tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Add support to enable CipherTextHiding on SNP_INIT_EX

To enable ciphertext hiding, it must be specified in the SNP_INIT_EX
command as part of SNP initialization.

Modify the sev_platform_init_args structure, which is used as input to
sev_platform_init(), to include a field that, when non-zero,
indicates that ciphertext hiding should be enabled and specifies the
maximum ASID that can be used for an SEV-SNP guest.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Reviewed-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ashish Kalra and committed by
Herbert Xu c9760b0f 45d59bd4

+17 -5
+9 -3
drivers/crypto/ccp/sev-dev.c
··· 1186 1186 return 0; 1187 1187 } 1188 1188 1189 - static int __sev_snp_init_locked(int *error) 1189 + static int __sev_snp_init_locked(int *error, unsigned int max_snp_asid) 1190 1190 { 1191 1191 struct psp_device *psp = psp_master; 1192 1192 struct sev_data_snp_init_ex data; ··· 1247 1247 } 1248 1248 1249 1249 memset(&data, 0, sizeof(data)); 1250 + 1251 + if (max_snp_asid) { 1252 + data.ciphertext_hiding_en = 1; 1253 + data.max_snp_asid = max_snp_asid; 1254 + } 1255 + 1250 1256 data.init_rmp = 1; 1251 1257 data.list_paddr_en = 1; 1252 1258 data.list_paddr = __psp_pa(snp_range_list); ··· 1439 1433 if (sev->sev_plat_status.state == SEV_STATE_INIT) 1440 1434 return 0; 1441 1435 1442 - rc = __sev_snp_init_locked(&args->error); 1436 + rc = __sev_snp_init_locked(&args->error, args->max_snp_asid); 1443 1437 if (rc && rc != -ENODEV) 1444 1438 return rc; 1445 1439 ··· 1522 1516 { 1523 1517 int error, rc; 1524 1518 1525 - rc = __sev_snp_init_locked(&error); 1519 + rc = __sev_snp_init_locked(&error, 0); 1526 1520 if (rc) { 1527 1521 argp->error = SEV_RET_INVALID_PLATFORM_STATE; 1528 1522 return rc;
+8 -2
include/linux/psp-sev.h
··· 748 748 struct sev_data_snp_init_ex { 749 749 u32 init_rmp:1; 750 750 u32 list_paddr_en:1; 751 - u32 rsvd:30; 751 + u32 rapl_dis:1; 752 + u32 ciphertext_hiding_en:1; 753 + u32 rsvd:28; 752 754 u32 rsvd1; 753 755 u64 list_paddr; 754 - u8 rsvd2[48]; 756 + u16 max_snp_asid; 757 + u8 rsvd2[46]; 755 758 } __packed; 756 759 757 760 /** ··· 803 800 * @probe: True if this is being called as part of CCP module probe, which 804 801 * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed 805 802 * unless psp_init_on_probe module param is set 803 + * @max_snp_asid: When non-zero, enable ciphertext hiding and specify the 804 + * maximum ASID that can be used for an SEV-SNP guest. 806 805 */ 807 806 struct sev_platform_init_args { 808 807 int error; 809 808 bool probe; 809 + unsigned int max_snp_asid; 810 810 }; 811 811 812 812 /**