From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751719AbdJWWIF (ORCPT ); Mon, 23 Oct 2017 18:08:05 -0400 Received: from mail-bn3nam01on0063.outbound.protection.outlook.com ([104.47.33.63]:64905 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751113AbdJWWH6 (ORCPT ); Mon, 23 Oct 2017 18:07:58 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: Borislav Petkov Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command Date: Mon, 23 Oct 2017 17:07:42 -0500 Message-Id: <20171023220742.46877-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR13CA0081.namprd13.prod.outlook.com (10.171.162.19) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4a67dbf8-494a-4f2a-756e-08d51a628322 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199);SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0158;3:+4t1ttd+sj6G9pHlIDVl+JZwUmCBuECd0woP5669uXqAURDIXWWWvCFNL6cJidkr3Lox3/S6PKmBcxiJuh+MBfkEgR46xnbMm/1vj+8zrjexzNHNZGVUrHOcUqOgTxjrqa8c05SFJJLq3mTBwczZths9bCTH+rmqZhWxSo7FM1ufjHvNtSEgYcw8e5n4TtIPAROR5zPLgVE3ZBr7dOg/gE0l0dWNPy5OqaSnAhiklnVFN3T1TJ0tyS1jzxRsA13M;25:xfYLid/78ljGaDC51ShADgIoexyIpJH4TFNytaTO7ccTTsLyb95v3XNsiw1MJr7MrpE/c08XG6A04aauJWNiZDukA+H1GGq8IdjwMaZc170Uysn4tc7kP8lc6hS5b0/C2KdTcGP2Qhl837ppMhqk5rVQcuPiEeWtWjt2Jdo6HjzJOkw1/HY7GvMBoGeC4TpzgntcBWA8gQIGAyI9udrOBw+bT9tq4SXtb+fqKnky+YJDTMwhe35rLCeG761TsQNfkavI2iWVyxsDZnONogFqpB+7jgpY3hZb1Zqnivv+PBue8RY3umP08XNfhRxXrejfzcN3rjLxp1ECnio/7JTQPb1WHpauC841Q0Nn09miNl8=;31:kRo+bvGGik61n+LxIFJSiKsMsaPo+3w/MIyVeWxR2abhYfA/gI3eKHe85740wreRcVxjiUzQcLaWt+s6MG75UjjMGJg6v4hECrAj8E4Ft3eeIs+qjR9ggOXUK6BXnrSwWbYzf8ZEVrDKfcWI22NA7IHr7kx9shystcB0kJDZG6iC9ag3ZOPcz0GYcCyCShqzsj1nnXQaRqFz5yoVp2GuI3+DoKZviQ87JMuDcgIzdb0= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0158;20:E4BohMPW85I6fxNVRKnCeaE9H0yXlnX7RoKRHlq7BUxVJxfPPH2pM/g0eZWmx7NrFEAjCIXNsSdSw9gqw5YcFNMpwbN505dpZJmTgkol6E7syhuaV/B5IoM9NSLz6n2a48cgiIW0v3ZPrGm46aYa6m3hGYPyCQoQRxpZQCOzZsVXjQPdqIcs+GFm8nsVuKN3a1PwZpIyk+5s9/7ilNWXkzMdbTA7u/75WYrRhd8iUxo/ngoZsU2O5AatBc5amEA91Pk+NjpKaBcV+X7mfQl+m5fncNxtjsWK/UjriZnHy2h4nDXyhgLNAPv3spcl8/OV8FcZ9ZlYEbqix2lxJsqGA8tF+E0/99ZADC1RmJJ1p6i1ltBreSlWHmNtbCJ5ZdB2SOxXi/a5Aw7K3ZNS3i8mTiWpMQblObTeKi+PqorEs34lqf+dcf/rKFLVW4SIR0rdDMKhC94PeLJeKJbZ9yPKTQ3KPq6u8xO1jZBsWEDRLrqTICw+sRVzxlEZbtD5VWVN;4:I9hB3xthLX8pi4+DNDWzGceQFhKBj8cd7LRfQ4uJSfhdRndojHUHUz2QXJYfLdrggHAsgK4CfiCwmI86zOpCeVklAJUEro82QOvHkdyOxd+FPsmiRO7tShd/cqALv4VC4GJ6b3wWCE8WYS/XPPa8ZFr8LyOORiSaglezrMYzczLqka0jZ1wIwu/oq9Qj3bP9nP6AyM47UiyyIyF7Jwbjt2pSshR5rDTSA/6IJSiT51eviPCPuWAEYz7au+7AGETemudtdVOZli8bI1l97SNbiHOWFJRJgrhcCgopOqSr9y0eZHq1u6jbwM4HWy5yXipIQmMw8Z4swPoHydQXr/M1fg== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3231020)(3002001)(6055026)(6041248)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SN1PR12MB0158;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1PR12MB0158; X-Forefront-PRVS: 