lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Oct 2021 10:57:47 -0700 From: Peter Gonda <pgonda@...gle.com> To: thomas.lendacky@....com Cc: Peter Gonda <pgonda@...gle.com>, David Rientjes <rientjes@...gle.com>, Brijesh Singh <brijesh.singh@....com>, Marc Orr <marcorr@...gle.com>, Joerg Roedel <jroedel@...e.de>, Herbert Xu <herbert@...dor.apana.org.au>, John Allen <john.allen@....com>, "David S. Miller" <davem@...emloft.net>, Paolo Bonzini <pbonzini@...hat.com>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH 2/4] crypto: ccp - Move SEV_INIT retry for corrupted data This change moves the data corrupted retry of SEV_INIT into the __sev_platform_init_locked() function. This is for upcoming INIT_EX support as well as helping direct callers of __sev_platform_init_locked() which currently do not support the retry. Signed-off-by: Peter Gonda <pgonda@...gle.com> Acked-by: David Rientjes <rientjes@...gle.com> Cc: Tom Lendacky <thomas.lendacky@....com> Cc: Brijesh Singh <brijesh.singh@....com> Cc: Marc Orr <marcorr@...gle.com> Cc: Joerg Roedel <jroedel@...e.de> Cc: Herbert Xu <herbert@...dor.apana.org.au> Cc: David Rientjes <rientjes@...gle.com> Cc: John Allen <john.allen@....com> Cc: "David S. Miller" <davem@...emloft.net> Cc: Paolo Bonzini <pbonzini@...hat.com> ( Cc: linux-crypto@...r.kernel.org Cc: linux-kernel@...r.kernel.org --- drivers/crypto/ccp/sev-dev.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index ec89a82ba267..e4bc833949a0 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -267,6 +267,18 @@ static int __sev_platform_init_locked(int *error) } rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error); + if (rc && *error == SEV_RET_SECURE_DATA_INVALID) { + /* + * INIT command returned an integrity check failure + * status code, meaning that firmware load and + * validation of SEV related persistent data has + * failed and persistent state has been erased. + * Retrying INIT command here should succeed. + */ + dev_dbg(sev->dev, "SEV: retrying INIT command"); + rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error); + } + if (rc) return rc; @@ -1091,18 +1103,6 @@ void sev_pci_init(void) /* Initialize the platform */ rc = sev_platform_init(&error); - if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) { - /* - * INIT command returned an integrity check failure - * status code, meaning that firmware load and - * validation of SEV related persistent data has - * failed and persistent state has been erased. - * Retrying INIT command here should succeed. - */ - dev_dbg(sev->dev, "SEV: retrying INIT command"); - rc = sev_platform_init(&error); - } - if (rc) { dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", error, rc); -- 2.33.1.1089.g2158813163f-goog
Powered by blists - more mailing lists