On 10/12/17 3:21 PM, Borislav Petkov wrote:
> On Thu, Oct 12, 2017 at 03:11:07PM -0500, Brijesh Singh wrote:
>> Lets consider this scenario
>> 1- platform is in uninit state, we transition it to INIT
>> 2- PEK_GEN command failed
>> 3- since we have transitioned the p
On 10/12/17 9:08 AM, Borislav Petkov wrote:
...
> Well, if you're going to have a global var, why not pull up the misc
> device instead?
>
> And mind you, I've moved out this assignments:
>
> + psp->sev_misc = psp_misc_dev;
> + init_waitqueue_head(&psp->sev_int_queue);
> + dev_
On 10/12/17 4:41 PM, Borislav Petkov wrote:
> On Thu, Oct 12, 2017 at 04:11:18PM -0500, Brijesh Singh wrote:
>> The sev_exit() will be called for all the psp_device instance. we need
>> to set psp_misc_dev = NULL after deregistering the device.
>>
>> if (psp_misc_
On 10/12/17 2:53 PM, Borislav Petkov wrote:
...
> Ok, a couple of things here:
>
> * Move the checks first and the allocations second so that you allocate
> memory only after all checks have been passed and you don't allocate
> pointlessly.
I assume you mean performing the SEV state check befo
On 10/12/17 9:24 PM, Brijesh Singh wrote:
>
> On 10/12/17 2:53 PM, Borislav Petkov wrote:
> ...
>
>> Ok, a couple of things here:
>>
>> * Move the checks first and the allocations second so that you allocate
>> memory only after all checks have been passed a
On 10/13/2017 09:53 AM, Borislav Petkov wrote:
...
- if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+ if (copy_from_user(data, (void __user *)uaddr, len))
goto e_free;
IIRC, typecast was needed for i386 build, but now we have depends on
X86_64 henc
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 69
1 file changed, 69 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index d9771d104eea..26a365c9b
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 83
include/linux/psp-sev.h | 4 +++
2 files changed, 87 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-d
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 1d7212da25a5..d9771d104eea 100644
--- a/drivers/crypto/ccp/psp-d
: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
dri
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 5c921b36bc23..1d7212da25a5 100644
--- a/drivers/cryp
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 99
1 file changed, 99 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 89242d4d1067..ad
ert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
include/linux/psp-s
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 24
1 file changed, 24 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 28 +++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
include/uapi/linux/psp-sev.h | 113 +++
1 file changed, 113 insertions(+)
create mode 100644 include/uapi/linux/psp-sev.h
di
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 306 +++
drivers/crypto/ccp/psp-dev.h | 21 +++
include/linux/psp-sev.h | 159 ++
3 files changed, 486 insertions(+)
diff --git a/dri
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc: Herbert Xu
Cc: "Da
NCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
On 10/23/17 4:32 AM, Borislav Petkov wrote:
...
>> +static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
>> +{
>> +int ret, err;
>> +
>> +ret = sev_platform_init(NULL, &argp->error);
>> +if (ret)
>> +return ret;
>> +
>> +ret = sev_do_cmd(cmd, 0, &ar
On 10/23/17 7:32 AM, Borislav Petkov wrote:
> On Mon, Oct 23, 2017 at 07:15:30AM -0500, Brijesh Singh wrote:
>> I am not sure if I am able to understand your feedback. The
>> sev_platform_shutdown() is called unconditionally.
> How's that:
>
> If sev_
On 10/23/2017 04:20 AM, Borislav Petkov wrote:
On Thu, Oct 19, 2017 at 09:33:48PM -0500, Brijesh Singh wrote:
+static int __sev_platform_init(struct sev_data_init *data, int *error)
+{
+ int rc = 0;
+
+ mutex_lock(&fw_init_mutex);
+
+ if (!fw_init_count) {
I still d
On 10/23/2017 09:10 AM, Borislav Petkov wrote:
On Mon, Oct 23, 2017 at 08:32:57AM -0500, Brijesh Singh wrote:
If both the command fails then we return status from the last command.
IIRC, in my previous patches I was returning status from sev_do_cmd()
instead of sev_platform_shutdown() but
On 10/23/2017 02:34 AM, Borislav Petkov wrote:
...
Just minor cleanups:
Thanks Boris, I have applied your cleanups.
-Brijesh
---
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index e9966d5fc6c4..f9a9a6e6ab99 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/driv
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-
kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp/psp-
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
Changes since v6:
* when sev_do_cmd() and sev_platform_shutdown() fails then propogate
the error status code from sev_do_cmd() because it can give us
much better reason for the failure.
drivers/crypto/ccp
Hi Herbert and Paolo,
On 10/19/17 9:33 PM, Brijesh Singh wrote:
> This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM
> changes required to create and manage SEV guests.
