diff options
| author | Brijesh Singh <brijesh.singh@amd.com> | 2022-04-26 18:06:20 +0000 |
|---|---|---|
| committer | Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> | 2022-07-13 17:27:27 -0500 |
| commit | 30443c787ff81af54b328dd70f804862b89f31dc (patch) | |
| tree | cb53f8731a2b4b5abccceb5233e2c1691e638285 /include/uapi/linux | |
| parent | 414fdbedf80352fa5a026a8c1676e3fd714c715e (diff) | |
| download | cachepc-linux-30443c787ff81af54b328dd70f804862b89f31dc.tar.gz cachepc-linux-30443c787ff81af54b328dd70f804862b89f31dc.zip | |
crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
The SEV-SNP firmware provides the SNP_CONFIG command used to set the
system-wide configuration value for SNP guests. The information includes
the TCB version string to be reported in guest attestation reports.
Version 2 of the GHCB specification adds an NAE (SNP extended guest
request) that a guest can use to query the reports that include additional
certificates.
In both cases, userspace provided additional data is included in the
attestation reports. The userspace will use the SNP_SET_EXT_CONFIG
command to give the certificate blob and the reported TCB version string
at once. Note that the specification defines certificate blob with a
specific GUID format; the userspace is responsible for building the
proper certificate blob. The ioctl treats it an opaque blob.
While it is not defined in the spec, but let's add SNP_GET_EXT_CONFIG
command that can be used to obtain the data programmed through the
SNP_SET_EXT_CONFIG.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/psp-sev.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index ffd60e8b0a31..60e7a8d1a18e 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -29,6 +29,8 @@ enum { SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ SEV_GET_ID2, SNP_PLATFORM_STATUS, + SNP_SET_EXT_CONFIG, + SNP_GET_EXT_CONFIG, SEV_MAX, }; @@ -191,6 +193,21 @@ struct sev_user_data_snp_config { } __packed; /** + * struct sev_data_snp_ext_config - system wide configuration value for SNP. + * + * @config_address: address of the struct sev_user_data_snp_config or 0 when + * reported_tcb does not need to be updated. + * @certs_address: address of extended guest request certificate chain or + * 0 when previous certificate should be removed on SNP_SET_EXT_CONFIG. + * @certs_len: length of the certs + */ +struct sev_user_data_ext_snp_config { + __u64 config_address; /* In */ + __u64 certs_address; /* In */ + __u32 certs_len; /* In */ +}; + +/** * struct sev_issue_cmd - SEV ioctl parameters * * @cmd: SEV commands to execute |