diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0025-crypto-ccp-Implement-SEV_FACTORY_RESET-ioctl-command.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0025-crypto-ccp-Implement-SEV_FACTORY_RESET-ioctl-command.patch | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0025-crypto-ccp-Implement-SEV_FACTORY_RESET-ioctl-command.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0025-crypto-ccp-Implement-SEV_FACTORY_RESET-ioctl-command.patch new file mode 100644 index 00000000..8cb8fa2e --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0025-crypto-ccp-Implement-SEV_FACTORY_RESET-ioctl-command.patch @@ -0,0 +1,121 @@ +From 6a488d9cf6428aaf117d57413c019f3e073914eb Mon Sep 17 00:00:00 2001 +From: Brijesh Singh <brijesh.singh@amd.com> +Date: Mon, 4 Dec 2017 10:57:29 -0600 +Subject: [PATCH 25/95] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The SEV_FACTORY_RESET command can be used by the platform owner to +reset the non-volatile SEV related data. The command is defined in +SEV spec section 5.4 + +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: "Radim Krčmář" <rkrcmar@redhat.com> +Cc: Borislav Petkov <bp@suse.de> +Cc: Herbert Xu <herbert@gondor.apana.org.au> +Cc: Gary Hook <gary.hook@amd.com> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Cc: linux-crypto@vger.kernel.org +Cc: kvm@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Improvements-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + drivers/crypto/ccp/psp-dev.c | 77 +++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 76 insertions(+), 1 deletion(-) + +diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c +index 9915a6c..b49583a4 100644 +--- a/drivers/crypto/ccp/psp-dev.c ++++ b/drivers/crypto/ccp/psp-dev.c +@@ -232,9 +232,84 @@ static int sev_platform_shutdown(int *error) + return rc; + } + ++static int sev_get_platform_state(int *state, int *error) ++{ ++ int rc; ++ ++ rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, ++ &psp_master->status_cmd_buf, error); ++ if (rc) ++ return rc; ++ ++ *state = psp_master->status_cmd_buf.state; ++ return rc; ++} ++ ++static int sev_ioctl_do_reset(struct sev_issue_cmd *argp) ++{ ++ int state, rc; ++ ++ /* ++ * The SEV spec requires that FACTORY_RESET must be issued in ++ * UNINIT state. Before we go further lets check if any guest is ++ * active. ++ * ++ * If FW is in WORKING state then deny the request otherwise issue ++ * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET. ++ * ++ */ ++ rc = sev_get_platform_state(&state, &argp->error); ++ if (rc) ++ return rc; ++ ++ if (state == SEV_STATE_WORKING) ++ return -EBUSY; ++ ++ if (state == SEV_STATE_INIT) { ++ rc = __sev_platform_shutdown_locked(&argp->error); ++ if (rc) ++ return rc; ++ } ++ ++ return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, &argp->error); ++} ++ + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) + { +- return -ENOTTY; ++ void __user *argp = (void __user *)arg; ++ struct sev_issue_cmd input; ++ int ret = -EFAULT; ++ ++ if (!psp_master) ++ return -ENODEV; ++ ++ if (ioctl != SEV_ISSUE_CMD) ++ return -EINVAL; ++ ++ if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd))) ++ return -EFAULT; ++ ++ if (input.cmd > SEV_MAX) ++ return -EINVAL; ++ ++ mutex_lock(&sev_cmd_mutex); ++ ++ switch (input.cmd) { ++ ++ case SEV_FACTORY_RESET: ++ ret = sev_ioctl_do_reset(&input); ++ break; ++ default: ++ ret = -EINVAL; ++ goto out; ++ } ++ ++ if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd))) ++ ret = -EFAULT; ++out: ++ mutex_unlock(&sev_cmd_mutex); ++ ++ return ret; + } + + static const struct file_operations sev_fops = { +-- +2.7.4 + |