>
> SEV is an extension to the AMD-V architecture which supports running encrypted
>
On 10/26/2017 08:56 AM, Borislav Petkov wrote:
On Mon, Oct 23, 2017 at 02:57:04PM -0500, Brijesh Singh wrote:
Calling PLATFORM_GET_STATUS is not required, we can manage the state through
a simple ref count variable. Issuing PSP commands will always be much more
expensive compare to accessing
On 10/26/2017 12:44 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 11:56:57AM -0500, Brijesh Singh wrote:
The variable is used as ref counter.
... and it can't be converted to a boolean because...?
SHUTDOWN command unconditionally transitions a platform to uninitialized
state
On 10/26/2017 03:13 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote:
SHUTDOWN command unconditionally transitions a platform to uninitialized
state. The command does not care how many processes are actively using the
PSP. We don't want to shutdow
On 10/27/17 2:56 AM, Borislav Petkov wrote:
> On Thu, Oct 26, 2017 at 03:59:32PM -0500, Brijesh Singh wrote:
>> we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP
>> initialization routines after pci_register_driver() is done but #2 can get
>> pa
On 10/27/17 3:15 PM, Borislav Petkov wrote:
> On Fri, Oct 27, 2017 at 06:28:38AM -0500, Brijesh Singh wrote:
>> ... User can retry the command sometime later when nobody else is
>> using the PSP.
> That still doesn't prevent you from doing two things:
>
> * make tha
On 10/27/17 3:27 PM, Borislav Petkov wrote:
> On Fri, Oct 27, 2017 at 03:25:24PM -0500, Brijesh Singh wrote:
>> Yep, we are doing state transition only when we really need to. At least
>> so far I have tried to avoid making any unnecessary state transitions.
> So change all t
On 10/27/17 4:49 PM, Borislav Petkov wrote:
> On Fri, Oct 27, 2017 at 04:28:31PM -0500, Brijesh Singh wrote:
>> This will fail because PEK_GEN require the platform in INIT state and
>> nobody has done the state transition from INIT -> UINIT.
> Huh, FW is in INIT state and P
On 10/27/17 7:00 PM, Borislav Petkov wrote:
> On Fri, Oct 27, 2017 at 05:59:23PM -0500, Brijesh Singh wrote:
>> Yes it is typo. PEK_GEN wants FW to be in INIT state hence someone need
>> to transition from UNINIT -> INIT.
> Which, once you've done it once on driver i
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
Boris,
I have tried to minimize the INIT -> SHUTDOWN transition by keeping state
information in sev_state variable. Since we INIT the platform during the
modprobe time hence we no longer need the kref count and init mutex.
Here a
I just realized that this should be marked as "PATCH v6.1 13/38 ...". I
had some debug patch before this hence it was pushed below in the stack.
On 10/29/17 3:48 PM, Brijesh Singh wrote:
> AMD's new Secure Encrypted Virtualization (SEV) feature allows the
> memory content
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
Boris,
It may look confusing that we call PLATFORM_STATUS command to check the
current FW state even when we keep the state in psp->s
kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
Boris,
I had your R-b in v6 and have kept it. The changes in this patch are
very minor. Let me know if you are okay with it - thank
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
Changes since v6.1:
* use psp->sev_state to check the state before transition to INIT
drivers/crypto/ccp/psp-dev.c | 68 ++
On 10/30/2017 12:21 PM, Borislav Petkov wrote:
...
Useless forward declarations.
Actually its helpful in other patches. I was trying to avoid making too
many code movement in other patches to eliminate the forward
declarations. I guess I can fix in v7.
static struct psp_device *psp
On 10/30/17 12:57 PM, Borislav Petkov wrote:
> On Mon, Oct 30, 2017 at 12:49:14PM -0500, Brijesh Singh wrote:
>> If the buffer is allocated on the stack then there is no guarantee that
> static global is not allocated on the stack.
Okay, Just tried static global with CONFIG_VMAP_S
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/uapi/linux/psp-sev.h | 113 +++
1 file changed, 113 insertions(+)
create mode 100644 include/uapi
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/driv
kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 98
1 file changed, 98 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 2c
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 68
1 file changed, 68 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files changed, 85 insertions(+)
diff --git
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 70 +++-
1 file changed, 69 insertions(+), 1 deletion(-)
diff --git
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/linux/psp-s
: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
dri
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 350 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-s
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Gary R Hook
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Vi
On 11/02/2017 12:10 PM, Borislav Petkov wrote:
...
drivers/crypto/ccp/psp-dev.c | 350 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-sev.h | 143 +
Hi Herbert,
On 10/24/2017 07:14 AM, Brijesh Singh wrote:
Hi Herbert and Paolo,
Since the PSP patches touches both the CCP and KVM driver, hence I was
wondering if you guys have any thought on how PSP patches will be
merged? I am talking about Patch 9 to 20 from this series. I have
On 11/3/17 2:42 PM, Borislav Petkov wrote:
...
