| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f1675b6e-fb57-0331-7c39-ebf14f1d0f16@amd.com>
Date: Mon, 20 Feb 2023 08:49:57 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>,
linux-kernel@...r.kernel.org
Cc: Brijesh Singh <brijesh.singh@....com>,
"Kalra, Ashish" <ashish.kalra@....com>,
linux-crypto@...r.kernel.org,
"Rafael J. Wysocki" <rafael@...nel.org>,
Len Brown <lenb@...nel.org>, linux-acpi@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
Subject: Re: [PATCH v2 0/8] Support ACPI PSP on Hyper-V
On 2/13/23 03:24, Jeremi Piotrowski wrote:
> This patch series introduces support for discovering AMD's PSP from an ACPI
> table and extends the CCP driver to allow binding to that device on x86. This
> method of PSP discovery is used on Hyper-V when SNP isolation support is
> exposed to the guest. There is no ACPI node associated with this PSP, so after
> parsing the ASPT it is registered with the system as a platform_device.
>
> I thought about putting psp.c in arch/x86/coco, but that directory is meant for
> the (confidential) guest side of CoCo, not the supporting host side code.
> It was kept in arch/x86/kernel because configuring the irq for the PSP through
> the ACPI interface requires poking at bits from the architectural vector
> domain.
>
> This series is a prerequisite for nested SNP-host support on Hyper-V but is
> independent of the SNP-host support patch set. Hyper-V only supports nested
> SEV-SNP (not SEV or SEV-ES) so the PSP only supports a subset of the full PSP
> command set. Without SNP-host support (which is not upstream yet), the only
> PSP command that will succeed is SEV_PLATFORM_STATUS.
>
For the series:
Acked-by: Tom Lendacky <thomas.lendacky@....com>
Probably want Boris to weigh in on whether he wants the new psp.c file
located in arch/x86/kernel, though.
> Changes since v1:
> * move platform_device_add_data() call to commit that introduces psp device
> * change psp dependency from CONFIG_AMD_MEM_ENCRYPT to CONFIG_KVM_AMD_SEV
> * add blank lines, s/plat/platform/, remove variable initializers before first
> use, remove masking/shifting where not needed
> * dynamically allocate sev_vdata/psp_vdata structs instead of overwriting static
> variables
>
> Jeremi Piotrowski (8):
> include/acpi: add definition of ASPT table
> ACPI: ASPT: Add helper to parse table
> x86/psp: Register PSP platform device when ASP table is present
> x86/psp: Add IRQ support
> crypto: cpp - Bind to psp platform device on x86
> crypto: ccp - Add vdata for platform device
> crypto: ccp - Skip DMA coherency check for platform psp
> crypto: ccp - Allow platform device to be psp master device
>
> arch/x86/kernel/Makefile | 1 +
> arch/x86/kernel/psp.c | 219 ++++++++++++++++++++++++++++++
> drivers/acpi/Makefile | 1 +
> drivers/acpi/aspt.c | 104 ++++++++++++++
> drivers/crypto/ccp/sp-dev.c | 66 +++++++++
> drivers/crypto/ccp/sp-dev.h | 4 +
> drivers/crypto/ccp/sp-pci.c | 48 -------
> drivers/crypto/ccp/sp-platform.c | 76 ++++++++++-
> include/acpi/actbl1.h | 46 +++++++
> include/linux/platform_data/psp.h | 32 +++++
> 10 files changed, 548 insertions(+), 49 deletions(-)
> create mode 100644 arch/x86/kernel/psp.c
> create mode 100644 drivers/acpi/aspt.c
> create mode 100644 include/linux/platform_data/psp.h
>
Powered by blists - more mailing lists