tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Move SEV_INIT retry for corrupted data

Move the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.

Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Peter Gonda and committed by
Herbert Xu e423b9d7 c8341ac6

+16 -14
+16 -14
drivers/crypto/ccp/sev-dev.c
··· 241 241 struct psp_device *psp = psp_master; 242 242 struct sev_data_init data; 243 243 struct sev_device *sev; 244 - int rc = 0; 244 + int psp_ret, rc = 0; 245 245 246 246 if (!psp || !psp->sev_data) 247 247 return -ENODEV; ··· 266 266 data.tmr_len = SEV_ES_TMR_SIZE; 267 267 } 268 268 269 - rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error); 269 + rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, &psp_ret); 270 + if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) { 271 + /* 272 + * Initialization command returned an integrity check failure 273 + * status code, meaning that firmware load and validation of SEV 274 + * related persistent data has failed. Retrying the 275 + * initialization function should succeed by replacing the state 276 + * with a reset state. 277 + */ 278 + dev_dbg(sev->dev, "SEV: retrying INIT command"); 279 + rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, &psp_ret); 280 + } 281 + if (error) 282 + *error = psp_ret; 283 + 270 284 if (rc) 271 285 return rc; 272 286 ··· 1105 1091 1106 1092 /* Initialize the platform */ 1107 1093 rc = sev_platform_init(&error); 1108 - if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) { 1109 - /* 1110 - * INIT command returned an integrity check failure 1111 - * status code, meaning that firmware load and 1112 - * validation of SEV related persistent data has 1113 - * failed and persistent state has been erased. 1114 - * Retrying INIT command here should succeed. 1115 - */ 1116 - dev_dbg(sev->dev, "SEV: retrying INIT command"); 1117 - rc = sev_platform_init(&error); 1118 - } 1119 - 1120 1094 if (rc) { 1121 1095 dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", 1122 1096 error, rc);