From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEDF1C432BE for ; Wed, 1 Sep 2021 21:02:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 95A836056C for ; Wed, 1 Sep 2021 21:02:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 95A836056C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id DAF5D8D0002; Wed, 1 Sep 2021 17:02:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D38228D0001; Wed, 1 Sep 2021 17:02:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BD93C8D0002; Wed, 1 Sep 2021 17:02:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0149.hostedemail.com [216.40.44.149]) by kanga.kvack.org (Postfix) with ESMTP id ADFF48D0001 for ; Wed, 1 Sep 2021 17:02:48 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 70EB12849B for ; Wed, 1 Sep 2021 21:02:48 +0000 (UTC) X-FDA: 78540228816.18.43EC0E8 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by imf14.hostedemail.com (Postfix) with ESMTP id 0D06E6001982 for ; Wed, 1 Sep 2021 21:02:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630530167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nBI2ltINoLF2WMdaOQSg8GJs4aIarAV4j3nj9NG4RCY=; b=Qz3bt+7mnUgtAUaB7g2iTn7kabdgWBKKfSWKyBeydjfxqousPKVbu4cbNzExd7M/sKOr8b 8YsKrb96CsvlyeGeKIA3Etq+HY0/lkfte0T/+gwvfeYkCgBDMyr+mDDOJbv+FAyjc0O23S YOrYLnov/wH9+3Kzte6/FuOxT4O5MKs= Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-577-_dpXhi1YN0mLv0QqVPvPhA-1; Wed, 01 Sep 2021 17:02:44 -0400 X-MC-Unique: _dpXhi1YN0mLv0QqVPvPhA-1 Received: by mail-ot1-f69.google.com with SMTP id t26-20020a056830225a00b0051ec0cd84f2so507073otd.14 for ; Wed, 01 Sep 2021 14:02:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=nBI2ltINoLF2WMdaOQSg8GJs4aIarAV4j3nj9NG4RCY=; b=CLWrAsfjB5R/+u1H4QDb1WL2C2pXb5mwdFilbjeRC+5vsPjioAFy7GELh4Epz0oQsA MgvPgoZL50Y8lD+43bi7ZFXY3pQZuicGzsJD8tabeOcrVzQv9I2BMrj878mZIbvJ5iHD /Gd5UGJVk2L4G3b7voEHpjzVMsYGUlvGx/5RvWla80JbcPx5oEdRt4au4HfuUrzynk+H 3OvPPAd0iabyk/+eH2crpmSnkxUFhKhsO/8N8ZXI4kwKq3E+7+Pl3KwK/lfdL5SRZgNv k4+Y0Pf6P5dEzlss6VLzIo+gDAgRH2yOkRi4S+tRC0byyyvzAwB5KPqrcSQ1WWL9dLfO 0moQ== X-Gm-Message-State: AOAM532oSotsRGH1Sw39L3LcGo5mPuCaemAWns0uB6yXtnVWJ8pwTu+U SZtj2tkWquV7Lrqx5ufMJuVHWWaieNPQ7O0WCIZfxHV0/t1trHDuPYbaPldg/gebNAU9H1/gOn2 hEfE5feGuMl4= X-Received: by 2002:a9d:2278:: with SMTP id o111mr1184921ota.229.1630530163658; Wed, 01 Sep 2021 14:02:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVUSuG9t8V3EY9ijjDut6hzkV3I1FofZCKPV4YLZB5pOCffAS8WhHs+T2fCeGtw9DYBKnfGw== X-Received: by 2002:a9d:2278:: with SMTP id o111mr1184892ota.229.1630530163442; Wed, 01 Sep 2021 14:02:43 -0700 (PDT) Received: from [192.168.0.112] (ip68-102-24-81.ks.ok.cox.net. [68.102.24.81]) by smtp.gmail.com with ESMTPSA id q26sm160065otf.39.2021.09.01.14.02.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 Sep 2021 14:02:43 -0700 (PDT) Subject: Re: [PATCH Part2 v5 17/45] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command To: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, tfanelli@redhat.com References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-18-brijesh.singh@amd.com> From: Connor Kuehl Message-ID: <2b07b160-48af-4682-1a4b-2716cd13fb65@redhat.com> Date: Wed, 1 Sep 2021 16:02:40 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210820155918.7518-18-brijesh.singh@amd.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Qz3bt+7m; spf=none (imf14.hostedemail.com: domain of ckuehl@redhat.com has no SPF policy when checking 216.205.24.124) smtp.mailfrom=ckuehl@redhat.com; dmarc=pass (policy=none) header.from=redhat.com X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 0D06E6001982 X-Stat-Signature: w4krynoumi41utg4bx3u5w7ih5yqiut3 X-HE-Tag: 1630530167-31485 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 8/20/21 10:58 AM, Brijesh Singh wrote: > +2.4 SNP_SET_EXT_CONFIG > +---------------------- > +:Technology: sev-snp > +:Type: hypervisor ioctl cmd > +:Parameters (in): struct sev_data_snp_ext_config > +:Returns (out): 0 on success, -negative on error > + > +The SNP_SET_EXT_CONFIG is used to set the system-wide configuration such as > +reported TCB version in the attestation report. The command is similar to > +SNP_CONFIG command defined in the SEV-SNP spec. The main difference is the > +command also accepts an additional certificate blob defined in the GHCB > +specification. > + > +If the certs_address is zero, then previous certificate blob will deleted. > +For more information on the certificate blob layout, see the GHCB spec > +(extended guest request message). Hi Brijesh, Just to be clear, is the documentation you're referring to regarding the layout of the certificate blob specified on page 47 of the GHCB spec? More specifically, is it the `struct cert_table` on that page? https://developer.amd.com/wp-content/resources/56421.pdf If so, where is the VCEK certificate layout documented? Connor > +/** > + * struct sev_data_snp_ext_config - system wide configuration value for SNP. > + * > + * @config_address: address of the struct sev_user_data_snp_config or 0 when > + * reported_tcb does not need to be updated. > + * @certs_address: address of extended guest request certificate chain or > + * 0 when previous certificate should be removed on SNP_SET_EXT_CONFIG. > + * @certs_len: length of the certs > + */ > +struct sev_user_data_ext_snp_config { > + __u64 config_address; /* In */ > + __u64 certs_address; /* In */ > + __u32 certs_len; /* In */ > +};