>> +if (psp_master->sev_state == SEV_STATE_UNINIT) {
>> +ret = __sev_platform_init_locked(psp_master->sev_init,
>> &argp->error);
> Right, you're passing psp_master->sev_init (or whatever you're going to
> end up calling it) down bu
On 11/05/2017 05:34 AM, Borislav Petkov wrote:
...
Fixes ontop:
* !input.cert_chain_address test was repeated. I saw that by aligning
them vertically, i.e., after making it more readable, the repetition
became obvious.
* Do the lengths checks first and the access_ok after, in each PDH and
c
SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
(SEV)
KVM: SVM: Prepare to reserve asid for SEV guest
K
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 8a
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 66
1 file changed, 66 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 97
1 file changed, 97 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files c
: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
dri
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/driv
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 344 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-s
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/linux/psp-s
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 77 +++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/p
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Gary R Hook
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/uapi/linux/psp-sev.h | 142 +++
1 file changed, 142 insertions(+)
create mode 100644 include/uapi
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/linux/psp-s
kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 97
1 file changed, 97 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Gary R Hook
Cc: Brijesh Singh
Cc: Tom Lendacky
Cc: Gary Hook
Cc
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 66
1 file changed, 66 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/driv
kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Acked-by: Gary R Hook
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/psp-dev.c | 81
include/linux/psp-sev.h | 4 +++
2 files c
.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 8a
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
include/uapi/linux/psp-sev.h | 142 +++
1 file changed, 142 insertions(+)
create mode 100644 include/uapi
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 344 +++
drivers/crypto/ccp/psp-dev.h | 24 +++
drivers/crypto/ccp/sp-dev.c | 9 ++
drivers/crypto/ccp/sp-dev.h | 4 +
include/linux/psp-s
: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
---
drivers/crypto/ccp/Kconfig | 11 +
drivers/crypto/ccp/Makefile | 1 +
dri
kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
---
drivers/crypto/ccp/psp-dev.c | 77 +++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/p
nux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Reviewed-by: Borislav Petkov
Acked-by: Gary R Hook
---
drivers/crypto/ccp/psp-dev.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/driv
* Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
* Changes to address v2 feedbacks
Borislav Petkov (1):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support
Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted V
r (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foun
On 12/21/17 7:06 AM, Paolo Bonzini wrote:
Hi Paolo,
> Hi Brijesh,
>
> I have a couple comments:
>
> 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in
> the manual?
It is a non interceptable read-only MSR set by the HW when SEV feature
is enabled in VMRUN instructio
On 12/21/17 9:51 AM, Brijesh Singh wrote:
>
> On 12/21/17 7:06 AM, Paolo Bonzini wrote:
>
>
> Hi Paolo,
>
>
>> Hi Brijesh,
>>
>> I have a couple comments:
>>
>> 1) how is MSR_AMD64_SEV's value passed to the guest, and where is it in
ret = ioctl(fd, KVM_SEV_ISSUE_CMD, &data);
On SEV command failure, data.ret_code will contain the firmware error code.
Signed-off-by: Brijesh Singh
---
arch/x86/include/asm/kvm_host.h |3 +
arch/x86/kvm/x86.c | 13
include/uapi/linux/kvm.h
The command is used to query the SEV guest status.
For more information see [1], section 6.10
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 41 +
1 file changed, 41 insertions
The command is used for finializing the guest launch into SEV mode.
For more information see [1], section 6.3
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 78
1 file
The command encrypts a region of guest memory for debugging purposes.
For more information see [1], section 7.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 100
1
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4af195d..88b8f89 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5779,6 +5779,25 @@ err_1:
return
The command is used for encrypting guest memory region.
For more information see [1], section 6.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 126
1 file changed
From: Tom Lendacky
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to a GPA. This is unnecessary
most of the time on AMD hardware since the hardware provides the GPA in
EXITINFO2.
The only exception cases involve string operation
From: Tom Lendacky
AMD hardware adds two additional bits to aid in nested page fault handling.
Bit 32 - NPF occurred while translating the guest's final physical address
Bit 33 - NPF occurred while translating the guest page tables
The guest page tables fault indicator can be used as an aid for
From: Tom Lendacky
When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head64.c |4 ++--
arch/x86/kernel/setup.c |7 ---
2
101 - 200 of 333 matches
Mail list logo