include/linux/psp-sev.h

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /*
   3  * AMD Secure Encrypted Virtualization (SEV) driver interface
   4  *
   5  * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
   6  *
   7  * Author: Brijesh Singh <brijesh.singh@amd.com>
   8  *
   9  * SEV API spec is available at https://developer.amd.com/sev
  10  */
  11
  12 #ifndef __PSP_SEV_H__
  13 #define __PSP_SEV_H__
  14
  15 #include <uapi/linux/psp-sev.h>
  16
  17 #define SEV_FW_BLOB_MAX_SIZE    0x4000  /* 16KB */
  18
  19 /**
  20  * SEV platform state
  21  */
  22 enum sev_state {
  23         SEV_STATE_UNINIT                = 0x0,
  24         SEV_STATE_INIT                  = 0x1,
  25         SEV_STATE_WORKING               = 0x2,
  26
  27         SEV_STATE_MAX
  28 };
  29
  30 /**
  31  * SEV platform and guest management commands
  32  */
  33 enum sev_cmd {
  34         /* platform commands */
  35         SEV_CMD_INIT                    = 0x001,
  36         SEV_CMD_SHUTDOWN                = 0x002,
  37         SEV_CMD_FACTORY_RESET           = 0x003,
  38         SEV_CMD_PLATFORM_STATUS         = 0x004,
  39         SEV_CMD_PEK_GEN                 = 0x005,
  40         SEV_CMD_PEK_CSR                 = 0x006,
  41         SEV_CMD_PEK_CERT_IMPORT         = 0x007,
  42         SEV_CMD_PDH_CERT_EXPORT         = 0x008,
  43         SEV_CMD_PDH_GEN                 = 0x009,
  44         SEV_CMD_DF_FLUSH                = 0x00A,
  45         SEV_CMD_DOWNLOAD_FIRMWARE       = 0x00B,
  46         SEV_CMD_GET_ID                  = 0x00C,
  47         SEV_CMD_INIT_EX                 = 0x00D,
  48
  49         /* Guest commands */
  50         SEV_CMD_DECOMMISSION            = 0x020,
  51         SEV_CMD_ACTIVATE                = 0x021,
  52         SEV_CMD_DEACTIVATE              = 0x022,
  53         SEV_CMD_GUEST_STATUS            = 0x023,
  54
  55         /* Guest launch commands */
  56         SEV_CMD_LAUNCH_START            = 0x030,
  57         SEV_CMD_LAUNCH_UPDATE_DATA      = 0x031,
  58         SEV_CMD_LAUNCH_UPDATE_VMSA      = 0x032,
  59         SEV_CMD_LAUNCH_MEASURE          = 0x033,
  60         SEV_CMD_LAUNCH_UPDATE_SECRET    = 0x034,
  61         SEV_CMD_LAUNCH_FINISH           = 0x035,
  62         SEV_CMD_ATTESTATION_REPORT      = 0x036,
  63
  64         /* Guest migration commands (outgoing) */
  65         SEV_CMD_SEND_START              = 0x040,
  66         SEV_CMD_SEND_UPDATE_DATA        = 0x041,
  67         SEV_CMD_SEND_UPDATE_VMSA        = 0x042,
  68         SEV_CMD_SEND_FINISH             = 0x043,
  69         SEV_CMD_SEND_CANCEL             = 0x044,
  70
  71         /* Guest migration commands (incoming) */
  72         SEV_CMD_RECEIVE_START           = 0x050,
  73         SEV_CMD_RECEIVE_UPDATE_DATA     = 0x051,
  74         SEV_CMD_RECEIVE_UPDATE_VMSA     = 0x052,
  75         SEV_CMD_RECEIVE_FINISH          = 0x053,
  76
  77         /* Guest debug commands */
  78         SEV_CMD_DBG_DECRYPT             = 0x060,
  79         SEV_CMD_DBG_ENCRYPT             = 0x061,
  80
  81         SEV_CMD_MAX,
  82 };
  83
  84 /**
  85  * struct sev_data_init - INIT command parameters
  86  *
  87  * @flags: processing flags
  88  * @tmr_address: system physical address used for SEV-ES
  89  * @tmr_len: len of tmr_address
  90  */
  91 struct sev_data_init {
  92         u32 flags;                      /* In */
  93         u32 reserved;                   /* In */
  94         u64 tmr_address;                /* In */
  95         u32 tmr_len;                    /* In */
  96 } __packed;
  97
  98 /**
  99  * struct sev_data_init_ex - INIT_EX command parameters
 100  *
 101  * @length: len of the command buffer read by the PSP
 102  * @flags: processing flags
 103  * @tmr_address: system physical address used for SEV-ES
 104  * @tmr_len: len of tmr_address
 105  * @nv_address: system physical address used for PSP NV storage
 106  * @nv_len: len of nv_address
 107  */
 108 struct sev_data_init_ex {
 109         u32 length;                     /* In */
 110         u32 flags;                      /* In */
 111         u64 tmr_address;                /* In */
 112         u32 tmr_len;                    /* In */
 113         u32 reserved;                   /* In */
 114         u64 nv_address;                 /* In/Out */
 115         u32 nv_len;                     /* In */
 116 } __packed;
