Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
592d5e74 BS |
2 | /* |
3 | * AMD Secure Encrypted Virtualization (SEV) driver interface | |
4 | * | |
5 | * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. | |
6 | * | |
7 | * Author: Brijesh Singh <brijesh.singh@amd.com> | |
8 | * | |
d6112ea0 | 9 | * SEV API spec is available at https://developer.amd.com/sev |
592d5e74 BS |
10 | */ |
11 | ||
12 | #ifndef __PSP_SEV_H__ | |
13 | #define __PSP_SEV_H__ | |
14 | ||
15 | #include <uapi/linux/psp-sev.h> | |
16 | ||
592d5e74 BS |
17 | #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ |
18 | ||
19 | /** | |
20 | * SEV platform state | |
21 | */ | |
22 | enum sev_state { | |
23 | SEV_STATE_UNINIT = 0x0, | |
24 | SEV_STATE_INIT = 0x1, | |
25 | SEV_STATE_WORKING = 0x2, | |
26 | ||
27 | SEV_STATE_MAX | |
28 | }; | |
29 | ||
30 | /** | |
31 | * SEV platform and guest management commands | |
32 | */ | |
33 | enum sev_cmd { | |
34 | /* platform commands */ | |
35 | SEV_CMD_INIT = 0x001, | |
36 | SEV_CMD_SHUTDOWN = 0x002, | |
37 | SEV_CMD_FACTORY_RESET = 0x003, | |
38 | SEV_CMD_PLATFORM_STATUS = 0x004, | |
39 | SEV_CMD_PEK_GEN = 0x005, | |
40 | SEV_CMD_PEK_CSR = 0x006, | |
41 | SEV_CMD_PEK_CERT_IMPORT = 0x007, | |
42 | SEV_CMD_PDH_CERT_EXPORT = 0x008, | |
43 | SEV_CMD_PDH_GEN = 0x009, | |
44 | SEV_CMD_DF_FLUSH = 0x00A, | |
edd303ff | 45 | SEV_CMD_DOWNLOAD_FIRMWARE = 0x00B, |
0b3a830b | 46 | SEV_CMD_GET_ID = 0x00C, |
3d725965 | 47 | SEV_CMD_INIT_EX = 0x00D, |
592d5e74 BS |
48 | |
49 | /* Guest commands */ | |
50 | SEV_CMD_DECOMMISSION = 0x020, | |
51 | SEV_CMD_ACTIVATE = 0x021, | |
52 | SEV_CMD_DEACTIVATE = 0x022, | |
53 | SEV_CMD_GUEST_STATUS = 0x023, | |
54 | ||
55 | /* Guest launch commands */ | |
56 | SEV_CMD_LAUNCH_START = 0x030, | |
57 | SEV_CMD_LAUNCH_UPDATE_DATA = 0x031, | |
58 | SEV_CMD_LAUNCH_UPDATE_VMSA = 0x032, | |
59 | SEV_CMD_LAUNCH_MEASURE = 0x033, | |
60 | SEV_CMD_LAUNCH_UPDATE_SECRET = 0x034, | |
61 | SEV_CMD_LAUNCH_FINISH = 0x035, | |
2c07ded0 | 62 | SEV_CMD_ATTESTATION_REPORT = 0x036, |
592d5e74 BS |
63 | |
64 | /* Guest migration commands (outgoing) */ | |
65 | SEV_CMD_SEND_START = 0x040, | |
66 | SEV_CMD_SEND_UPDATE_DATA = 0x041, | |
67 | SEV_CMD_SEND_UPDATE_VMSA = 0x042, | |
68 | SEV_CMD_SEND_FINISH = 0x043, | |
5569e2e7 | 69 | SEV_CMD_SEND_CANCEL = 0x044, |
592d5e74 BS |
70 | |
71 | /* Guest migration commands (incoming) */ | |
72 | SEV_CMD_RECEIVE_START = 0x050, | |
73 | SEV_CMD_RECEIVE_UPDATE_DATA = 0x051, | |
74 | SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052, | |
75 | SEV_CMD_RECEIVE_FINISH = 0x053, | |
76 | ||
77 | /* Guest debug commands */ | |
78 | SEV_CMD_DBG_DECRYPT = 0x060, | |
79 | SEV_CMD_DBG_ENCRYPT = 0x061, | |
80 | ||
3a45dc2b BS |
81 | /* SNP specific commands */ |
82 | SEV_CMD_SNP_INIT = 0x081, | |
83 | SEV_CMD_SNP_SHUTDOWN = 0x082, | |
84 | SEV_CMD_SNP_PLATFORM_STATUS = 0x083, | |
85 | SEV_CMD_SNP_DF_FLUSH = 0x084, | |
86 | SEV_CMD_SNP_INIT_EX = 0x085, | |
87 | SEV_CMD_SNP_SHUTDOWN_EX = 0x086, | |
88 | SEV_CMD_SNP_DECOMMISSION = 0x090, | |
89 | SEV_CMD_SNP_ACTIVATE = 0x091, | |
90 | SEV_CMD_SNP_GUEST_STATUS = 0x092, | |
91 | SEV_CMD_SNP_GCTX_CREATE = 0x093, | |
92 | SEV_CMD_SNP_GUEST_REQUEST = 0x094, | |
93 | SEV_CMD_SNP_ACTIVATE_EX = 0x095, | |
94 | SEV_CMD_SNP_LAUNCH_START = 0x0A0, | |
95 | SEV_CMD_SNP_LAUNCH_UPDATE = 0x0A1, | |
96 | SEV_CMD_SNP_LAUNCH_FINISH = 0x0A2, | |
97 | SEV_CMD_SNP_DBG_DECRYPT = 0x0B0, | |
98 | SEV_CMD_SNP_DBG_ENCRYPT = 0x0B1, | |
99 | SEV_CMD_SNP_PAGE_SWAP_OUT = 0x0C0, | |
100 | SEV_CMD_SNP_PAGE_SWAP_IN = 0x0C1, | |
101 | SEV_CMD_SNP_PAGE_MOVE = 0x0C2, | |
102 | SEV_CMD_SNP_PAGE_MD_INIT = 0x0C3, | |
103 | SEV_CMD_SNP_PAGE_SET_STATE = 0x0C6, | |
104 | SEV_CMD_SNP_PAGE_RECLAIM = 0x0C7, | |
105 | SEV_CMD_SNP_PAGE_UNSMASH = 0x0C8, | |
106 | SEV_CMD_SNP_CONFIG = 0x0C9, | |
107 | SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX = 0x0CA, | |
108 | SEV_CMD_SNP_COMMIT = 0x0CB, | |
109 | SEV_CMD_SNP_VLEK_LOAD = 0x0CD, | |
110 | ||
592d5e74 BS |
111 | SEV_CMD_MAX, |
112 | }; | |
113 | ||
114 | /** | |
115 | * struct sev_data_init - INIT command parameters | |
116 | * | |
117 | * @flags: processing flags | |
118 | * @tmr_address: system physical address used for SEV-ES | |
119 | * @tmr_len: len of tmr_address | |
120 | */ | |
121 | struct sev_data_init { | |
122 | u32 flags; /* In */ | |
123 | u32 reserved; /* In */ | |
124 | u64 tmr_address; /* In */ | |
125 | u32 tmr_len; /* In */ | |
126 | } __packed; | |
127 | ||
3d725965 DR |
128 | /** |
129 | * struct sev_data_init_ex - INIT_EX command parameters | |
130 | * | |
131 | * @length: len of the command buffer read by the PSP | |
132 | * @flags: processing flags | |
133 | * @tmr_address: system physical address used for SEV-ES | |
134 | * @tmr_len: len of tmr_address | |
135 | * @nv_address: system physical address used for PSP NV storage | |
136 | * @nv_len: len of nv_address | |
137 | */ | |
138 | struct sev_data_init_ex { | |
139 | u32 length; /* In */ | |
140 | u32 flags; /* In */ | |
141 | u64 tmr_address; /* In */ | |
142 | u32 tmr_len; /* In */ | |
143 | u32 reserved; /* In */ | |
144 | u64 nv_address; /* In/Out */ | |
145 | u32 nv_len; /* In */ | |
146 | } __packed; | |
147 | ||
97f9ac3d TL |
148 | #define SEV_INIT_FLAGS_SEV_ES 0x01 |
149 | ||
592d5e74 BS |
150 | /** |
151 | * struct sev_data_pek_csr - PEK_CSR command parameters | |
152 | * | |
153 | * @address: PEK certificate chain | |
154 | * @len: len of certificate | |
155 | */ | |
156 | struct sev_data_pek_csr { | |
157 | u64 address; /* In */ | |
158 | u32 len; /* In/Out */ | |
159 | } __packed; | |
160 | ||
161 | /** | |
162 | * struct sev_data_cert_import - PEK_CERT_IMPORT command parameters | |
163 | * | |
164 | * @pek_address: PEK certificate chain | |
165 | * @pek_len: len of PEK certificate | |
166 | * @oca_address: OCA certificate chain | |
167 | * @oca_len: len of OCA certificate | |
168 | */ | |
169 | struct sev_data_pek_cert_import { | |
170 | u64 pek_cert_address; /* In */ | |
171 | u32 pek_cert_len; /* In */ | |
172 | u32 reserved; /* In */ | |
173 | u64 oca_cert_address; /* In */ | |
174 | u32 oca_cert_len; /* In */ | |
175 | } __packed; | |
176 | ||
edd303ff JN |
177 | /** |
178 | * struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters | |
179 | * | |
180 | * @address: physical address of firmware image | |
181 | * @len: len of the firmware image | |
182 | */ | |
183 | struct sev_data_download_firmware { | |
184 | u64 address; /* In */ | |
185 | u32 len; /* In */ | |
186 | } __packed; | |
187 | ||
0b3a830b JN |
188 | /** |
189 | * struct sev_data_get_id - GET_ID command parameters | |
190 | * | |
191 | * @address: physical address of region to place unique CPU ID(s) | |
192 | * @len: len of the region | |
193 | */ | |
194 | struct sev_data_get_id { | |
195 | u64 address; /* In */ | |
196 | u32 len; /* In/Out */ | |
197 | } __packed; | |
592d5e74 BS |
198 | /** |
199 | * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters | |
200 | * | |
201 | * @pdh_address: PDH certificate address | |
202 | * @pdh_len: len of PDH certificate | |
203 | * @cert_chain_address: PDH certificate chain | |
204 | * @cert_chain_len: len of PDH certificate chain | |
205 | */ | |
206 | struct sev_data_pdh_cert_export { | |
207 | u64 pdh_cert_address; /* In */ | |
208 | u32 pdh_cert_len; /* In/Out */ | |
209 | u32 reserved; /* In */ | |
210 | u64 cert_chain_address; /* In */ | |
211 | u32 cert_chain_len; /* In/Out */ | |
212 | } __packed; | |
213 | ||
214 | /** | |
215 | * struct sev_data_decommission - DECOMMISSION command parameters | |
216 | * | |
217 | * @handle: handle of the VM to decommission | |
218 | */ | |
219 | struct sev_data_decommission { | |
220 | u32 handle; /* In */ | |
221 | } __packed; | |
222 | ||
223 | /** | |
224 | * struct sev_data_activate - ACTIVATE command parameters | |
225 | * | |
226 | * @handle: handle of the VM to activate | |
227 | * @asid: asid assigned to the VM | |
228 | */ | |
229 | struct sev_data_activate { | |
230 | u32 handle; /* In */ | |
231 | u32 asid; /* In */ | |
232 | } __packed; | |
233 | ||
234 | /** | |
235 | * struct sev_data_deactivate - DEACTIVATE command parameters | |
236 | * | |
237 | * @handle: handle of the VM to deactivate | |
238 | */ | |
239 | struct sev_data_deactivate { | |
240 | u32 handle; /* In */ | |
241 | } __packed; | |
242 | ||
243 | /** | |
244 | * struct sev_data_guest_status - SEV GUEST_STATUS command parameters | |
245 | * | |
246 | * @handle: handle of the VM to retrieve status | |
247 | * @policy: policy information for the VM | |
248 | * @asid: current ASID of the VM | |
249 | * @state: current state of the VM | |
250 | */ | |
251 | struct sev_data_guest_status { | |
252 | u32 handle; /* In */ | |
253 | u32 policy; /* Out */ | |
254 | u32 asid; /* Out */ | |
255 | u8 state; /* Out */ | |
256 | } __packed; | |
257 | ||
258 | /** | |
259 | * struct sev_data_launch_start - LAUNCH_START command parameters | |
260 | * | |
261 | * @handle: handle assigned to the VM | |
262 | * @policy: guest launch policy | |
