File virt-sevguest-Add-support-to-derive-key of Package linux-glibc-devel

Overview Repositories Revisions Requests Users Attributes Meta

File virt-sevguest-Add-support-to-derive-key of Package linux-glibc-devel

From: Brijesh Singh <brijesh.singh@amd.com>
Date: Thu, 24 Feb 2022 10:56:23 -0600
Subject: virt: sevguest: Add support to derive key
Git-commit: 68de0b2f938642079c0c853b219bdb88c4dc4d13
Patch-mainline: v5.19-rc1
References: jsc#SLE-19924, jsc#SLE-24814

The SNP_GET_DERIVED_KEY ioctl interface can be used by the SNP guest to
ask the firmware to provide a key derived from a root key. The derived
key may be used by the guest for any purposes it chooses, such as a
sealing key or communicating with the external entities.

See SEV-SNP firmware spec for more information.

[ bp: No need to memset "req" - it will get overwritten. ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Link: https://lore.kernel.org/r/20220307213356.2797205-45-brijesh.singh@amd.com

Acked-by: Joerg Roedel <jroedel@suse.de>
---
 Documentation/virt/coco/sevguest.rst  |   17 ++++++++++++
 drivers/virt/coco/sevguest/sevguest.c |   45 ++++++++++++++++++++++++++++++++++
 include/uapi/linux/sev-guest.h        |   17 ++++++++++++
 3 files changed, 79 insertions(+)

--- a/include/linux/sev-guest.h
+++ b/include/linux/sev-guest.h
@@ -30,6 +30,20 @@ struct snp_report_resp {
 	__u8 data[4000];
 };
 
+struct snp_derived_key_req {
+	__u32 root_key_select;
+	__u32 rsvd;
+	__u64 guest_field_select;
+	__u32 vmpl;
+	__u32 guest_svn;
+	__u64 tcb_version;
+};
+
+struct snp_derived_key_resp {
+	/* response data, see SEV-SNP spec for the format */
+	__u8 data[64];
+};
+
 struct snp_guest_request_ioctl {
 	/* message version number (must be non-zero) */
 	__u8 msg_version;
@@ -47,4 +61,7 @@ struct snp_guest_request_ioctl {
 /* Get SNP attestation report */
 #define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
 
+/* Get a derived key from the root */
+#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
+
 #endif /* __UAPI_LINUX_SEV_GUEST_H_ */

Places

File virt-sevguest-Add-support-to-derive-key of Package linux-glibc-devel

Places