 117
 118 #define SEV_INIT_FLAGS_SEV_ES   0x01
 119
 120 /**
 121  * struct sev_data_pek_csr - PEK_CSR command parameters
 122  *
 123  * @address: PEK certificate chain
 124  * @len: len of certificate
 125  */
 126 struct sev_data_pek_csr {
 127         u64 address;                            /* In */
 128         u32 len;                                /* In/Out */
 129 } __packed;
 130
 131 /**
 132  * struct sev_data_cert_import - PEK_CERT_IMPORT command parameters
 133  *
 134  * @pek_address: PEK certificate chain
 135  * @pek_len: len of PEK certificate
 136  * @oca_address: OCA certificate chain
 137  * @oca_len: len of OCA certificate
 138  */
 139 struct sev_data_pek_cert_import {
 140         u64 pek_cert_address;                   /* In */
 141         u32 pek_cert_len;                       /* In */
 142         u32 reserved;                           /* In */
 143         u64 oca_cert_address;                   /* In */
 144         u32 oca_cert_len;                       /* In */
 145 } __packed;
 146
 147 /**
 148  * struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters
 149  *
 150  * @address: physical address of firmware image
 151  * @len: len of the firmware image
 152  */
 153 struct sev_data_download_firmware {
 154         u64 address;                            /* In */
 155         u32 len;                                /* In */
 156 } __packed;
 157
 158 /**
 159  * struct sev_data_get_id - GET_ID command parameters
 160  *
 161  * @address: physical address of region to place unique CPU ID(s)
 162  * @len: len of the region
 163  */
 164 struct sev_data_get_id {
 165         u64 address;                            /* In */
 166         u32 len;                                /* In/Out */
 167 } __packed;
 168 /**
 169  * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
 170  *
 171  * @pdh_address: PDH certificate address
 172  * @pdh_len: len of PDH certificate
 173  * @cert_chain_address: PDH certificate chain
 174  * @cert_chain_len: len of PDH certificate chain
 175  */
 176 struct sev_data_pdh_cert_export {
 177         u64 pdh_cert_address;                   /* In */
 178         u32 pdh_cert_len;                       /* In/Out */
 179         u32 reserved;                           /* In */
 180         u64 cert_chain_address;                 /* In */
 181         u32 cert_chain_len;                     /* In/Out */
 182 } __packed;
 183
 184 /**
 185  * struct sev_data_decommission - DECOMMISSION command parameters
 186  *
 187  * @handle: handle of the VM to decommission
 188  */
 189 struct sev_data_decommission {
 190         u32 handle;                             /* In */
 191 } __packed;
 192
 193 /**
 194  * struct sev_data_activate - ACTIVATE command parameters
 195  *
 196  * @handle: handle of the VM to activate
 197  * @asid: asid assigned to the VM
 198  */
 199 struct sev_data_activate {
 200         u32 handle;                             /* In */
 201         u32 asid;                               /* In */
 202 } __packed;
 203
 204 /**
 205  * struct sev_data_deactivate - DEACTIVATE command parameters
 206  *
 207  * @handle: handle of the VM to deactivate
 208  */
 209 struct sev_data_deactivate {
 210         u32 handle;                             /* In */
 211 } __packed;
 212
 213 /**
 214  * struct sev_data_guest_status - SEV GUEST_STATUS command parameters
 215  *
 216  * @handle: handle of the VM to retrieve status
 217  * @policy: policy information for the VM
 218  * @asid: current ASID of the VM
 219  * @state: current state of the VM
 220  */
 221 struct sev_data_guest_status {
 222         u32 handle;                             /* In */
 223         u32 policy;                             /* Out */
 224         u32 asid;                               /* Out */
 225         u8 state;                               /* Out */
 226 } __packed;
 227
 228 /**
 229  * struct sev_data_launch_start - LAUNCH_START command parameters
 230  *
 231  * @handle: handle assigned to the VM
 232  * @policy: guest launch policy
 233  * @dh_cert_address: physical address of DH certificate blob
 234  * @dh_cert_len: len of DH certificate blob
 235  * @session_address: physical address of session parameters
 236  * @session_len: len of session parameters
 237  */
 238 struct sev_data_launch_start {
 239         u32 handle;                             /* In/Out */
 240         u32 policy;                             /* In */
 241         u64 dh_cert_address;                    /* In */
 242         u32 dh_cert_len;                        /* In */
 243         u32 reserved;                           /* In */
 244         u64 session_address;                    /* In */
 245         u32 session_len;                        /* In */
 246 } __packed;
 247
 248 /**
 249  * struct sev_data_launch_update_data - LAUNCH_UPDATE_DATA command parameter
 250  *
 251  * @handle: handle of the VM to update
 252  * @len: len of memory to be encrypted
 253  * @address: physical address of memory region to encrypt
 254  */
 255 struct sev_data_launch_update_data {
 256         u32 handle;                             /* In */
 257         u32 reserved;
 258         u64 address;                            /* In */
 259         u32 len;                                /* In */
 260 } __packed;
 261
 262 /**
 263  * struct sev_data_launch_update_vmsa - LAUNCH_UPDATE_VMSA command
 264  *
 265  * @handle: handle of the VM
 266  * @address: physical address of memory region to encrypt
 267  * @len: len of memory region to encrypt
 268  */
 269 struct sev_data_launch_update_vmsa {
 270         u32 handle;                             /* In */
 271         u32 reserved;
 272         u64 address;                            /* In */
 273         u32 len;                                /* In */
 274 } __packed;
 275
 276 /**
 277  * struct sev_data_launch_measure - LAUNCH_MEASURE command parameters
 278  *
 279  * @handle: handle of the VM to process
 280  * @address: physical address containing the measurement blob
 281  * @len: len of measurement blob
 282  */
 283 struct sev_data_launch_measure {
 284         u32 handle;                             /* In */
 285         u32 reserved;
 286         u64 address;                            /* In */
 287         u32 len;                                /* In/Out */
 288 } __packed;
 289
 290 /**
 291  * struct sev_data_launch_secret - LAUNCH_SECRET command parameters
 292  *
 293  * @handle: handle of the VM to process
 294  * @hdr_address: physical address containing the packet header
 295  * @hdr_len: len of packet header
 296  * @guest_address: system physical address of guest memory region
 297  * @guest_len: len of guest_paddr
 298  * @trans_address: physical address of transport memory buffer
 299  * @trans_len: len of transport memory buffer
 300  */
 301 struct sev_data_launch_secret {
 302         u32 handle;                             /* In */
 303         u32 reserved1;
 304         u64 hdr_address;                        /* In */
 305         u32 hdr_len;                            /* In */
 306         u32 reserved2;
 307         u64 guest_address;                      /* In */
 308         u32 guest_len;                          /* In */
 309         u32 reserved3;
 310         u64 trans_address;                      /* In */
 311         u32 trans_len;                          /* In */
 312 } __packed;
 313
 314 /**
 315  * struct sev_data_launch_finish - LAUNCH_FINISH command parameters
 316  *
 317  * @handle: handle of the VM to process
 318  */
 319 struct sev_data_launch_finish {
 320         u32 handle;                             /* In */
 321 } __packed;
 322
 323 /**
 324  * struct sev_data_send_start - SEND_START command parameters
 325  *
 326  * @handle: handle of the VM to process
 327  * @policy: policy information for the VM
 328  * @pdh_cert_address: physical address containing PDH certificate
 329  * @pdh_cert_len: len of PDH certificate
 330  * @plat_certs_address: physical address containing platform certificate
 331  * @plat_certs_len: len of platform certificate
 332  * @amd_certs_address: physical address containing AMD certificate
 333  * @amd_certs_len: len of AMD certificate
 334  * @session_address: physical address containing Session data
 335  * @session_len: len of session data
 336  */
 337 struct sev_data_send_start {
 338         u32 handle;                             /* In */
 339         u32 policy;                             /* Out */
 340         u64 pdh_cert_address;                   /* In */
 341         u32 pdh_cert_len;                       /* In */
 342         u32 reserved1;
 343         u64 plat_certs_address;                 /* In */
 344         u32 plat_certs_len;                     /* In */
