1. 13 Jul, 2018 1 commit
  2. 30 May, 2018 2 commits
  3. 16 Mar, 2018 1 commit
  4. 02 Mar, 2018 1 commit
  5. 24 Feb, 2018 1 commit
  6. 04 Dec, 2017 9 commits
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command · 76a2b524
      Brijesh Singh authored
      
      
      The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
      certificate chain. The command is defined in SEV spec section 5.10.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      76a2b524
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command · 7360e4b1
      Brijesh Singh authored
      
      
      The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
      certificate. The command is defined in SEV spec section 5.8.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      7360e4b1
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PEK_CSR ioctl command · e7990356
      Brijesh Singh authored
      
      
      The SEV_PEK_CSR command can be used to generate a PEK certificate
      signing request. The command is defined in SEV spec section 5.7.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      e7990356
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PDH_GEN ioctl command · 77f65327
      Brijesh Singh authored
      
      
      The SEV_PDH_GEN command is used to re-generate the Platform
      Diffie-Hellman (PDH) key. The command is defined in SEV spec section
      5.6.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      77f65327
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PEK_GEN ioctl command · 4d84b726
      Brijesh Singh authored
      
      
      The SEV_PEK_GEN command is used to generate a new Platform Endorsement
      Key (PEK). The command is defined in SEV spec section 5.6.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      4d84b726
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command · efe1829b
      Brijesh Singh authored
      
      
      The SEV_PLATFORM_STATUS command can be used by the platform owner to
      get the current status of the platform. The command is defined in
      SEV spec section 5.5.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Acked-by: default avatarGary R Hook <gary.hook@amd.com>
      efe1829b
    • Brijesh Singh's avatar
      crypto: ccp: Implement SEV_FACTORY_RESET ioctl command · 2960f9a5
      Brijesh Singh authored
      
      
      The SEV_FACTORY_RESET command can be used by the platform owner to
      reset the non-volatile SEV related data. The command is defined in
      SEV spec section 5.4
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      2960f9a5
    • Brijesh Singh's avatar
      crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support · 200664d5
      Brijesh Singh authored
      AMD's new Secure Encrypted Virtualization (SEV) feature allows the
      memory contents of virtual machines to be transparently encrypted with a
      key unique to the VM. The programming and management of the encryption
      keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
      commands for these tasks. The complete spec is available at:
      
      http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
      
      
      
      Extend the AMD-SP driver to provide the following support:
      
       - an in-kernel API to communicate with the SEV firmware. The API can be
         used by the hypervisor to create encryption context for a SEV guest.
      
       - a userspace IOCTL to manage the platform certificates.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      200664d5
    • Brijesh Singh's avatar
      crypto: ccp: Add Platform Security Processor (PSP) device support · 2a6170df
      Brijesh Singh authored
      
      
      The Platform Security Processor (PSP) is part of the AMD Secure
      Processor (AMD-SP) functionality. The PSP is a dedicated processor
      that provides support for key management commands in Secure Encrypted
      Virtualization (SEV) mode, along with software-based Trusted Execution
      Environment (TEE) to enable third-party trusted applications.
      
      Note that the key management functionality provided by the SEV firmware
      can be used outside of the kvm-amd driver hence it doesn't need to
      depend on CONFIG_KVM_AMD.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Gary Hook <gary.hook@amd.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Improvements-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      2a6170df