[PATCH] crypto: ccp: fix the SEV probe in kexec boot path

[PATCH] crypto: ccp: fix the SEV probe in kexec boot path

[Singh, Brijesh]

A kexec reboot may leave the firmware in INIT or WORKING state.
Currently, we issue PLATFORM_INIT command during the probe without
checking the current state. The PLATFORM_INIT command fails if the
FW is already in INIT state. Lets check the current state, if FW
is not in UNINIT state then transition it to UNINIT before
initializing or upgrading the FW.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <gary.hook@amd.com>
---
 drivers/crypto/ccp/psp-dev.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b16be8a11d92..966ca6f9cf79 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -437,6 +437,7 @@ static int sev_get_api_version(void)
 	psp_master->api_major = status->api_major;
 	psp_master->api_minor = status->api_minor;
 	psp_master->build = status->build;
+	psp_master->sev_state = status->state;
 
 	return 0;
 }
@@ -964,6 +965,21 @@ void psp_pci_init(void)
 	if (sev_get_api_version())
 		goto err;
 
+	/*
+	 * If platform is not in UNINIT state then firmware upgrade and/or
+	 * platform INIT command will fail. These command require UNINIT state.
+	 *
+	 * In a normal boot we should never run into case where the firmware
+	 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
+	 * may not go through a typical shutdown sequence and may leave the
+	 * firmware in INIT or WORKING state.
+	 */
+
+	if (psp_master->sev_state != SEV_STATE_UNINIT) {
+		sev_platform_shutdown(NULL);
+		psp_master->sev_state = SEV_STATE_UNINIT;
+	}
+
 	if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) &&
 	    sev_update_firmware(psp_master->dev) == 0)
 		sev_get_api_version();
-- 
2.17.1

Re: [PATCH] crypto: ccp: fix the SEV probe in kexec boot path

[Lendacky, Thomas]

On 1/30/19 2:57 PM, Singh, Brijesh wrote:
> A kexec reboot may leave the firmware in INIT or WORKING state.
> Currently, we issue PLATFORM_INIT command during the probe without
> checking the current state. The PLATFORM_INIT command fails if the
> FW is already in INIT state. Lets check the current state, if FW
> is not in UNINIT state then transition it to UNINIT before
> initializing or upgrading the FW.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Gary Hook <gary.hook@amd.com>
> ---
>  drivers/crypto/ccp/psp-dev.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> 
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index b16be8a11d92..966ca6f9cf79 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -437,6 +437,7 @@ static int sev_get_api_version(void)
>  	psp_master->api_major = status->api_major;
>  	psp_master->api_minor = status->api_minor;
>  	psp_master->build = status->build;
> +	psp_master->sev_state = status->state;
>  
>  	return 0;
>  }
> @@ -964,6 +965,21 @@ void psp_pci_init(void)
>  	if (sev_get_api_version())
>  		goto err;
>  
> +	/*
> +	 * If platform is not in UNINIT state then firmware upgrade and/or
> +	 * platform INIT command will fail. These command require UNINIT state.
> +	 *
> +	 * In a normal boot we should never run into case where the firmware
> +	 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
> +	 * may not go through a typical shutdown sequence and may leave the
> +	 * firmware in INIT or WORKING state.
> +	 */
> +
> +	if (psp_master->sev_state != SEV_STATE_UNINIT) {
> +		sev_platform_shutdown(NULL);
> +		psp_master->sev_state = SEV_STATE_UNINIT;
> +	}
> +
>  	if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) &&
>  	    sev_update_firmware(psp_master->dev) == 0)
>  		sev_get_api_version();
> 

[PATCH] crypto: ccp: fix the SEV probe in kexec boot path

[Hook, Gary]

On 1/30/19 2:57 PM, Singh, Brijesh wrote:
> A kexec reboot may leave the firmware in INIT or WORKING state.
> Currently, we issue PLATFORM_INIT command during the probe without
> checking the current state. The PLATFORM_INIT command fails if the
> FW is already in INIT state. Lets check the current state, if FW
> is not in UNINIT state then transition it to UNINIT before
> initializing or upgrading the FW.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Gary Hook <gary.hook@amd.com>
> ---

Acked-by: Gary R Hook <gary.hook@amd.com>

>  drivers/crypto/ccp/psp-dev.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index b16be8a11d92..966ca6f9cf79 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -437,6 +437,7 @@ static int sev_get_api_version(void)
>  	psp_master->api_major =3D status->api_major;
>  	psp_master->api_minor =3D status->api_minor;
>  	psp_master->build =3D status->build;
> +	psp_master->sev_state =3D status->state;
> =20
>  	return 0;
>  }
> @@ -964,6 +965,21 @@ void psp_pci_init(void)
>  	if (sev_get_api_version())
>  		goto err;
> =20
> +	/*
> +	 * If platform is not in UNINIT state then firmware upgrade and/or
> +	 * platform INIT command will fail. These command require UNINIT state.
> +	 *
> +	 * In a normal boot we should never run into case where the firmware
> +	 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
> +	 * may not go through a typical shutdown sequence and may leave the
> +	 * firmware in INIT or WORKING state.
> +	 */
> +
> +	if (psp_master->sev_state !=3D SEV_STATE_UNINIT) {
> +		sev_platform_shutdown(NULL);
> +		psp_master->sev_state =3D SEV_STATE_UNINIT;
> +	}
> +
>  	if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) &&
>  	    sev_update_firmware(psp_master->dev) =3D=3D 0)
>  		sev_get_api_version();