 345         u32 reserved2;
 346         u64 amd_certs_address;                  /* In */
 347         u32 amd_certs_len;                      /* In */
 348         u32 reserved3;
 349         u64 session_address;                    /* In */
 350         u32 session_len;                        /* In/Out */
 351 } __packed;
 352
 353 /**
 354  * struct sev_data_send_update - SEND_UPDATE_DATA command
 355  *
 356  * @handle: handle of the VM to process
 357  * @hdr_address: physical address containing packet header
 358  * @hdr_len: len of packet header
 359  * @guest_address: physical address of guest memory region to send
 360  * @guest_len: len of guest memory region to send
 361  * @trans_address: physical address of host memory region
 362  * @trans_len: len of host memory region
 363  */
 364 struct sev_data_send_update_data {
 365         u32 handle;                             /* In */
 366         u32 reserved1;
 367         u64 hdr_address;                        /* In */
 368         u32 hdr_len;                            /* In/Out */
 369         u32 reserved2;
 370         u64 guest_address;                      /* In */
 371         u32 guest_len;                          /* In */
 372         u32 reserved3;
 373         u64 trans_address;                      /* In */
 374         u32 trans_len;                          /* In */
 375 } __packed;
 376
 377 /**
 378  * struct sev_data_send_update - SEND_UPDATE_VMSA command
 379  *
 380  * @handle: handle of the VM to process
 381  * @hdr_address: physical address containing packet header
 382  * @hdr_len: len of packet header
 383  * @guest_address: physical address of guest memory region to send
 384  * @guest_len: len of guest memory region to send
 385  * @trans_address: physical address of host memory region
 386  * @trans_len: len of host memory region
 387  */
 388 struct sev_data_send_update_vmsa {
 389         u32 handle;                             /* In */
 390         u64 hdr_address;                        /* In */
 391         u32 hdr_len;                            /* In/Out */
 392         u32 reserved2;
 393         u64 guest_address;                      /* In */
 394         u32 guest_len;                          /* In */
 395         u32 reserved3;
 396         u64 trans_address;                      /* In */
 397         u32 trans_len;                          /* In */
 398 } __packed;
 399
 400 /**
 401  * struct sev_data_send_finish - SEND_FINISH command parameters
 402  *
 403  * @handle: handle of the VM to process
 404  */
 405 struct sev_data_send_finish {
 406         u32 handle;                             /* In */
 407 } __packed;
 408
 409 /**
 410  * struct sev_data_send_cancel - SEND_CANCEL command parameters
 411  *
 412  * @handle: handle of the VM to process
 413  */
 414 struct sev_data_send_cancel {
 415         u32 handle;                             /* In */
 416 } __packed;
 417
 418 /**
 419  * struct sev_data_receive_start - RECEIVE_START command parameters
 420  *
 421  * @handle: handle of the VM to perform receive operation
 422  * @pdh_cert_address: system physical address containing PDH certificate blob
 423  * @pdh_cert_len: len of PDH certificate blob
 424  * @session_address: system physical address containing session blob
 425  * @session_len: len of session blob
 426  */
 427 struct sev_data_receive_start {
 428         u32 handle;                             /* In/Out */
 429         u32 policy;                             /* In */
 430         u64 pdh_cert_address;                   /* In */
 431         u32 pdh_cert_len;                       /* In */
 432         u32 reserved1;
 433         u64 session_address;                    /* In */
 434         u32 session_len;                        /* In */
 435 } __packed;
 436
 437 /**
 438  * struct sev_data_receive_update_data - RECEIVE_UPDATE_DATA command parameters
 439  *
 440  * @handle: handle of the VM to update
 441  * @hdr_address: physical address containing packet header blob
 442  * @hdr_len: len of packet header
 443  * @guest_address: system physical address of guest memory region
 444  * @guest_len: len of guest memory region
 445  * @trans_address: system physical address of transport buffer
 446  * @trans_len: len of transport buffer
 447  */
 448 struct sev_data_receive_update_data {
