Re: [Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support

Linux cryptographic layer development
 help / color / mirror / Atom feed

From: Borislav Petkov <bp@suse.de>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: x86@kernel.org, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"Gary Hook" <gary.hook@amd.com>,
	"Tom Lendacky" <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org
Subject: Re: [Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support
Date: Thu, 5 Oct 2017 11:56:05 +0200	[thread overview]
Message-ID: <20171005095605.mhfudr5vwz2ptcxs@pd.tnic> (raw)
In-Reply-To: <20171004131412.13038-11-brijesh.singh@amd.com>

On Wed, Oct 04, 2017 at 08:13:51AM -0500, Brijesh Singh wrote:
> The Platform Security Processor (PSP) is part of AMD Secure Processor
> (AMD-SP), PSP is a dedicated processor that provides the support for
> key management commands in a Secure Encrypted Virtualization (SEV) mode,
> along with software-based Trusted Execution Environment (TEE) to enable
> the third-party trusted applications.
> 
> Note that the key management functionality provided by the SEV firmware
> can be used outside the kvm-amd driver hence we don't do depends on
> CONFIG_KVM_AMD.

Minor corrections:

"The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.

Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD."

...

> diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
> index 9c84f9838931..454c25d9f197 100644
> --- a/drivers/crypto/ccp/Kconfig
> +++ b/drivers/crypto/ccp/Kconfig
> @@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
>  	  Support for using the cryptographic API with the AMD Cryptographic
>  	  Coprocessor. This module supports offload of SHA and AES algorithms.
>  	  If you choose 'M' here, this module will be called ccp_crypto.
> +
> +config CRYPTO_DEV_SP_PSP
> +	bool "Platform Security Processor (PSP) device"
> +	default y
> +	depends on CRYPTO_DEV_CCP_DD && X86_64
> +	help
> +	 Provide the support for the AMD Platform Security Processor (PSP).
> +	 The PSP is a dedicated processor that provides support for key
> +	 management commands in Secure Encrypted Virtualization (SEV) mode,
> +	 along with software-based Trusted Execution Environment (TEE) to
> +	 enable the third-party trusted applications.

Minor corrections:

---
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 454c25d9f197..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -39,8 +39,8 @@ config CRYPTO_DEV_SP_PSP
 	default y
 	depends on CRYPTO_DEV_CCP_DD && X86_64
 	help
-	 Provide the support for the AMD Platform Security Processor (PSP).
+	 Provide support for the AMD Platform Security Processor (PSP).
 	 The PSP is a dedicated processor that provides support for key
 	 management commands in Secure Encrypted Virtualization (SEV) mode,
 	 along with software-based Trusted Execution Environment (TEE) to
-	 enable the third-party trusted applications.
+	 enable third-party trusted applications.

with that taken care of:

Reviewed-by: Borislav Petkov <bp@suse.de>

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

next prev parent reply	other threads:[~2017-10-05  9:56 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-04 13:13 [Part2 PATCH v5 00/31] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-10-04 13:13 ` [Part2 PATCH v5 09/31] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support Brijesh Singh
2017-10-04 21:47   ` Borislav Petkov
2017-10-04 23:06     ` Brijesh Singh
2017-10-04 13:13 ` [Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support Brijesh Singh
2017-10-05  9:56   ` Borislav Petkov [this message]
2017-10-06 23:09   ` [Part2 PATCH v5.1 " Brijesh Singh
2017-10-04 13:13 ` [Part2 PATCH v5 11/31] crypto: ccp: Define SEV key management command id Brijesh Singh
2017-10-05 20:56   ` Borislav Petkov
2017-10-08 21:14     ` Brijesh Singh
2017-10-04 13:13 ` [Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support Brijesh Singh
2017-10-06 18:49   ` Borislav Petkov
2017-10-06 19:48     ` Brijesh Singh
2017-10-07 18:13     ` Brijesh Singh
2017-10-07  1:05   ` [Part2 PATCH v5.1 12.1/31] " Brijesh Singh
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.2/31] crypto: ccp: Define SEV userspace ioctl and command id Brijesh Singh
2017-10-07 14:20       ` Borislav Petkov
2017-10-08 21:18         ` Brijesh Singh
2017-10-11 16:46       ` [Part2 PATCH v5.2 12.1/31] " Brijesh Singh
2017-10-12 13:27         ` Borislav Petkov
2017-10-12 14:18           ` Brijesh Singh
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.3/31] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command Brijesh Singh
2017-10-11 14:32       ` Borislav Petkov
2017-10-11 16:55       ` [Part2 PATCH v5.2 " Brijesh Singh
2017-10-12 14:13         ` Borislav Petkov
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS " Brijesh Singh
2017-10-11 17:01       ` [Part2 PATCH v5.2 " Brijesh Singh
2017-10-11 17:02       ` [Part2 PATCH v5.1 " Borislav Petkov
2017-10-11 19:49         ` Brijesh Singh
2017-10-11 20:04           ` Borislav Petkov
2017-10-11 20:10             ` Borislav Petkov
2017-10-11 20:10             ` Brijesh Singh
2017-10-11 20:28               ` Borislav Petkov
2017-10-11 20:45                 ` Brijesh Singh
2017-10-11 20:53                   ` Brijesh Singh
2017-10-11 20:54                   ` Borislav Petkov
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN " Brijesh Singh
2017-10-12 18:28       ` Borislav Petkov
2017-10-12 20:11         ` Brijesh Singh
2017-10-12 20:21           ` Borislav Petkov
2017-10-12 20:34             ` Brijesh Singh
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.6/31] crypto: ccp: Implement SEV_PDH_GEN " Brijesh Singh
2017-10-12 18:48       ` Borislav Petkov
2017-10-12 20:21         ` Brijesh Singh
2017-10-12 20:23           ` Borislav Petkov
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR " Brijesh Singh
2017-10-12 19:53       ` Borislav Petkov
2017-10-13  2:24         ` Brijesh Singh
2017-10-13  4:13           ` Brijesh Singh
2017-10-13 10:20             ` Borislav Petkov
2017-10-13  9:14           ` Borislav Petkov
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT " Brijesh Singh
2017-10-13 14:53       ` Borislav Petkov
2017-10-13 16:09         ` Brijesh Singh
2017-10-07  1:06     ` [Part2 PATCH v5.1 12.9/31] crypto: ccp: Implement SEV_PDH_CERT_EXPORT " Brijesh Singh
2017-10-13 15:01       ` Borislav Petkov
2017-10-07 18:40     ` [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support Borislav Petkov
2017-10-08 13:30       ` Brijesh Singh
2017-10-08 14:00         ` Borislav Petkov
2017-10-09  0:11           ` Brijesh Singh
2017-10-09 15:21             ` Borislav Petkov
2017-10-10 15:00               ` Brijesh Singh
2017-10-10 18:43                 ` Tom Lendacky
2017-10-10 20:04                   ` Borislav Petkov
2017-10-11 14:19         ` Borislav Petkov
2017-10-11 14:23           ` Brijesh Singh
2017-10-11 16:50     ` [Part2 PATCH v5.2 12.2/31] " Brijesh Singh
2017-10-12 14:08       ` Borislav Petkov
2017-10-12 21:11         ` Brijesh Singh
2017-10-12 21:41           ` Borislav Petkov
2017-10-12 21:52             ` Brijesh Singh
2017-10-12 22:22               ` Borislav Petkov
2017-10-12 18:21       ` Borislav Petkov
2017-10-12 20:05         ` Brijesh Singh

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:454c25d9f19 dfblob:b9dfae47aef )
 OR (
bs:"Re: [Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171005095605.mhfudr5vwz2ptcxs@pd.tnic \
    --to=bp@suse.de \
    --cc=brijesh.singh@amd.com \
    --cc=gary.hook@amd.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=kvm@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox