| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211028175749.1219188-3-pgonda@google.com>
Date: Thu, 28 Oct 2021 10:57:47 -0700
From: Peter Gonda <pgonda@...gle.com>
To: thomas.lendacky@....com
Cc: Peter Gonda <pgonda@...gle.com>,
David Rientjes <rientjes@...gle.com>,
Brijesh Singh <brijesh.singh@....com>,
Marc Orr <marcorr@...gle.com>, Joerg Roedel <jroedel@...e.de>,
Herbert Xu <herbert@...dor.apana.org.au>,
John Allen <john.allen@....com>,
"David S. Miller" <davem@...emloft.net>,
Paolo Bonzini <pbonzini@...hat.com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 2/4] crypto: ccp - Move SEV_INIT retry for corrupted data
This change moves the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.
Signed-off-by: Peter Gonda <pgonda@...gle.com>
Acked-by: David Rientjes <rientjes@...gle.com>
Cc: Tom Lendacky <thomas.lendacky@....com>
Cc: Brijesh Singh <brijesh.singh@....com>
Cc: Marc Orr <marcorr@...gle.com>
Cc: Joerg Roedel <jroedel@...e.de>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: David Rientjes <rientjes@...gle.com>
Cc: John Allen <john.allen@....com>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Paolo Bonzini <pbonzini@...hat.com> (
Cc: linux-crypto@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
---
drivers/crypto/ccp/sev-dev.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index ec89a82ba267..e4bc833949a0 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -267,6 +267,18 @@ static int __sev_platform_init_locked(int *error)
}
rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
+ if (rc && *error == SEV_RET_SECURE_DATA_INVALID) {
+ /*
+ * INIT command returned an integrity check failure
+ * status code, meaning that firmware load and
+ * validation of SEV related persistent data has
+ * failed and persistent state has been erased.
+ * Retrying INIT command here should succeed.
+ */
+ dev_dbg(sev->dev, "SEV: retrying INIT command");
+ rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
+ }
+
if (rc)
return rc;
@@ -1091,18 +1103,6 @@ void sev_pci_init(void)
/* Initialize the platform */
rc = sev_platform_init(&error);
- if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
- /*
- * INIT command returned an integrity check failure
- * status code, meaning that firmware load and
- * validation of SEV related persistent data has
- * failed and persistent state has been erased.
- * Retrying INIT command here should succeed.
- */
- dev_dbg(sev->dev, "SEV: retrying INIT command");
- rc = sev_platform_init(&error);
- }
-
if (rc) {
dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
error, rc);
--
2.33.1.1089.g2158813163f-goog
Powered by blists - more mailing lists