 449         u32 handle;                             /* In */
 450         u32 reserved1;
 451         u64 hdr_address;                        /* In */
 452         u32 hdr_len;                            /* In */
 453         u32 reserved2;
 454         u64 guest_address;                      /* In */
 455         u32 guest_len;                          /* In */
 456         u32 reserved3;
 457         u64 trans_address;                      /* In */
 458         u32 trans_len;                          /* In */
 459 } __packed;
 460
 461 /**
 462  * struct sev_data_receive_update_vmsa - RECEIVE_UPDATE_VMSA command parameters
 463  *
 464  * @handle: handle of the VM to update
 465  * @hdr_address: physical address containing packet header blob
 466  * @hdr_len: len of packet header
 467  * @guest_address: system physical address of guest memory region
 468  * @guest_len: len of guest memory region
 469  * @trans_address: system physical address of transport buffer
 470  * @trans_len: len of transport buffer
 471  */
 472 struct sev_data_receive_update_vmsa {
 473         u32 handle;                             /* In */
 474         u32 reserved1;
 475         u64 hdr_address;                        /* In */
 476         u32 hdr_len;                            /* In */
 477         u32 reserved2;
 478         u64 guest_address;                      /* In */
 479         u32 guest_len;                          /* In */
 480         u32 reserved3;
 481         u64 trans_address;                      /* In */
 482         u32 trans_len;                          /* In */
 483 } __packed;
 484
 485 /**
 486  * struct sev_data_receive_finish - RECEIVE_FINISH command parameters
 487  *
 488  * @handle: handle of the VM to finish
 489  */
 490 struct sev_data_receive_finish {
 491         u32 handle;                             /* In */
 492 } __packed;
 493
 494 /**
 495  * struct sev_data_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters
 496  *
 497  * @handle: handle of the VM to perform debug operation
 498  * @src_addr: source address of data to operate on
 499  * @dst_addr: destination address of data to operate on
 500  * @len: len of data to operate on
 501  */
 502 struct sev_data_dbg {
 503         u32 handle;                             /* In */
 504         u32 reserved;
 505         u64 src_addr;                           /* In */
 506         u64 dst_addr;                           /* In */
 507         u32 len;                                /* In */
 508 } __packed;
 509
 510 /**
 511  * struct sev_data_attestation_report - SEV_ATTESTATION_REPORT command parameters
 512  *
 513  * @handle: handle of the VM
 514  * @mnonce: a random nonce that will be included in the report.
 515  * @address: physical address where the report will be copied.
 516  * @len: length of the physical buffer.
 517  */
 518 struct sev_data_attestation_report {
 519         u32 handle;                             /* In */
 520         u32 reserved;
 521         u64 address;                            /* In */
 522         u8 mnonce[16];                          /* In */
 523         u32 len;                                /* In/Out */
 524 } __packed;
 525
 526 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
 527
 528 /**
 529  * sev_platform_init - perform SEV INIT command
 530  *
 531  * @error: SEV command return code
 532  *
 533  * Returns:
 534  * 0 if the SEV successfully processed the command
 535  * -%ENODEV    if the SEV device is not available
 536  * -%ENOTSUPP  if the SEV does not support SEV
 537  * -%ETIMEDOUT if the SEV command timed out
 538  * -%EIO       if the SEV returned a non-zero return code
 539  */
 540 int sev_platform_init(int *error);
 541
 542 /**
 543  * sev_platform_status - perform SEV PLATFORM_STATUS command
 544  *
 545  * @status: sev_user_data_status structure to be processed
 546  * @error: SEV command return code
 547  *
 548  * Returns:
 549  * 0 if the SEV successfully processed the command
 550  * -%ENODEV    if the SEV device is not available
 551  * -%ENOTSUPP  if the SEV does not support SEV
 552  * -%ETIMEDOUT if the SEV command timed out
 553  * -%EIO       if the SEV returned a non-zero return code
 554  */
 555 int sev_platform_status(struct sev_user_data_status *status, int *error);
 556
 557 /**
 558  * sev_issue_cmd_external_user - issue SEV command by other driver with a file
 559  * handle.
