From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752688AbdLEBME (ORCPT ); Mon, 4 Dec 2017 20:12:04 -0500 Received: from mail-by2nam03on0083.outbound.protection.outlook.com ([104.47.42.83]:22016 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752486AbdLEBFm (ORCPT ); Mon, 4 Dec 2017 20:05:42 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v9 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Mon, 4 Dec 2017 19:04:20 -0600 Message-Id: <20171205010438.5773-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ee30b9b4-ddaa-4392-43ab-08d53b7c3d14 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286);SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;3:K1dhdoItb9CrnmZNMeuvFKxeHHrYT1Dsnifhm8hHhajY5EEiKC/zPxrbzE6c8lMAXF3NlZFuHP8aJcYlVOwlvUN16VnuXw/n0oesd7S4kes526d3BH+BkuKf/b1eP/sXPKV2OiAKsPFT11jIcRSAjomk4Dqm8QYv9qY3iZVX7OT1klIj/t+c7MNVlOVTJkMDpDyE8XiDMTYnIq4Eg+y3uzUdBHk5kltd9ih/0aOaIrJp/SRBsnTM7L7TK2vmlwGZ;25:eVE11RHRcwYfBb93g5ygtp85zdHhOmPjXqrAPhuTCAYUVAXFzkgleFU4g0HVrbGue4OID2GycZD1CnpeiWxShUI31yLkrpgFgUkegnS4yJtAy4xDKrzYzlkEcY/Da+lruspKNAndG90cYNVvWnIl/lTMSU9BaeiLih/FWXmjj6+ynPwHm7LU9xG92wnoekNPr0Dz/tWd2ZM4AGn0temdOfT5BZDl4GMvaUDNCKXy22xduFEnBJ6HcAFsq3yQ0/ZvW9BUZDLVEWhAESReZ5f2b7avL9madRjLvX99dS9juKlcpIw1pSPt/iLLms+OWwdX12vjT7cuGzQW1HHZrv2Dhw==;31:UkNTIlKN5aso85m0u/Lbo1CJtdQeCMJetc5ZchZxKi+wy9hFEsSYaklpZaZ/YW5H/dTwAjs7pjYVSl9hXOodGxK3kvyZQkWkaaft9+zgFvKZ+NpAQrvmPcKNYmNyAWn93Q5mI31fYwrCmLqaeDiorfYLd+9IFxMIMKtwo72j/W7AJ7nxE97apxw0ZeRhcWFF0q8MhA/DjhEJ+9CD2XCJrwQv63u4nh/T/vClb81HWyA= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:Ejl/eCwlUTYc4ip0uoXkQMHFyh9XFikNtuUnaooJpr+T/P7eygYYkFy5bqGFmjpwuLawtIseOS3u41YZfUsJ+fULOyXmlujCZog6FduSLp/Rd0FA8WRaXLz8qgL3IVOMGmIl269Lu6OMHUQcr2ZlnSYKeKjBeQJ7SFujT9G5qfU0m1Sf1gRx5+6PJwdepqzg4ZTsIb/Xdav+GLsUYc+5o5yZAGapQrrKWGncohG0DWTVD5NRSXtM9qNwByjjy0o9pG5qlFXQYgYIRAUwGrUcJKzWzUl/17tUqT+0t+kpmjLuQ9Kq+iwF7cEuKrRlMPNLTZP3tXmwgMWIFoR9ffvEZKWVBCYcfLlPio1JZEVT+jX6Z320PiOhN52pkXuHlaVAgZcFRFZ3N/Nf1ZRzxfYx3tvjf+ZXgpCHOfgZNshK31kAyKAD4m+1On5woxvsX/awek1sdTXv8jxhfJMrm/JMcCe+tvkRu07lW6lnmAcw/v8MC2CR+70WLensty1B3OtE;4:zSyhkYtAL4qtypL8cCva1lmAK11ThXTHJao2kQ2pHfkmNIaprThvYh2SC8wvbhCZg/+qDD0MBHtUOcFxkSDNXyEHAz7RAdpeQnIqqs/66wUqh4mnjRw+miqSomRanV1gJSIXPjRWkRywYnUxvb1NLbdY4RUlp2XBgksw9CYaJVotx9pTwnsyM/RJZbFsS4OA+cwGkXgaFV9lShkGCIVNInQ1ESVwFm0ktuvlRdMRVhOaGXz3/zaC3a7E0PBlIMqoQ5wJ2yWYYxOa70VBiySw0VM5+/i2Egtq5Fp3qeTXlsicI6P+lnmVzVmOe8RBftPQoCPR4DYwX6qdpknWrV7IOA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011);SRVR:CY1PR12MB0149;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(6666003)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR12MB0149;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOjluWk1uczZUYVZXeHY1bUhwTExiaHVrTHNn?