| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Oct 2021 08:42:07 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Peter Gonda <pgonda@...gle.com>
Cc: David Rientjes <rientjes@...gle.com>,
Brijesh Singh <brijesh.singh@....com>,
Marc Orr <marcorr@...gle.com>, Joerg Roedel <jroedel@...e.de>,
Herbert Xu <herbert@...dor.apana.org.au>,
John Allen <john.allen@....com>,
"David S. Miller" <davem@...emloft.net>,
Paolo Bonzini <pbonzini@...hat.com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] crypto: ccp - Move SEV_INIT retry for corrupted data
On 10/28/21 12:57 PM, Peter Gonda wrote:
> This change moves the data corrupted retry of SEV_INIT into the
> __sev_platform_init_locked() function. This is for upcoming INIT_EX
> support as well as helping direct callers of
> __sev_platform_init_locked() which currently do not support the
> retry.
>
> Signed-off-by: Peter Gonda <pgonda@...gle.com>
> Acked-by: David Rientjes <rientjes@...gle.com>
> Cc: Tom Lendacky <thomas.lendacky@....com>
> Cc: Brijesh Singh <brijesh.singh@....com>
> Cc: Marc Orr <marcorr@...gle.com>
> Cc: Joerg Roedel <jroedel@...e.de>
> Cc: Herbert Xu <herbert@...dor.apana.org.au>
> Cc: David Rientjes <rientjes@...gle.com>
> Cc: John Allen <john.allen@....com>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Paolo Bonzini <pbonzini@...hat.com> (
> Cc: linux-crypto@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
Acked-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> drivers/crypto/ccp/sev-dev.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index ec89a82ba267..e4bc833949a0 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -267,6 +267,18 @@ static int __sev_platform_init_locked(int *error)
> }
>
> rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
> + if (rc && *error == SEV_RET_SECURE_DATA_INVALID) {
> + /*
> + * INIT command returned an integrity check failure
> + * status code, meaning that firmware load and
> + * validation of SEV related persistent data has
> + * failed and persistent state has been erased.
> + * Retrying INIT command here should succeed.
> + */
> + dev_dbg(sev->dev, "SEV: retrying INIT command");
> + rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
> + }
> +
> if (rc)
> return rc;
>
> @@ -1091,18 +1103,6 @@ void sev_pci_init(void)
>
> /* Initialize the platform */
> rc = sev_platform_init(&error);
> - if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
> - /*
> - * INIT command returned an integrity check failure
> - * status code, meaning that firmware load and
> - * validation of SEV related persistent data has
> - * failed and persistent state has been erased.
> - * Retrying INIT command here should succeed.
> - */
> - dev_dbg(sev->dev, "SEV: retrying INIT command");
> - rc = sev_platform_init(&error);
> - }
> -
> if (rc) {
> dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
> error, rc);
>
Powered by blists - more mailing lists