263 | * @dh_cert_address: physical address of DH certificate blob | |
264 | * @dh_cert_len: len of DH certificate blob | |
265 | * @session_address: physical address of session parameters | |
266 | * @session_len: len of session parameters | |
267 | */ | |
268 | struct sev_data_launch_start { | |
269 | u32 handle; /* In/Out */ | |
270 | u32 policy; /* In */ | |
271 | u64 dh_cert_address; /* In */ | |
272 | u32 dh_cert_len; /* In */ | |
273 | u32 reserved; /* In */ | |
274 | u64 session_address; /* In */ | |
275 | u32 session_len; /* In */ | |
276 | } __packed; | |
277 | ||
278 | /** | |
279 | * struct sev_data_launch_update_data - LAUNCH_UPDATE_DATA command parameter | |
280 | * | |
281 | * @handle: handle of the VM to update | |
282 | * @len: len of memory to be encrypted | |
283 | * @address: physical address of memory region to encrypt | |
284 | */ | |
285 | struct sev_data_launch_update_data { | |
286 | u32 handle; /* In */ | |
287 | u32 reserved; | |
288 | u64 address; /* In */ | |
289 | u32 len; /* In */ | |
290 | } __packed; | |
291 | ||
292 | /** | |
293 | * struct sev_data_launch_update_vmsa - LAUNCH_UPDATE_VMSA command | |
294 | * | |
295 | * @handle: handle of the VM | |
296 | * @address: physical address of memory region to encrypt | |
297 | * @len: len of memory region to encrypt | |
298 | */ | |
299 | struct sev_data_launch_update_vmsa { | |
300 | u32 handle; /* In */ | |
301 | u32 reserved; | |
302 | u64 address; /* In */ | |
303 | u32 len; /* In */ | |
304 | } __packed; | |
305 | ||
306 | /** | |
307 | * struct sev_data_launch_measure - LAUNCH_MEASURE command parameters | |
308 | * | |
309 | * @handle: handle of the VM to process | |
310 | * @address: physical address containing the measurement blob | |
311 | * @len: len of measurement blob | |
312 | */ | |
313 | struct sev_data_launch_measure { | |
314 | u32 handle; /* In */ | |
315 | u32 reserved; | |
316 | u64 address; /* In */ | |
317 | u32 len; /* In/Out */ | |
318 | } __packed; | |
319 | ||
320 | /** | |
321 | * struct sev_data_launch_secret - LAUNCH_SECRET command parameters | |
322 | * | |
323 | * @handle: handle of the VM to process | |
324 | * @hdr_address: physical address containing the packet header | |
325 | * @hdr_len: len of packet header | |
326 | * @guest_address: system physical address of guest memory region | |
327 | * @guest_len: len of guest_paddr | |
328 | * @trans_address: physical address of transport memory buffer | |
329 | * @trans_len: len of transport memory buffer | |
330 | */ | |
331 | struct sev_data_launch_secret { | |
332 | u32 handle; /* In */ | |
333 | u32 reserved1; | |
334 | u64 hdr_address; /* In */ | |
335 | u32 hdr_len; /* In */ | |
336 | u32 reserved2; | |
337 | u64 guest_address; /* In */ | |
338 | u32 guest_len; /* In */ | |
339 | u32 reserved3; | |
340 | u64 trans_address; /* In */ | |
341 | u32 trans_len; /* In */ | |
342 | } __packed; | |
343 | ||
344 | /** | |
345 | * struct sev_data_launch_finish - LAUNCH_FINISH command parameters | |
346 | * | |
347 | * @handle: handle of the VM to process | |
348 | */ | |
349 | struct sev_data_launch_finish { | |
350 | u32 handle; /* In */ | |
351 | } __packed; | |
352 | ||
353 | /** | |
354 | * struct sev_data_send_start - SEND_START command parameters | |
355 | * | |
356 | * @handle: handle of the VM to process | |
357 | * @policy: policy information for the VM | |
358 | * @pdh_cert_address: physical address containing PDH certificate | |
359 | * @pdh_cert_len: len of PDH certificate | |
360 | * @plat_certs_address: physical address containing platform certificate | |
361 | * @plat_certs_len: len of platform certificate | |
362 | * @amd_certs_address: physical address containing AMD certificate | |
363 | * @amd_certs_len: len of AMD certificate | |
364 | * @session_address: physical address containing Session data | |
365 | * @session_len: len of session data | |
366 | */ | |
367 | struct sev_data_send_start { | |
368 | u32 handle; /* In */ | |
369 | u32 policy; /* Out */ | |
370 | u64 pdh_cert_address; /* In */ | |
371 | u32 pdh_cert_len; /* In */ | |
372 | u32 reserved1; | |
4cfdd47d BS |
373 | u64 plat_certs_address; /* In */ |
374 | u32 plat_certs_len; /* In */ | |
592d5e74 | 375 | u32 reserved2; |
4cfdd47d BS |
376 | u64 amd_certs_address; /* In */ |
377 | u32 amd_certs_len; /* In */ | |
592d5e74 BS |
378 | u32 reserved3; |
379 | u64 session_address; /* In */ | |
380 | u32 session_len; /* In/Out */ | |
381 | } __packed; | |
382 | ||
383 | /** | |
384 | * struct sev_data_send_update - SEND_UPDATE_DATA command | |