 560  *
 561  * This function can be used by other drivers to issue a SEV command on
 562  * behalf of userspace. The caller must pass a valid SEV file descriptor
 563  * so that we know that it has access to SEV device.
 564  *
 565  * @filep - SEV device file pointer
 566  * @cmd - command to issue
 567  * @data - command buffer
 568  * @error: SEV command return code
 569  *
 570  * Returns:
 571  * 0 if the SEV successfully processed the command
 572  * -%ENODEV    if the SEV device is not available
 573  * -%ENOTSUPP  if the SEV does not support SEV
 574  * -%ETIMEDOUT if the SEV command timed out
 575  * -%EIO       if the SEV returned a non-zero return code
 576  * -%EINVAL    if the SEV file descriptor is not valid
 577  */
 578 int sev_issue_cmd_external_user(struct file *filep, unsigned int id,
 579                                 void *data, int *error);
 580
 581 /**
 582  * sev_guest_deactivate - perform SEV DEACTIVATE command
 583  *
 584  * @deactivate: sev_data_deactivate structure to be processed
 585  * @sev_ret: sev command return code
 586  *
 587  * Returns:
 588  * 0 if the sev successfully processed the command
 589  * -%ENODEV    if the sev device is not available
 590  * -%ENOTSUPP  if the sev does not support SEV
 591  * -%ETIMEDOUT if the sev command timed out
 592  * -%EIO       if the sev returned a non-zero return code
 593  */
 594 int sev_guest_deactivate(struct sev_data_deactivate *data, int *error);
 595
 596 /**
 597  * sev_guest_activate - perform SEV ACTIVATE command
 598  *
 599  * @activate: sev_data_activate structure to be processed
 600  * @sev_ret: sev command return code
 601  *
 602  * Returns:
 603  * 0 if the sev successfully processed the command
 604  * -%ENODEV    if the sev device is not available
 605  * -%ENOTSUPP  if the sev does not support SEV
 606  * -%ETIMEDOUT if the sev command timed out
 607  * -%EIO       if the sev returned a non-zero return code
 608  */
 609 int sev_guest_activate(struct sev_data_activate *data, int *error);
 610
 611 /**
 612  * sev_guest_df_flush - perform SEV DF_FLUSH command
 613  *
 614  * @sev_ret: sev command return code
 615  *
 616  * Returns:
 617  * 0 if the sev successfully processed the command
 618  * -%ENODEV    if the sev device is not available
 619  * -%ENOTSUPP  if the sev does not support SEV
 620  * -%ETIMEDOUT if the sev command timed out
 621  * -%EIO       if the sev returned a non-zero return code
 622  */
 623 int sev_guest_df_flush(int *error);
 624
 625 /**
 626  * sev_guest_decommission - perform SEV DECOMMISSION command
 627  *
 628  * @decommission: sev_data_decommission structure to be processed
 629  * @sev_ret: sev command return code
 630  *
 631  * Returns:
 632  * 0 if the sev successfully processed the command
 633  * -%ENODEV    if the sev device is not available
 634  * -%ENOTSUPP  if the sev does not support SEV
 635  * -%ETIMEDOUT if the sev command timed out
 636  * -%EIO       if the sev returned a non-zero return code
 637  */
 638 int sev_guest_decommission(struct sev_data_decommission *data, int *error);
 639
 640 void *psp_copy_user_blob(u64 uaddr, u32 len);
 641
 642 #else   /* !CONFIG_CRYPTO_DEV_SP_PSP */
 643
 644 static inline int
 645 sev_platform_status(struct sev_user_data_status *status, int *error) { return -ENODEV; }
 646
 647 static inline int sev_platform_init(int *error) { return -ENODEV; }
 648
 649 static inline int
 650 sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; }
 651
 652 static inline int
 653 sev_guest_decommission(struct sev_data_decommission *data, int *error) { return -ENODEV; }
 654
 655 static inline int
 656 sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; }
 657
 658 static inline int sev_guest_df_flush(int *error) { return -ENODEV; }
 659
 660 static inline int
 661 sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int *error) { return -ENODEV; }
 662
 663 static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); }
 664
 665 #endif  /* CONFIG_CRYPTO_DEV_SP_PSP */
 666
 667 #endif  /* __PSP_SEV_H__ */