibaba.com>
Subject: [PATCH 3/3] crypto: ccp: Implement SEV_GET_REPORT ioctl command
Date: Mon, 10 Jan 2022 14:04:45 +0800 [thread overview]
Message-ID: <20220110060445.549800-4-shirong@linux.alibaba.com> (raw)
In-Reply-To: <20220110060445.549800-1-shirong@linux.alibaba.com>
The SEV_GET_REPORT command can be used by host service with guest
firmware handle to query the attestation report.
Signed-off-by: Shirong Hao <shirong@linux.alibaba.com>
---
drivers/crypto/ccp/sev-dev.c | 20 +++++++++++++++++++-
include/uapi/linux/psp-sev.h | 17 +++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 2f6b81742d28..2e479b88aa29 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -414,7 +414,10 @@ int sev_do_get_report(void __user *report, struct kvm_sev_attestation_report *in
}
cmd:
data.handle = handle;
- ret = sev_issue_cmd_external_user(filep, SEV_CMD_ATTESTATION_REPORT, &data, error);
+ if (!filep)
+ ret = __sev_do_cmd_locked(SEV_CMD_ATTESTATION_REPORT, &data, error);
+ else
+ ret = sev_issue_cmd_external_user(filep, SEV_CMD_ATTESTATION_REPORT, &data, error);
/*
* If we query the session length, FW responded with expected data.
@@ -440,6 +443,18 @@ int sev_do_get_report(void __user *report, struct kvm_sev_attestation_report *in
}
EXPORT_SYMBOL_GPL(sev_do_get_report);
+static int sev_ioctl_do_get_report(struct sev_issue_cmd *argp)
+{
+ void __user *report = (void __user *)(uintptr_t)argp->data;
+ struct sev_user_data_attestation_report input;
+
+ if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+ return -EFAULT;
+
+ return sev_do_get_report(report, (struct kvm_sev_attestation_report *)&input,
+ NULL, input.handle, &argp->error);
+}
+
static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
{
struct sev_device *sev = psp_master->sev_data;
@@ -926,6 +941,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
case SEV_GET_ID2:
ret = sev_ioctl_do_get_id2(&input);
break;
+ case SEV_GET_REPORT:
+ ret = sev_ioctl_do_get_report(&input);
+ break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
index 91b4c63d5cbf..c7d70fc0ac1e 100644
--- a/include/uapi/linux/psp-sev.h
+++ b/include/uapi/linux/psp-sev.h
@@ -28,6 +28,7 @@ enum {
SEV_PEK_CERT_IMPORT,
SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
SEV_GET_ID2,
+ SEV_GET_REPORT,
SEV_MAX,
};
@@ -147,6 +148,22 @@ struct sev_user_data_get_id2 {
__u32 length; /* In/Out */
} __packed;
+/**
+ * struct sev_user_data_attestation_report - ATTESTATION command parameters
+ *
+ * @mnonce: mnonce to compute HMAC
+ * @uaddr: physical address containing the attestation report
+ * @len: length of attestation report
+ * @handle: handle of the VM to process
+ */
+
+struct sev_user_data_attestation_report {
+ __u8 mnonce[16]; /* In */
+ __u64 uaddr; /* In */
+ __u32 len; /* In/Out */
+ __u32 handle; /* In */
+};
+
/**
* struct sev_issue_cmd - SEV ioctl parameters
*
--
2.27.0
next prev parent reply other threads:[~2022-01-10 6:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-10 6:04 [PATCH 0/3] Allow guest to query AMD SEV(-ES) runtime attestation evidence Shirong Hao
2022-01-10 6:04 ` [PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall Shirong Hao
2022-01-11 1:05 ` Sean Christopherson
2022-01-10 6:04 ` [PATCH 2/3] KVM/SVM: move the implementation of sev_get_attestation_report to ccp driver Shirong Hao
2022-01-10 6:04 ` Shirong Hao [this message]
2022-01-10 16:35 ` [PATCH 0/3] Allow guest to query AMD SEV(-ES) runtime attestation evidence Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220110060445.549800-4-shirong@linux.alibaba.com \
--to=shirong@linux.alibaba.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=john.allen@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.co \
--cc=natet@google.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=srutherford@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
--cc=zhang.jia@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.