385 | * | |
386 | * @handle: handle of the VM to process | |
387 | * @hdr_address: physical address containing packet header | |
388 | * @hdr_len: len of packet header | |
389 | * @guest_address: physical address of guest memory region to send | |
390 | * @guest_len: len of guest memory region to send | |
391 | * @trans_address: physical address of host memory region | |
392 | * @trans_len: len of host memory region | |
393 | */ | |
394 | struct sev_data_send_update_data { | |
395 | u32 handle; /* In */ | |
396 | u32 reserved1; | |
397 | u64 hdr_address; /* In */ | |
398 | u32 hdr_len; /* In/Out */ | |
399 | u32 reserved2; | |
400 | u64 guest_address; /* In */ | |
401 | u32 guest_len; /* In */ | |
402 | u32 reserved3; | |
403 | u64 trans_address; /* In */ | |
404 | u32 trans_len; /* In */ | |
405 | } __packed; | |
406 | ||
407 | /** | |
408 | * struct sev_data_send_update - SEND_UPDATE_VMSA command | |
409 | * | |
410 | * @handle: handle of the VM to process | |
411 | * @hdr_address: physical address containing packet header | |
412 | * @hdr_len: len of packet header | |
413 | * @guest_address: physical address of guest memory region to send | |
414 | * @guest_len: len of guest memory region to send | |
415 | * @trans_address: physical address of host memory region | |
416 | * @trans_len: len of host memory region | |
417 | */ | |
418 | struct sev_data_send_update_vmsa { | |
419 | u32 handle; /* In */ | |
420 | u64 hdr_address; /* In */ | |
421 | u32 hdr_len; /* In/Out */ | |
422 | u32 reserved2; | |
423 | u64 guest_address; /* In */ | |
424 | u32 guest_len; /* In */ | |
425 | u32 reserved3; | |
426 | u64 trans_address; /* In */ | |
427 | u32 trans_len; /* In */ | |
428 | } __packed; | |
429 | ||
430 | /** | |
431 | * struct sev_data_send_finish - SEND_FINISH command parameters | |
432 | * | |
433 | * @handle: handle of the VM to process | |
434 | */ | |
435 | struct sev_data_send_finish { | |
436 | u32 handle; /* In */ | |
437 | } __packed; | |
438 | ||
5569e2e7 SR |
439 | /** |
440 | * struct sev_data_send_cancel - SEND_CANCEL command parameters | |
441 | * | |
442 | * @handle: handle of the VM to process | |
443 | */ | |
444 | struct sev_data_send_cancel { | |
445 | u32 handle; /* In */ | |
446 | } __packed; | |
447 | ||
592d5e74 BS |
448 | /** |
449 | * struct sev_data_receive_start - RECEIVE_START command parameters | |
450 | * | |
451 | * @handle: handle of the VM to perform receive operation | |
452 | * @pdh_cert_address: system physical address containing PDH certificate blob | |
453 | * @pdh_cert_len: len of PDH certificate blob | |
454 | * @session_address: system physical address containing session blob | |
455 | * @session_len: len of session blob | |
456 | */ | |
457 | struct sev_data_receive_start { | |
458 | u32 handle; /* In/Out */ | |
459 | u32 policy; /* In */ | |
460 | u64 pdh_cert_address; /* In */ | |
461 | u32 pdh_cert_len; /* In */ | |
462 | u32 reserved1; | |
463 | u64 session_address; /* In */ | |
464 | u32 session_len; /* In */ | |
465 | } __packed; | |
466 | ||
467 | /** | |
468 | * struct sev_data_receive_update_data - RECEIVE_UPDATE_DATA command parameters | |
469 | * | |
470 | * @handle: handle of the VM to update | |
471 | * @hdr_address: physical address containing packet header blob | |
472 | * @hdr_len: len of packet header | |
473 | * @guest_address: system physical address of guest memory region | |
474 | * @guest_len: len of guest memory region | |
475 | * @trans_address: system physical address of transport buffer | |
476 | * @trans_len: len of transport buffer | |
477 | */ | |
478 | struct sev_data_receive_update_data { | |
479 | u32 handle; /* In */ | |
480 | u32 reserved1; | |
481 | u64 hdr_address; /* In */ | |
482 | u32 hdr_len; /* In */ | |
483 | u32 reserved2; | |
484 | u64 guest_address; /* In */ | |
485 | u32 guest_len; /* In */ | |
486 | u32 reserved3; | |
487 | u64 trans_address; /* In */ | |
488 | u32 trans_len; /* In */ | |
489 | } __packed; | |
490 | ||
491 | /** | |
492 | * struct sev_data_receive_update_vmsa - RECEIVE_UPDATE_VMSA command parameters | |
493 | * | |
494 | * @handle: handle of the VM to update | |
495 | * @hdr_address: physical address containing packet header blob | |
496 | * @hdr_len: len of packet header | |
497 | * @guest_address: system physical address of guest memory region | |
498 | * @guest_len: len of guest memory region | |
499 | * @trans_address: system physical address of transport buffer | |
500 | * @trans_len: len of transport buffer | |
