| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2afb8bf011d6d40419b880303f4556299a1a2c46.1752531191.git.ashish.kalra@amd.com>
Date: Mon, 14 Jul 2025 22:40:18 +0000
From: Ashish Kalra <Ashish.Kalra@....com>
To: <corbet@....net>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
<tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>,
<dave.hansen@...ux.intel.com>, <x86@...nel.org>, <hpa@...or.com>,
<thomas.lendacky@....com>, <john.allen@....com>,
<herbert@...dor.apana.org.au>, <davem@...emloft.net>,
<akpm@...ux-foundation.org>, <rostedt@...dmis.org>, <paulmck@...nel.org>
CC: <nikunj@....com>, <Neeraj.Upadhyay@....com>, <aik@....com>,
<ardb@...nel.org>, <michael.roth@....com>, <arnd@...db.de>,
<linux-doc@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>
Subject: [PATCH v6 4/7] crypto: ccp - Introduce new API interface to indicate SEV-SNP Ciphertext hiding feature
From: Ashish Kalra <ashish.kalra@....com>
Implement an API that checks the overall feature support for SEV-SNP
ciphertext hiding.
This API verifies both the support of the SEV firmware for the feature
and its enablement in the platform's BIOS.
Signed-off-by: Ashish Kalra <ashish.kalra@....com>
---
drivers/crypto/ccp/sev-dev.c | 21 +++++++++++++++++++++
include/linux/psp-sev.h | 5 +++++
2 files changed, 26 insertions(+)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 8f4e22751bc4..ed18cd113724 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -1074,6 +1074,27 @@ static void snp_set_hsave_pa(void *arg)
wrmsrq(MSR_VM_HSAVE_PA, 0);
}
+bool sev_is_snp_ciphertext_hiding_supported(void)
+{
+ struct psp_device *psp = psp_master;
+ struct sev_device *sev;
+
+ if (!psp || !psp->sev_data)
+ return false;
+
+ sev = psp->sev_data;
+
+ /*
+ * Feature information indicates if CipherTextHiding feature is
+ * supported by the SEV firmware and additionally platform status
+ * indicates if CipherTextHiding feature is enabled in the
+ * Platform BIOS.
+ */
+ return ((sev->snp_feat_info_0.ecx & SNP_CIPHER_TEXT_HIDING_SUPPORTED) &&
+ sev->snp_plat_status.ciphertext_hiding_cap);
+}
+EXPORT_SYMBOL_GPL(sev_is_snp_ciphertext_hiding_supported);
+
static int snp_get_platform_data(struct sev_device *sev, int *error)
{
struct sev_data_snp_feature_info snp_feat_info;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 5fb6ae0f51cc..d83185b4268b 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -843,6 +843,8 @@ struct snp_feature_info {
u32 edx;
} __packed;
+#define SNP_CIPHER_TEXT_HIDING_SUPPORTED BIT(3)
+
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
/**
@@ -986,6 +988,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len);
void *snp_alloc_firmware_page(gfp_t mask);
void snp_free_firmware_page(void *addr);
void sev_platform_shutdown(void);
+bool sev_is_snp_ciphertext_hiding_supported(void);
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
@@ -1022,6 +1025,8 @@ static inline void snp_free_firmware_page(void *addr) { }
static inline void sev_platform_shutdown(void) { }
+static inline bool sev_is_snp_ciphertext_hiding_supported(void) { return false; }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.34.1
Powered by blists - more mailing lists