File virt-sevguest-Add-support-to-get-extended-report of Package linux-glibc-devel

Overview Repositories Revisions Requests Users Attributes Meta

File virt-sevguest-Add-support-to-get-extended-report of Package linux-glibc-devel

From: Brijesh Singh <brijesh.singh@amd.com>
Date: Mon, 7 Mar 2022 15:33:55 -0600
Subject: virt: sevguest: Add support to get extended report
Git-commit: d80b494f712317493d464a55652698c4d1b7bb0f
Patch-mainline: v5.19-rc1
References: jsc#SLE-19924, jsc#SLE-24814

Version 2 of GHCB specification defines Non-Automatic-Exit (NAE) to get
extended guest report which is similar to the SNP_GET_REPORT ioctl. The
main difference is related to the additional data that will be returned.

That additional data returned is a certificate blob that can be used by
the SNP guest user. The certificate blob layout is defined in the GHCB
specification. The driver simply treats the blob as a opaque data and
copies it to userspace.

[ bp: Massage commit message, cast 1st arg of access_ok() ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220307213356.2797205-46-brijesh.singh@amd.com

Acked-by: Joerg Roedel <jroedel@suse.de>
---
 Documentation/virt/coco/sevguest.rst  |   23 ++++++++
 drivers/virt/coco/sevguest/sevguest.c |   92 +++++++++++++++++++++++++++++++++-
 include/uapi/linux/sev-guest.h        |   13 ++++
 3 files changed, 126 insertions(+), 2 deletions(-)

--- a/include/linux/sev-guest.h
+++ b/include/linux/sev-guest.h
@@ -56,6 +56,16 @@ struct snp_guest_request_ioctl {
 	__u64 fw_err;
 };
 
+struct snp_ext_report_req {
+	struct snp_report_req data;
+
+	/* where to copy the certificate blob */
+	__u64 certs_address;
+
+	/* length of the certificate blob */
+	__u32 certs_len;
+};
+
 #define SNP_GUEST_REQ_IOC_TYPE	'S'
 
 /* Get SNP attestation report */
@@ -64,4 +74,7 @@ struct snp_guest_request_ioctl {
 /* Get a derived key from the root */
 #define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
 
+/* Get SNP extended report as defined in the GHCB specification version 2. */
+#define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl)
+
 #endif /* __UAPI_LINUX_SEV_GUEST_H_ */

Places

File virt-sevguest-Add-support-to-get-extended-report of Package linux-glibc-devel

Places