kernel/drivers/crypto/ccp/psp-dev.c, branch linux-6.9.yHosts the 0x221E linux distro kernel.https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.9.y2024-02-17T01:09:16Zcrypto: ccp - State in dmesg that TSME is enabled2024-02-17T01:09:16ZBorislav Petkov (AMD)bp@alien8.de2024-02-05T15:46:01Zurn:sha1:6e031ef2c201cea07bea3b286ed151378c4099f3
In the case when only TSME is enabled, it is useful to state that fact
too, so that users are aware that memory encryption is still enabled
even when the corresponding software variant of memory encryption is not
enabled.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for DBC over PSP mailbox2023-09-15T10:29:46ZMario Limonciellomario.limonciello@amd.com2023-09-07T18:48:46Zurn:sha1:0470bb1b71ac1f05055b10bdc791953209a7976b
On some SOCs DBC is supported through the PSP mailbox instead of
the platform mailbox. This capability is advertised in the PSP
capabilities register. Allow using this communication path if
supported.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add a macro to check capabilities register2023-09-15T10:29:46ZMario Limonciellomario.limonciello@amd.com2023-09-07T18:48:45Zurn:sha1:3d5845e18066990ede565ffe2975e6d89786da50
Offsets are checked by the capabilities register in multiple places.
To make the code more readable add a macro.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for extended PSP mailbox commands2023-09-15T10:29:45ZMario Limonciellomario.limonciello@amd.com2023-09-07T18:48:43Zurn:sha1:6e17375c47a325f79e1f80028344bd4b0bdd985b
The PSP mailbox supports a number of extended sub-commands. These
subcommands are placed in the header of the buffer sent to the mailbox.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Move direct access to some PSP registers out of TEE2023-09-15T10:29:45ZTom Lendackythomas.lendacky@amd.com2023-09-07T18:48:42Zurn:sha1:949a0c8dd3c257730ef7205be759e4bc6cf49cea
With the PSP mailbox registers supporting more than just TEE, access to
them must be maintained and serialized by the PSP device support. Remove
TEE support direct access and create an interface in the PSP support
where the register access can be controlled/serialized.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Tested-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for fetching a nonce for dynamic boost control2023-07-20T10:14:21ZMario Limonciellomario.limonciello@amd.com2023-06-23T13:49:55Zurn:sha1:c04cf9e14f109ebcc425c1efd2c01294c52a4d62
Dynamic Boost Control is a feature offered on AMD client platforms that
allows software to request and set power or frequency limits.
Only software that has authenticated with the PSP can retrieve or set
these limits.
Create a character device and ioctl for fetching the nonce. This ioctl
supports optionally passing authentication information which will influence
how many calls the nonce is valid for.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - move setting PSP master to earlier in the init2023-07-20T10:13:16ZMario Limonciellomario.limonciello@amd.com2023-06-23T13:49:54Zurn:sha1:b8440d55f7d4ad2b669902301c87c482faf9a8f4
Dynamic boost control needs to use platform access symbols
that look for the PSP master as part of initialization.
So move the PSP master before psp_init() so that dynamic boost
control can be initialized properly.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Clear PSP interrupt status register before calling handler2023-04-06T08:19:45ZJeremi Piotrowskijpiotrowski@linux.microsoft.com2023-03-28T15:16:36Zurn:sha1:45121ad4a1750ca47ce3f32bd434bdb0cdbf0043
The PSP IRQ is edge-triggered (MSI or MSI-X) in all cases supported by
the psp module so clear the interrupt status register early in the
handler to prevent missed interrupts. sev_irq_handler() calls wake_up()
on a wait queue, which can result in a new command being submitted from
a different CPU. This then races with the clearing of isr and can result
in missed interrupts. A missed interrupt results in a command waiting
until it times out, which results in the psp being declared dead.
This is unlikely on bare metal, but has been observed when running
virtualized. In the cases where this is observed, sev->cmdresp_reg has
PSP_CMDRESP_RESP set which indicates that the command was processed
correctly but no interrupt was asserted.
The full sequence of events looks like this:
CPU 1: submits SEV cmd #1
CPU 1: calls wait_event_timeout()
CPU 0: enters psp_irq_handler()
CPU 0: calls sev_handler()->wake_up()
CPU 1: wakes up; finishes processing cmd #1
CPU 1: submits SEV cmd #2
CPU 1: calls wait_event_timeout()
PSP: finishes processing cmd #2; interrupt status is still set; no interrupt
CPU 0: clears intsts
CPU 0: exits psp_irq_handler()
CPU 1: wait_event_timeout() times out; psp_dead=true
Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Cc: stable@vger.kernel.org
Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Add support for an interface for platform features2023-03-17T03:16:43ZMario Limonciellomario.limonciello@amd.com2023-03-10T21:19:47Zurn:sha1:7ccc4f4e2e50e4a29f9ee8f5c9e187f8491bb6e7
Some platforms with a PSP support an interface for features that
interact directly with the PSP instead of through a SEV or TEE
environment.
Initialize this interface so that other drivers can consume it.
These drivers may either be subdrivers for the ccp module or
external modules. For external modules, export a symbol for them
to utilize.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ccp - Drop TEE support for IRQ handler2023-03-17T03:16:43ZMario Limonciellomario.limonciello@amd.com2023-03-10T21:19:44Zurn:sha1:a7ca7bbdb59e59a7890116e03a3bb99bcf4c87a6
The only PSP mailbox that currently supports interrupt on completion
is the SEV mailbox. Drop the dead code for the TEE subdriver to
potentially call it.
Acked-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>