File virt-Add-SEV-SNP-guest-driver of Package linux-glibc-devel

Overview Repositories Revisions Requests Users Attributes Meta

File virt-Add-SEV-SNP-guest-driver of Package linux-glibc-devel

From: Brijesh Singh <brijesh.singh@amd.com>
Date: Mon, 7 Mar 2022 15:33:53 -0600
Subject: virt: Add SEV-SNP guest driver
Git-commit: fce96cf0443083e37455eff8f78fd240c621dae3
Patch-mainline: v5.19-rc1
References: jsc#SLE-19924, jsc#SLE-24814

The SEV-SNP specification provides the guest a mechanism to communicate
with the PSP without risk from a malicious hypervisor who wishes to
read, alter, drop or replay the messages sent. The driver uses
snp_issue_guest_request() to issue GHCB SNP_GUEST_REQUEST or
SNP_EXT_GUEST_REQUEST NAE events to submit the request to PSP.

The PSP requires that all communication should be encrypted using key
specified through a struct snp_guest_platform_data descriptor.

Userspace can use SNP_GET_REPORT ioctl() to query the guest attestation
report.

See SEV-SNP spec section Guest Messages for more details.

[ bp: Remove the "what" from the commit message, massage. ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220307213356.2797205-44-brijesh.singh@amd.com

Acked-by: Joerg Roedel <jroedel@suse.de>
---
 Documentation/virt/coco/sevguest.rst  |   86 ++++
 Documentation/virt/index.rst          |    1 
 drivers/virt/Kconfig                  |    3 
 drivers/virt/Makefile                 |    1 
 drivers/virt/coco/sevguest/Kconfig    |   14 
 drivers/virt/coco/sevguest/Makefile   |    2 
 drivers/virt/coco/sevguest/sevguest.c |  607 ++++++++++++++++++++++++++++++++++
 drivers/virt/coco/sevguest/sevguest.h |   98 +++++
 include/uapi/linux/sev-guest.h        |   50 ++
 9 files changed, 862 insertions(+)

--- /dev/null
+++ b/include/linux/sev-guest.h
@@ -0,0 +1,50 @@
+/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
+/*
+ * Userspace interface for AMD SEV and SNP guest driver.
+ *
+ * Copyright (C) 2021 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh <brijesh.singh@amd.com>
+ *
+ * SEV API specification is available at: https://developer.amd.com/sev/
+ */
+
+#ifndef __UAPI_LINUX_SEV_GUEST_H_
+#define __UAPI_LINUX_SEV_GUEST_H_
+
+#include <linux/types.h>
+
+struct snp_report_req {
+	/* user data that should be included in the report */
+	__u8 user_data[64];
+
+	/* The vmpl level to be included in the report */
+	__u32 vmpl;
+
+	/* Must be zero filled */
+	__u8 rsvd[28];
+};
+
+struct snp_report_resp {
+	/* response data, see SEV-SNP spec for the format */
+	__u8 data[4000];
+};
+
+struct snp_guest_request_ioctl {
+	/* message version number (must be non-zero) */
+	__u8 msg_version;
+
+	/* Request and response structure address */
+	__u64 req_data;
+	__u64 resp_data;
+
+	/* firmware error code on failure (see psp-sev.h) */
+	__u64 fw_err;
+};
+
+#define SNP_GUEST_REQ_IOC_TYPE	'S'
+
+/* Get SNP attestation report */
+#define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
+
+#endif /* __UAPI_LINUX_SEV_GUEST_H_ */

Places

File virt-Add-SEV-SNP-guest-driver of Package linux-glibc-devel

Places