046985391D X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(8676002)(305945005)(5660300001)(47776003)(50466002)(81166006)(76176999)(50986999)(6486002)(81156014)(50226002)(105586002)(8936002)(189998001)(68736007)(2950100002)(7736002)(6916009)(2906002)(66066001)(101416001)(33646002)(6666003)(316002)(2870700001)(54906003)(16526018)(1076002)(86362001)(36756003)(3846002)(478600001)(53416004)(97736004)(25786009)(53936002)(23676002)(106356001)(6116002)(4326008);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0158;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU4OzIzOkRMQisrOGZHejdaZStqV3RsaDBjUm5WNHhp?= =?utf-8?B?OUYybWJaMC8xcm5LU2U4NjFSa2NQb1pRYXlEVUlmcTNuRnRwMEdYSDE1WE5y?= =?utf-8?B?UWFXVklWd2pKS25QWTh1NHhmTklvSUIrT2czL0tOWE9JT0ZHSEtuU09lM0Z0?= =?utf-8?B?MHk3ZllLL0F6bDZTZ2N1VDh1WHQvTmtCWW9tbm5WNFZmZktOTDNPRkY3TmN2?= =?utf-8?B?Q3JubnhPOXFJeGkwRlZEZ2VPcWpZOXA1VjhqOVNpKzJlNytORUkxTnQ4TnFt?= =?utf-8?B?c0hWdUJpUUY4YVBSUG1RWmUzMXlxc1BQTmlHV3JrRVc0b21pMEhsM3UyYmFJ?= =?utf-8?B?WStycVpRWitSVFR2OTFjYUtMRmQrbHdvdzN2a3R4cmJwSURCUkpoZGQvN29L?= =?utf-8?B?NmN2ZDQxYjRxdGEzZlJSMjRML1k5ZnE3QURSSUhXamVLNmZ1SzhscXpnaUJs?= =?utf-8?B?ay9FU2tuN3RRYW54NHdZNHN2Y004a25FdmlYR3BoU2tnMThZbjIxRmtQN29n?= =?utf-8?B?ZGZneEgyaVArS05BdXV0anlPejVUdGo2ZmpEUitRejNoeEFvMnVqcXNraDFj?= =?utf-8?B?cGZxVHlFRU1tZDRXQjZueE1ZSUs5RmozeDBoeUFMS1ByNWdROW9ETFRTOHNS?= =?utf-8?B?MnY1bGxXZzZISmNoVllIbnpTRlBidXhPQkJiak5hbjZIRTM4MTZOQm1WdEEz?= =?utf-8?B?L01SaEpyU2VnSlJCUVQ0cm9vbmZQUUIyNEZWNC9aOUg5RlV5Z3ZoSEM2Rklx?= =?utf-8?B?QlhIMzZmc2hjYm4zcjJYV2VKZ2I5aGZxbDJQQStleVhJb2FxczY1SjJYSXUx?= =?utf-8?B?N09Bc2ZRSmxRSVJES0FqeUdCY1kvWXpXQUNWQmFOQ3V0bVlWS0FxdmdVN0lN?= =?utf-8?B?R0prcUVmZGNRaUpRQURoWU1CQ0ZyVkowVzVrSUV2UGRYWVR0MGNvUDhYbDdt?= =?utf-8?B?VGdCUkpsN0NSTC81Z2xaSHpkN1g2QUU3MU9WNHlMb2Z0SGswbTNpSCt2UUho?= =?utf-8?B?L1lkbkFsaUdONGpVY0VYSTh0Rm9xRGgvUVRTRzdnaFEyaDNSb1F3dzk3NktU?= =?utf-8?B?SzhzR0lhTlo5R1gxeHpyVHBxWDcyRHArRm5TellqUTJJQ2doMk01WHdUUnF5?= =?utf-8?B?SkoyeVJEQzdTU1gvYWFlT2lRa3NhcEVYNnUzVWNNTDhNeFphK2xLQ1hnU2VP?= =?utf-8?B?WlJlQ09TQytZV1ZsOHc3c2kyeTRtM1BZcWRUeWVBTXBLVGcwUzJwRWJJdHFZ?= =?utf-8?B?VDJFQUlhNkUxTEhRR25PRldTbzExRnJNTE13bmMyaHIySW5BR2RKREk5QXAz?= =?utf-8?B?emFPb0pPM254SzgwU3hwSWlackZtRmVqZ0RyOWp1WnBGVlVCamxzczFEaUNi?= =?utf-8?B?bERZNnBTSlBLNzNXQXBhNEI1bGpPQW9tSGhnMWNtYkxJUzhyRklWS25Pckhw?= =?utf-8?Q?vUU/fyYeyYzbzHXDSxHP8ElyfzG?= X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0158;6:Lfnkwg+BccClXBfSc+V6PT4aYEbrJ//nobk+z+tQi8I3GrAv0opXHJRCSBZX/iQmw80UU/PErVzRgLoAQC0daVWxPIiwB3r81X0zvP+2RRU2SFz7dLyjpjjMkmo4J/8B8U0Uo8IkZFz+MtbGp5LLuOYY/hSrxQGMYfusLRQYMsmjkhp3vg2TgMfbm80OOG/gLVqwL3h7cuzKlKvChWkpp07DednhDAJTf09XAp2qS5BpDFaShAPwX71+Dldk3QFtOA6ykQX4dx9YwKjxgE43oapQye/GVtSwy319PkOaDrOluUqRN69xG7bBtJz229wVJ1OVVE4sBJsFIC4iKgKyXw==;5:yQJOrj1/02ymTzXKRZPcpSRfIl3KxZdqtHWQwKdTLB56wRIKGlj8VRFp5pNAUGn4k/m1XfpFaBuckSJLdkHWxJqYM5oHkq3Eq9UNp1y2Pb7oTT4PBrpshdB9elwIvbd24x0y61xGIzaNBy0f7xc3hg==;24:frcV/OvISmPHw7zxfsUwzKEuhNIMf82QsVj9WCyMkc+7xk28ZPqp9kaLp9uzsQ+lIUtjcCMsM0rzsXKzr7GOt9D6zhqwg/oSC05AUsLezI4=;7:dZTmfpRCYfdlJP6QrrchETsX6x/lEdS6KGe01OBqByBCzXQiO0xSagkuS5p9qo8Jxag4Tc1Rzdu4t4FQTPk07CZob6Ic4ty7u3MA8Y9lFJjFxkMaUiQWIt9yOaHPSlrRsY4s4G7DnNASUeq9qtP3JbY2e0iYGOVqR8Kb8mdFxNsZPirRPWD+4oWcLHStuuCWhKYBMrqJcNj+L0cow5ZQB1yMRVovW+ibILDeMqa0SeM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0158;20:aTTneLG+/7Xnzr1waCOjhKU0Qofh14i4KJjv2mhH9IPSBs94JK+AIAGNMfjv9ci8f5H9AyLTDvFkczfwMutk49ouE7c2dCJbat/+fKf31L4ULAdOefXGwZqhzrBjGfK/S9fpt//1e5W2vQL/PONuE2+G4sdgizckyMtZhRqA8lEcw+LTBVySMIwVPxRzVYW5hCbtLPwZN5RXxwQUclcyLvh8jTh8MxhOmE+fRv8U/FDG3c2L/4QWoKl0Y8NEmq3c X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 22:07:54.3859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a67dbf8-494a-4f2a-756e-08d51a628322 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Changes since v6: * when sev_do_cmd() and sev_platform_shutdown() fails then propogate the error status code from sev_do_cmd() because it can give us much better reason for the failure. drivers/crypto/ccp/psp-dev.c | 81 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 3672435150cf..aaf1c5cf821d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_csr input; + struct sev_data_pek_csr *data; + void *blob = NULL; + int ret, err; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query CSR length */ + if (!input.address || !input.length) + goto cmd; + + /* allocate a physically contiguous buffer to store the CSR blob */ + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } + + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; + } + + data->address = __psp_pa(blob); + data->len = input.length; + +cmd: + ret = sev_platform_init(NULL, &argp->error); + if (ret) + goto e_free_blob; + + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + + /* + * If we query the CSR length, FW responded with expected data + */ + input.length = data->len; + + if (sev_platform_shutdown(&err)) { + /* + * If both sev_do_cmd() and sev_platform_shutdown() commands + * failed then propogate the error code from the sev_do_cmd() + * because it contains a useful status code for the command + * failure. + */ + if (ret) + goto e_free_blob; + + ret = -EIO; + argp->error = err; + goto e_free_blob; + } + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_blob; + } + + if (blob) { + if (copy_to_user((void __user *)input.address, blob, input.length)) + ret = -EFAULT; + } + +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PDH_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input); break; + case SEV_PEK_CSR: + ret = sev_ioctl_do_pek_csr(&input); + break; default: ret = -EINVAL; goto out; -- 2.9.5