= =?utf-8?B?NlduR201UEMyN2t6NjdUcE1pN08renZvcGJBdGNlYTc2aU5KUVMwMlVNeGY2?= =?utf-8?B?U25xdHVCcUl5anI0bXdRMWoyRU1RUk5Md1o5dE9nNkw3bTNyYUpHSHI5akdV?= =?utf-8?B?QjAvUHNDa3dSbDF4KzRGeFBiQ1VHMWF0RHVxdE1vZk10eUh0Y01WT3VwREFT?= =?utf-8?B?UGloQmJmMGs2STlsL3lTYS80dWNaOTdiVTNBOWh6dHQzVlN0L1ZDbnVwSU1H?= =?utf-8?B?WG9yaFArS0d5eDNQV3ZKa0xyL0NndEZyMU1VbVFla3c0RUdkUnpXTnZkOGFh?= =?utf-8?B?NUFWTGg1b05aazhoRlFYVnNCMkVCZkxiR1JkQTBSaUZITndRcXZyYmc1R1Rq?= =?utf-8?B?SW5BVElsNEdnVHdyNTA0M3FSOVJ2OG1rZjZhMmNvQk53NVloVEYrcENrcnFY?= =?utf-8?B?dVUxcFVoT0gzSlJxQVdTOFVPbFdCdTVRRHJRdEFIenJ4THB2b2JUZitkNWRt?= =?utf-8?B?UGxuWVR0OTJ6eDZESGF6Ymo2RzJ4U01VU01Pc2RmT29tcmoyN1l4V3M3eEdJ?= =?utf-8?B?Ty9GSWNKM2dpTVdUV0xGOWcydzRsMzBZMTVMTS91Ti8yV21oT05ScU5wdXB4?= =?utf-8?B?MndINmQ5OThHeVA2eG5yM09DS0IwUlF4U3Q2Y1JLdjIyUVlSRERKbXpYSkRH?= =?utf-8?B?UmF6K2ppdzlUb3duM1BDTzByalFDNnpTVE1ZRENzQjZjaXpQUUs5alNxTkFU?= =?utf-8?B?QmM1eWxlVkZBT1hEY0RYbmRVMDVWMllFNzB0cXRRemxrQkgzQXo1cTRhVnFu?= =?utf-8?B?OXE4WjBwOTJwWVk2ZDIzcmkzcVZ2VkVhd05yaU1ocmtUUklrMitrdjh1dTVZ?= =?utf-8?B?RjlWVWdONmpJTHJ5dURiMCtmQjJvcTE5MWRnNHJNcERhWEs1RTdSRzJ3aUVV?= =?utf-8?B?NlphNU55ZU05Sm5TSzBtcS9NWDVCV0pJd1hjVnVIZVptNjhENTlqaWdzaG11?= =?utf-8?B?NmNOVTdNdEFLbVpVcHM0MnZseGhqbktvbW9zdE9NVlY2TmcwUU9mdjRrY1NL?= =?utf-8?B?SFpqQURCNFhac1hnVlBEYnNwbExFWk5vcXFwc05MbmlDMnF0Y0Zlako2enNk?= =?utf-8?B?aXpyNDBUU1lRREU4aUlZdndKWjJEcHBWdmtuUjJubTgxZHk5OG8xc3BjU3FL?= =?utf-8?B?NFRRRjdiS1oybEQxNVhWQ0p1clRGUEtZMFhmSm9yU2diSjlGMlRlcEU5bXo4?= =?utf-8?B?NkkzL2VPZ2hURGhXQVpyc2N6UFlzZVMxVnhEOHBZTEhjcjFxOGk1WVQ5SEM0?= =?utf-8?B?ZnJDM0tEazE2Rm03LzFIY3MyTzY1Yk5pYzVFK0pWc2pGU0hYd2VyMlJFYVlq?= =?utf-8?B?NVpGMUlxSFM5Ky9FMUNLVjZMVS9OUWFVc05UaW1QZzdQbXBIVnF3dyszSmxG?= =?utf-8?B?c01YWmZGTVRNdmJNQzRrZzByYWhhcGdrVFMxbzdwaG10S3JjZHA2dlMvNXRL?= =?utf-8?B?ME5zQT09?= X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;6:gygYXtZ4KksElwVOenhTxMRhi+lKhrEC6+NZYV7gqgTQ3eIvnbyl2mf3BrRkmD1Z+jn+BomQWgCWioeeyESXFnCHIiyMrwqymoEf6tmN2qkLwygWvw5mC0PPIctWonQTpyMwvod9nj3AhueQk317bwq076n0mjHTcvNCdk9c4rO72Us7lhmtLtJ/CrzrlvlzkG6evLlu3gP7+WMUx8+MBjL1rWM85G5JPfBAIqJdJJTC431TFNU4ZqfFreKt9gvwGZbeAcIsC/XNcGpcZa57oom3fIITXXQkyKrRRhLZBj4QKB1JJO3NLzteHwp6pjDMuVry3XZnXq2T4O6TmUEixSzT9uThTro8XOe3R2Gdt6Y=;5:m8535QF+OklT5tgO/nRDVv90qEdyq2IN6ID3wBTNHOvfQmhrRGvRFVf51V1EtZmeG3ZubvtCNMqRLOHTMalYwt+CdEIJEYchxQKZmHv46X6eiJb5K9J+GC8JRt7YrGdO1ZFh/leUw64jfkj4PGMN1fLQqEUwlkbPfh0ZDgpaDrM=;24:0STaSNBJhmjEV3SFWVdFfzPhBtyhrTsbrlDzeedZChX9coRdZDyoapJB7v/ZY++Xna2YlEmONgb2FyCcvPuFfPyXcuThCejvxk8cNQPu1Oc=;7:2uFxb6xRGc/Wr+k2NZKwjD2lFi4NyYnQLb9k+HLHEiE4brdiS+0zZIfwt2C2dOK/SdcZdzpAtn/sRG9jTt4bKVH1uoBtagoQCz9woUuM3azmnpg/UG4J8I+AQf/ZuDCMn2hH9o+qGlFCNTzqmT/av6b5z/umHpjOOAXHX2R/BxnUqhHz0feUF9McFGX32bPMEpiSYxame/9KVBZ6SuI7UKwi7f8ocvLANv8bazATOPj4jApEutF+/dtuGRQR4FFH SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:xZwenNBbbcl4GTvjnVJLtOzGngCeKMxGjP6h6GFAdBXFSfeiZ01pQb2v5Vq9r4W81YfGWKfKJgPAXzDUeKtx3Z0p/fJhc6pgiwidihuyoOgxjTQ6zNqpxoBMMmCat8Thw7pvzbjemZaKF7WUhNs7tmbjQEj/GI/eto70FYh2hQhQymp3xGSMNdCV4jOlqDPPBnLwUOKjSX5d9WGNPW2z50kbmD/U6QHRFIbQVlYJxtmsLMl8LrTDh43awyANs/Yd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:12.3890 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ee30b9b4-ddaa-4392-43ab-08d53b7c3d14 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 9d1c4600db19..fcfa5b1eae61 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -443,6 +443,100 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + void *pdh_blob = NULL, *cert_blob = NULL; + struct sev_data_pdh_cert_export *data; + int ret; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* Userspace wants to query the certificate length. */ + if (!input.pdh_cert_address || + !input.pdh_cert_len || + !input.cert_chain_address) + goto cmd; + + /* Allocate a physically contiguous buffer to store the PDH blob. */ + if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free; + } + + /* Allocate a physically contiguous buffer to store the cert chain blob. */ + if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) || + !access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + +cmd: + /* If platform is not in INIT state then transition it to INIT. */ + if (psp_master->sev_state != SEV_STATE_INIT) { + ret = __sev_platform_init_locked(&argp->error); + if (ret) + goto e_free_cert; + } + + ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + /* If we query the length, FW responded with expected data. */ + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_cert; + } + + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_free_cert; + } + } + + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } + +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -483,6 +577,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PEK_CERT_IMPORT: ret = sev_ioctl_do_pek_import(&input); break; + case SEV_PDH_CERT_EXPORT: + ret = sev_ioctl_do_pdh_export(&input); + break; default: ret = -EINVAL; goto out; -- 2.9.5