mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-27 03:10:12 +00:00
1d55fdc857
SEV INIT command loads the SEV related persistent data from NVS and initializes the platform context. The firmware validates the persistent state. If validation fails, the firmware will reset the persisent state and return an integrity check failure status. At this point, a subsequent INIT command should succeed, so retry the command. The INIT command retry is only done during driver initialization. Additional enums along with SEV_RET_SECURE_DATA_INVALID are added to sev_ret_code to maintain continuity and relevance of enum values. Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> Acked-by: David Rientjes <rientjes@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
164 lines
3.9 KiB
C
164 lines
3.9 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
|
|
/*
|
|
* Userspace interface for AMD Secure Encrypted Virtualization (SEV)
|
|
* platform management commands.
|
|
*
|
|
* Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
|
|
*
|
|
* Author: Brijesh Singh <brijesh.singh@amd.com>
|
|
*
|
|
* SEV API specification is available at: https://developer.amd.com/sev/
|
|
*/
|
|
|
|
#ifndef __PSP_SEV_USER_H__
|
|
#define __PSP_SEV_USER_H__
|
|
|
|
#include <linux/types.h>
|
|
|
|
/**
|
|
* SEV platform commands
|
|
*/
|
|
enum {
|
|
SEV_FACTORY_RESET = 0,
|
|
SEV_PLATFORM_STATUS,
|
|
SEV_PEK_GEN,
|
|
SEV_PEK_CSR,
|
|
SEV_PDH_GEN,
|
|
SEV_PDH_CERT_EXPORT,
|
|
SEV_PEK_CERT_IMPORT,
|
|
SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
|
|
SEV_GET_ID2,
|
|
|
|
SEV_MAX,
|
|
};
|
|
|
|
/**
|
|
* SEV Firmware status code
|
|
*/
|
|
typedef enum {
|
|
SEV_RET_SUCCESS = 0,
|
|
SEV_RET_INVALID_PLATFORM_STATE,
|
|
SEV_RET_INVALID_GUEST_STATE,
|
|
SEV_RET_INAVLID_CONFIG,
|
|
SEV_RET_INVALID_LEN,
|
|
SEV_RET_ALREADY_OWNED,
|
|
SEV_RET_INVALID_CERTIFICATE,
|
|
SEV_RET_POLICY_FAILURE,
|
|
SEV_RET_INACTIVE,
|
|
SEV_RET_INVALID_ADDRESS,
|
|
SEV_RET_BAD_SIGNATURE,
|
|
SEV_RET_BAD_MEASUREMENT,
|
|
SEV_RET_ASID_OWNED,
|
|
SEV_RET_INVALID_ASID,
|
|
SEV_RET_WBINVD_REQUIRED,
|
|
SEV_RET_DFFLUSH_REQUIRED,
|
|
SEV_RET_INVALID_GUEST,
|
|
SEV_RET_INVALID_COMMAND,
|
|
SEV_RET_ACTIVE,
|
|
SEV_RET_HWSEV_RET_PLATFORM,
|
|
SEV_RET_HWSEV_RET_UNSAFE,
|
|
SEV_RET_UNSUPPORTED,
|
|
SEV_RET_INVALID_PARAM,
|
|
SEV_RET_RESOURCE_LIMIT,
|
|
SEV_RET_SECURE_DATA_INVALID,
|
|
SEV_RET_MAX,
|
|
} sev_ret_code;
|
|
|
|
/**
|
|
* struct sev_user_data_status - PLATFORM_STATUS command parameters
|
|
*
|
|
* @major: major API version
|
|
* @minor: minor API version
|
|
* @state: platform state
|
|
* @flags: platform config flags
|
|
* @build: firmware build id for API version
|
|
* @guest_count: number of active guests
|
|
*/
|
|
struct sev_user_data_status {
|
|
__u8 api_major; /* Out */
|
|
__u8 api_minor; /* Out */
|
|
__u8 state; /* Out */
|
|
__u32 flags; /* Out */
|
|
__u8 build; /* Out */
|
|
__u32 guest_count; /* Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_pek_csr - PEK_CSR command parameters
|
|
*
|
|
* @address: PEK certificate chain
|
|
* @length: length of certificate
|
|
*/
|
|
struct sev_user_data_pek_csr {
|
|
__u64 address; /* In */
|
|
__u32 length; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
|
|
*
|
|
* @pek_address: PEK certificate chain
|
|
* @pek_len: length of PEK certificate
|
|
* @oca_address: OCA certificate chain
|
|
* @oca_len: length of OCA certificate
|
|
*/
|
|
struct sev_user_data_pek_cert_import {
|
|
__u64 pek_cert_address; /* In */
|
|
__u32 pek_cert_len; /* In */
|
|
__u64 oca_cert_address; /* In */
|
|
__u32 oca_cert_len; /* In */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
|
|
*
|
|
* @pdh_address: PDH certificate address
|
|
* @pdh_len: length of PDH certificate
|
|
* @cert_chain_address: PDH certificate chain
|
|
* @cert_chain_len: length of PDH certificate chain
|
|
*/
|
|
struct sev_user_data_pdh_cert_export {
|
|
__u64 pdh_cert_address; /* In */
|
|
__u32 pdh_cert_len; /* In/Out */
|
|
__u64 cert_chain_address; /* In */
|
|
__u32 cert_chain_len; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_get_id - GET_ID command parameters (deprecated)
|
|
*
|
|
* @socket1: Buffer to pass unique ID of first socket
|
|
* @socket2: Buffer to pass unique ID of second socket
|
|
*/
|
|
struct sev_user_data_get_id {
|
|
__u8 socket1[64]; /* Out */
|
|
__u8 socket2[64]; /* Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_user_data_get_id2 - GET_ID command parameters
|
|
* @address: Buffer to store unique ID
|
|
* @length: length of the unique ID
|
|
*/
|
|
struct sev_user_data_get_id2 {
|
|
__u64 address; /* In */
|
|
__u32 length; /* In/Out */
|
|
} __packed;
|
|
|
|
/**
|
|
* struct sev_issue_cmd - SEV ioctl parameters
|
|
*
|
|
* @cmd: SEV commands to execute
|
|
* @opaque: pointer to the command structure
|
|
* @error: SEV FW return code on failure
|
|
*/
|
|
struct sev_issue_cmd {
|
|
__u32 cmd; /* In */
|
|
__u64 data; /* In */
|
|
__u32 error; /* Out */
|
|
} __packed;
|
|
|
|
#define SEV_IOC_TYPE 'S'
|
|
#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
|
|
|
|
#endif /* __PSP_USER_SEV_H */
|