diff options
| author | Ashish Kalra <ashish.kalra@amd.com> | 2022-10-07 19:24:31 +0000 |
|---|---|---|
| committer | Ashish Kalra <ashish.kalra@amd.com> | 2022-10-07 20:12:50 +0000 |
| commit | e056906564c361da3e2f5454dd8e9906a0348f6e (patch) | |
| tree | 1dfc70a02f0ac70b2f1aa49ca54484158b25f09a /include/linux | |
| parent | cef6e5b1b2f2f895cec9cf886f282e10cffcc2ab (diff) | |
| download | cachepc-linux-e056906564c361da3e2f5454dd8e9906a0348f6e.tar.gz cachepc-linux-e056906564c361da3e2f5454dd8e9906a0348f6e.zip | |
crypto: ccp: Add SNP_INIT_EX support to initialize the AMD-SP for SEV-SNP
During the execution of SNP_INIT command, the firmware configures
and enables SNP security policy enforcement in many system components.
Some system components write to regions of memory reserved by early
x86 firmware (e.g. UEFI). Other system components write to regions
provided by the operation system, hypervisor, or x86 firmware.
Such system components can only write to HV-fixed pages or Default pages.
They will error when attempting to write to other page states after
SNP_INIT enables their SNP enforcement.
Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list of
system physical address ranges to convert into the HV-fixed page states
during the RMP initialization. If INIT_RMP is 1, hypervisors should
provide all system physical address ranges that the hypervisor will
never assign to a guest until the next RMP re-initialization.
For instance, the memory that UEFI reserves should be included in the
range list. This allows system components that occasionally write to
memory (e.g. logging to UEFI reserved regions) to not fail due to
RMP initialization and SNP enablement.
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/psp-sev.h | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 8d2565c70c39..8678101abae2 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -94,6 +94,7 @@ enum sev_cmd { SEV_CMD_SNP_PLATFORM_STATUS = 0x83, SEV_CMD_SNP_DF_FLUSH = 0x84, SEV_CMD_SNP_INIT_EX = 0x85, + SEV_CMD_SNP_SHUTDOWN_EX = 0x86, SEV_CMD_SNP_DECOMMISSION = 0x90, SEV_CMD_SNP_ACTIVATE = 0x91, SEV_CMD_SNP_GUEST_STATUS = 0x92, @@ -745,14 +746,55 @@ struct sev_data_snp_guest_request { } __packed; /** - * struuct sev_data_snp_init - SNP_INIT_EX structure + * struct sev_data_snp_init - SNP_INIT_EX structure * * @init_rmp: indicate that the RMP should be initialized. + * @list_paddr_en: indicate that list_paddr is valid + * #list_paddr: system physical address of range list */ struct sev_data_snp_init_ex { u32 init_rmp:1; - u32 rsvd:31; - u8 rsvd1[60]; + u32 list_paddr_en:1; + u32 rsvd:30; + u32 rsvd1; + u64 list_paddr; + u8 rsvd2[48]; +} __packed; + +/** + * struct sev_data_range - RANGE structure + * + * @base: system physical address of first byte of range + * @page_count: number of 4KB pages in this range + */ +struct sev_data_range { + u64 base; + u32 page_count; + u32 rsvd; +} __packed; + +/** + * struct sev_data_range_list - RANGE_LIST structure + * + * @num_elements: number of elements in RANGE_ARRAY + * @ranges: array of num_elements of type RANGE + */ +struct sev_data_range_list { + u32 num_elements; + u32 rsvd; + struct sev_data_range ranges[0]; +} __packed; + +/** + * struct sev_data_snp_shutdown_ex - SNP_SHUTDOWN_EX structure + * + * @length: len of the command buffer read by the PSP + * @iommu_snp_shutdown: Disable enforcement of SNP in the IOMMU + */ +struct sev_data_snp_shutdown_ex { + u32 length; + u32 iommu_snp_shutdown:1; + u32 rsvd1:31; } __packed; #ifdef CONFIG_CRYPTO_DEV_SP_PSP |