501 | */ | |
502 | struct sev_data_receive_update_vmsa { | |
503 | u32 handle; /* In */ | |
504 | u32 reserved1; | |
505 | u64 hdr_address; /* In */ | |
506 | u32 hdr_len; /* In */ | |
507 | u32 reserved2; | |
508 | u64 guest_address; /* In */ | |
509 | u32 guest_len; /* In */ | |
510 | u32 reserved3; | |
511 | u64 trans_address; /* In */ | |
512 | u32 trans_len; /* In */ | |
513 | } __packed; | |
514 | ||
515 | /** | |
516 | * struct sev_data_receive_finish - RECEIVE_FINISH command parameters | |
517 | * | |
518 | * @handle: handle of the VM to finish | |
519 | */ | |
520 | struct sev_data_receive_finish { | |
521 | u32 handle; /* In */ | |
522 | } __packed; | |
523 | ||
524 | /** | |
525 | * struct sev_data_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters | |
526 | * | |
527 | * @handle: handle of the VM to perform debug operation | |
528 | * @src_addr: source address of data to operate on | |
529 | * @dst_addr: destination address of data to operate on | |
530 | * @len: len of data to operate on | |
531 | */ | |
532 | struct sev_data_dbg { | |
533 | u32 handle; /* In */ | |
534 | u32 reserved; | |
535 | u64 src_addr; /* In */ | |
536 | u64 dst_addr; /* In */ | |
537 | u32 len; /* In */ | |
538 | } __packed; | |
539 | ||
2c07ded0 BS |
540 | /** |
541 | * struct sev_data_attestation_report - SEV_ATTESTATION_REPORT command parameters | |
542 | * | |
543 | * @handle: handle of the VM | |
544 | * @mnonce: a random nonce that will be included in the report. | |
545 | * @address: physical address where the report will be copied. | |
546 | * @len: length of the physical buffer. | |
547 | */ | |
548 | struct sev_data_attestation_report { | |
549 | u32 handle; /* In */ | |
550 | u32 reserved; | |
551 | u64 address; /* In */ | |
552 | u8 mnonce[16]; /* In */ | |
553 | u32 len; /* In/Out */ | |
554 | } __packed; | |
555 | ||
3a45dc2b BS |
556 | /** |
557 | * struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params | |
558 | * | |
559 | * @address: physical address of firmware image | |
560 | * @len: length of the firmware image | |
561 | */ | |
562 | struct sev_data_snp_download_firmware { | |
563 | u64 address; /* In */ | |
564 | u32 len; /* In */ | |
565 | } __packed; | |
566 | ||
567 | /** | |
568 | * struct sev_data_snp_activate - SNP_ACTIVATE command params | |
569 | * | |
570 | * @gctx_paddr: system physical address guest context page | |
571 | * @asid: ASID to bind to the guest | |
572 | */ | |
573 | struct sev_data_snp_activate { | |
574 | u64 gctx_paddr; /* In */ | |
575 | u32 asid; /* In */ | |
576 | } __packed; | |
577 | ||
578 | /** | |
579 | * struct sev_data_snp_addr - generic SNP command params | |
580 | * | |
581 | * @address: physical address of generic data param | |
582 | */ | |
583 | struct sev_data_snp_addr { | |
584 | u64 address; /* In/Out */ | |
585 | } __packed; | |
586 | ||
587 | /** | |
588 | * struct sev_data_snp_launch_start - SNP_LAUNCH_START command params | |
589 | * | |
590 | * @gctx_paddr: system physical address of guest context page | |
591 | * @policy: guest policy | |
592 | * @ma_gctx_paddr: system physical address of migration agent | |
593 | * @ma_en: the guest is associated with a migration agent | |
594 | * @imi_en: launch flow is launching an IMI (Incoming Migration Image) for the | |
595 | * purpose of guest-assisted migration. | |
596 | * @rsvd: reserved | |
597 | * @gosvw: guest OS-visible workarounds, as defined by hypervisor | |
598 | */ | |
599 | struct sev_data_snp_launch_start { | |
600 | u64 gctx_paddr; /* In */ | |
601 | u64 policy; /* In */ | |
602 | u64 ma_gctx_paddr; /* In */ | |
603 | u32 ma_en:1; /* In */ | |
604 | u32 imi_en:1; /* In */ | |
605 | u32 rsvd:30; | |
606 | u8 gosvw[16]; /* In */ | |
607 | } __packed; | |
608 | ||
609 | /* SNP support page type */ | |
610 | enum { | |
611 | SNP_PAGE_TYPE_NORMAL = 0x1, | |
612 | SNP_PAGE_TYPE_VMSA = 0x2, | |
613 | SNP_PAGE_TYPE_ZERO = 0x3, | |
614 | SNP_PAGE_TYPE_UNMEASURED = 0x4, | |
615 | SNP_PAGE_TYPE_SECRET = 0x5, | |
616 | SNP_PAGE_TYPE_CPUID = 0x6, | |
617 | ||
618 | SNP_PAGE_TYPE_MAX | |
619 | }; | |
620 | ||
621 | /** | |
622 | * struct sev_data_snp_launch_update - SNP_LAUNCH_UPDATE command params | |
623 | * | |
624 | * @gctx_paddr: system physical address of guest context page | |
625 | * @page_size: page size 0 indicates 4K and 1 indicates 2MB page | |
626 | * @page_type: encoded page type | |
627 | * @imi_page: indicates that this page is part of the IMI (Incoming Migration | |
628 | * Image) of the guest | |
629 | * @rsvd: reserved | |
630 | * @rsvd2: reserved | |
631 | * @address: system physical address of destination page to encrypt | |
632 | * @rsvd3: reserved | |
633 | * @vmpl1_perms: VMPL permission mask for VMPL1 | |
634 | * @vmpl2_perms: VMPL permission mask for VMPL2 | |
635 | * @vmpl3_perms: VMPL permission mask for VMPL3 | |
636 | * @rsvd4: reserved | |
637 | */ | |
638 | struct sev_data_snp_launch_update { | |
639 | u64 gctx_paddr; /* In */ | |
640 | u32 page_size:1; /* In */ | |
641 | u32 page_type:3; /* In */ | |
642 | u32 imi_page:1; /* In */ | |
643 | u32 rsvd:27; | |
644 | u32 rsvd2; | |
645 | u64 address; /* In */ | |
646 | u32 rsvd3:8; | |
647 | u32 vmpl1_perms:8; /* In */ | |
648 | u32 vmpl2_perms:8; /* In */ | |
649 | u32 vmpl3_perms:8; /* In */ | |
650 | u32 rsvd4; | |
651 | } __packed; | |
652 | ||
653 | /** | |
654 | * struct sev_data_snp_launch_finish - SNP_LAUNCH_FINISH command params | |
655 | * | |
656 | * @gctx_paddr: system physical address of guest context page | |
657 | * @id_block_paddr: system physical address of ID block | |
658 | * @id_auth_paddr: system physical address of ID block authentication structure | |
659 | * @id_block_en: indicates whether ID block is present | |
660 | * @auth_key_en: indicates whether author key is present in authentication structure | |
661 | * @rsvd: reserved | |
662 | * @host_data: host-supplied data for guest, not interpreted by firmware | |
663 | */ | |
664 | struct sev_data_snp_launch_finish { | |
665 | u64 gctx_paddr; | |
666 | u64 id_block_paddr; | |
667 | u64 id_auth_paddr; | |
668 | u8 id_block_en:1; | |
669 | u8 auth_key_en:1; | |
670 | u64 rsvd:62; | |
671 | u8 host_data[32]; | |
672 | } __packed; | |
673 | ||
674 | /** | |
675 | * struct sev_data_snp_guest_status - SNP_GUEST_STATUS command params | |
676 | * | |
677 | * @gctx_paddr: system physical address of guest context page | |
678 | * @address: system physical address of guest status page | |
679 | */ | |
680 | struct sev_data_snp_guest_status { | |
681 | u64 gctx_paddr; | |
682 | u64 address; | |
683 | } __packed; | |
684 | ||
685 | /** | |
686 | * struct sev_data_snp_page_reclaim - SNP_PAGE_RECLAIM command params | |
687 | * | |
688 | * @paddr: system physical address of page to be claimed. The 0th bit in the | |
689 | * address indicates the page size. 0h indicates 4KB and 1h indicates | |
690 | * 2MB page. | |
691 | */ | |
692 | struct sev_data_snp_page_reclaim { | |
693 | u64 paddr; | |
694 | } __packed; | |
695 | ||
696 | /** | |
697 | * struct sev_data_snp_page_unsmash - SNP_PAGE_UNSMASH command params | |
698 | * | |
699 | * @paddr: system physical address of page to be unsmashed. The 0th bit in the | |
700 | * address indicates the page size. 0h indicates 4 KB and 1h indicates | |
701 | * 2 MB page. | |
702 | */ | |
703 | struct sev_data_snp_page_unsmash { | |
704 | u64 paddr; | |
705 | } __packed; | |
706 | ||
707 | /** | |
708 | * struct sev_data_snp_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters | |
709 | * | |
710 | * @gctx_paddr: system physical address of guest context page | |
711 | * @src_addr: source address of data to operate on | |
712 | * @dst_addr: destination address of data to operate on | |
713 | */ | |
714 | struct sev_data_snp_dbg { | |
715 | u64 gctx_paddr; /* In */ | |
716 | u64 src_addr; /* In */ | |
717 | u64 dst_addr; /* In */ | |
718 | } __packed; | |
719 | ||
720 | /** | |
721 | * struct sev_data_snp_guest_request - SNP_GUEST_REQUEST command params | |
722 | * | |
723 | * @gctx_paddr: system physical address of guest context page | |
724 | * @req_paddr: system physical address of request page | |
725 | * @res_paddr: system physical address of response page | |
726 | */ | |
727 | struct sev_data_snp_guest_request { | |
728 | u64 gctx_paddr; /* In */ | |
729 | u64 req_paddr; /* In */ | |
730 | u64 res_paddr; /* In */ | |
731 | } __packed; | |
732 | ||
733 | /** | |
734 | * struct sev_data_snp_init_ex - SNP_INIT_EX structure | |
735 | * | |
736 | * @init_rmp: indicate that the RMP should be initialized. | |
737 | * @list_paddr_en: indicate that list_paddr is valid | |
738 | * @rsvd: reserved | |
739 | * @rsvd1: reserved | |
740 | * @list_paddr: system physical address of range list | |
741 | * @rsvd2: reserved | |
742 | */ | |
743 | struct sev_data_snp_init_ex { | |
744 | u32 init_rmp:1; | |
745 | u32 list_paddr_en:1; | |
746 | u32 rsvd:30; | |
747 | u32 rsvd1; | |
748 | u64 list_paddr; | |
749 | u8 rsvd2[48]; | |
750 | } __packed; | |
751 | ||
752 | /** | |
753 | * struct sev_data_range - RANGE structure | |
754 | * | |
755 | * @base: system physical address of first byte of range | |
756 | * @page_count: number of 4KB pages in this range | |
757 | * @rsvd: reserved | |
758 | */ | |
759 | struct sev_data_range { | |
760 | u64 base; | |
761 | u32 page_count; | |
762 | u32 rsvd; | |
763 | } __packed; | |
764 | ||
765 | /** | |
766 | * struct sev_data_range_list - RANGE_LIST structure | |
767 | * | |
768 | * @num_elements: number of elements in RANGE_ARRAY | |
769 | * @rsvd: reserved | |
770 | * @ranges: array of num_elements of type RANGE | |
771 | */ | |
772 | struct sev_data_range_list { | |
773 | u32 num_elements; | |
774 | u32 rsvd; | |
775 | struct sev_data_range ranges[]; | |
776 | } __packed; | |
777 | ||
778 | /** | |
779 | * struct sev_data_snp_shutdown_ex - SNP_SHUTDOWN_EX structure | |
780 | * | |
781 | * @len: length of the command buffer read by the PSP | |
782 | * @iommu_snp_shutdown: Disable enforcement of SNP in the IOMMU | |
783 | * @rsvd1: reserved | |
784 | */ | |
785 | struct sev_data_snp_shutdown_ex { | |
786 | u32 len; | |
787 | u32 iommu_snp_shutdown:1; | |
788 | u32 rsvd1:31; | |
789 | } __packed; | |
790 | ||
1ca5614b BS |
791 | /** |
792 | * struct sev_platform_init_args | |
793 | * | |
794 | * @error: SEV firmware error code | |
795 | * @probe: True if this is being called as part of CCP module probe, which | |
796 | * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed | |
797 | * unless psp_init_on_probe module param is set | |
798 | */ | |
799 | struct sev_platform_init_args { | |
800 | int error; | |
801 | bool probe; | |
802 | }; | |
803 | ||
fad133c7 TL |
804 | /** |
805 | * struct sev_data_snp_commit - SNP_COMMIT structure | |
806 | * | |
807 | * @len: length of the command buffer read by the PSP | |
808 | */ | |
809 | struct sev_data_snp_commit { | |
810 | u32 len; | |
811 | } __packed; | |
812 | ||
200664d5 BS |
813 | #ifdef CONFIG_CRYPTO_DEV_SP_PSP |
814 | ||
815 | /** | |
816 | * sev_platform_init - perform SEV INIT command | |
817 | * | |
1ca5614b | 818 | * @args: struct sev_platform_init_args to pass in arguments |
200664d5 BS |
819 | * |
820 | * Returns: | |
821 | * 0 if the SEV successfully processed the command | |
822 | * -%ENODEV if the SEV device is not available | |
823 | * -%ENOTSUPP if the SEV does not support SEV | |
824 | * -%ETIMEDOUT if the SEV command timed out | |
825 | * -%EIO if the SEV returned a non-zero return code | |
826 | */ | |
1ca5614b | 827 | int sev_platform_init(struct sev_platform_init_args *args); |
200664d5 BS |
828 | |
829 | /** | |
830 | * sev_platform_status - perform SEV PLATFORM_STATUS command | |
831 | * | |
832 | * @status: sev_user_data_status structure to be processed | |
833 | * @error: SEV command return code | |
834 | * | |
835 | * Returns: | |
836 | * 0 if the SEV successfully processed the command | |
837 | * -%ENODEV if the SEV device is not available | |
838 | * -%ENOTSUPP if the SEV does not support SEV | |
839 | * -%ETIMEDOUT if the SEV command timed out | |
840 | * -%EIO if the SEV returned a non-zero return code | |
841 | */ | |
842 | int sev_platform_status(struct sev_user_data_status *status, int *error); | |
843 | ||
844 | /** | |
845 | * sev_issue_cmd_external_user - issue SEV command by other driver with a file | |
846 | * handle. | |
847 | * | |
848 | * This function can be used by other drivers to issue a SEV command on | |
849 | * behalf of userspace. The caller must pass a valid SEV file descriptor | |
850 | * so that we know that it has access to SEV device. | |
851 | * | |
852 | * @filep - SEV device file pointer | |
853 | * @cmd - command to issue | |
854 | * @data - command buffer | |
855 | * @error: SEV command return code | |
856 | * | |
857 | * Returns: | |
858 | * 0 if the SEV successfully processed the command | |
859 | * -%ENODEV if the SEV device is not available | |
860 | * -%ENOTSUPP if the SEV does not support SEV | |
861 | * -%ETIMEDOUT if the SEV command timed out | |
862 | * -%EIO if the SEV returned a non-zero return code | |
863 | * -%EINVAL if the SEV file descriptor is not valid | |
864 | */ | |
865 | int sev_issue_cmd_external_user(struct file *filep, unsigned int id, | |
866 | void *data, int *error); | |
867 | ||
868 | /** | |
869 | * sev_guest_deactivate - perform SEV DEACTIVATE command | |
870 | * | |
871 | * @deactivate: sev_data_deactivate structure to be processed | |
872 | * @sev_ret: sev command return code | |
873 | * | |
874 | * Returns: | |
875 | * 0 if the sev successfully processed the command | |
876 | * -%ENODEV if the sev device is not available | |
877 | * -%ENOTSUPP if the sev does not support SEV | |
878 | * -%ETIMEDOUT if the sev command timed out | |
879 | * -%EIO if the sev returned a non-zero return code | |
880 | */ | |
881 | int sev_guest_deactivate(struct sev_data_deactivate *data, int *error); | |
882 | ||
883 | /** | |
884 | * sev_guest_activate - perform SEV ACTIVATE command | |
885 | * | |
886 | * @activate: sev_data_activate structure to be processed | |
887 | * @sev_ret: sev command return code | |
888 | * | |
889 | * Returns: | |
890 | * 0 if the sev successfully processed the command | |
891 | * -%ENODEV if the sev device is not available | |
892 | * -%ENOTSUPP if the sev does not support SEV | |
893 | * -%ETIMEDOUT if the sev command timed out | |
894 | * -%EIO if the sev returned a non-zero return code | |
895 | */ | |
896 | int sev_guest_activate(struct sev_data_activate *data, int *error); | |
897 | ||
898 | /** | |
899 | * sev_guest_df_flush - perform SEV DF_FLUSH command | |
900 | * | |
901 | * @sev_ret: sev command return code | |
902 | * | |
903 | * Returns: | |
904 | * 0 if the sev successfully processed the command | |
905 | * -%ENODEV if the sev device is not available | |
906 | * -%ENOTSUPP if the sev does not support SEV | |
907 | * -%ETIMEDOUT if the sev command timed out | |
908 | * -%EIO if the sev returned a non-zero return code | |
909 | */ | |
910 | int sev_guest_df_flush(int *error); | |
911 | ||
912 | /** | |
913 | * sev_guest_decommission - perform SEV DECOMMISSION command | |
914 | * | |
915 | * @decommission: sev_data_decommission structure to be processed | |
916 | * @sev_ret: sev command return code | |
917 | * | |
918 | * Returns: | |
919 | * 0 if the sev successfully processed the command | |
920 | * -%ENODEV if the sev device is not available | |
921 | * -%ENOTSUPP if the sev does not support SEV | |
922 | * -%ETIMEDOUT if the sev command timed out | |
923 | * -%EIO if the sev returned a non-zero return code | |
924 | */ | |
925 | int sev_guest_decommission(struct sev_data_decommission *data, int *error); | |
926 | ||
18085ac2 BS |
927 | /** |
928 | * sev_do_cmd - issue an SEV or an SEV-SNP command | |
929 | * | |
930 | * @cmd: SEV or SEV-SNP firmware command to issue | |
931 | * @data: arguments for firmware command | |
932 | * @psp_ret: SEV command return code | |
933 | * | |
934 | * Returns: | |
935 | * 0 if the SEV device successfully processed the command | |
936 | * -%ENODEV if the PSP device is not available | |
937 | * -%ENOTSUPP if PSP device does not support SEV | |
938 | * -%ETIMEDOUT if the SEV command timed out | |
939 | * -%EIO if PSP device returned a non-zero return code | |
940 | */ | |
941 | int sev_do_cmd(int cmd, void *data, int *psp_ret); | |
942 | ||
376bd28d | 943 | void *psp_copy_user_blob(u64 uaddr, u32 len); |
24512afa BS |
944 | void *snp_alloc_firmware_page(gfp_t mask); |
945 | void snp_free_firmware_page(void *addr); | |
7360e4b1 | 946 | |
200664d5 BS |
947 | #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ |
948 | ||
949 | static inline int | |
950 | sev_platform_status(struct sev_user_data_status *status, int *error) { return -ENODEV; } | |
951 | ||
1ca5614b | 952 | static inline int sev_platform_init(struct sev_platform_init_args *args) { return -ENODEV; } |
200664d5 BS |
953 | |
954 | static inline int | |
955 | sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; } | |
956 | ||
957 | static inline int | |
958 | sev_guest_decommission(struct sev_data_decommission *data, int *error) { return -ENODEV; } | |
959 | ||
18085ac2 BS |
960 | static inline int |
961 | sev_do_cmd(int cmd, void *data, int *psp_ret) { return -ENODEV; } | |
962 | ||
200664d5 BS |
963 | static inline int |
964 | sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; } | |
965 | ||
966 | static inline int sev_guest_df_flush(int *error) { return -ENODEV; } | |
967 | ||
968 | static inline int | |
969 | sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int *error) { return -ENODEV; } | |
970 | ||
7360e4b1 BS |
971 | static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } |
972 | ||
24512afa BS |
973 | static inline void *snp_alloc_firmware_page(gfp_t mask) |
974 | { | |
975 | return NULL; | |
976 | } | |
977 | ||
978 | static inline void snp_free_firmware_page(void *addr) { } | |
979 | ||
200664d5 BS |
980 | #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ |
981 | ||
592d5e74 | 982 | #endif /* __PSP_SEV_H__ */ |