mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-11 04:18:39 +08:00
virt: sev-guest: Choose the VMPCK key based on executing VMPL
Currently, the sev-guest driver uses the vmpck-0 key by default. When an SVSM is present, the kernel is running at a VMPL other than 0 and the vmpck-0 key is no longer available. If a specific vmpck key has not be requested by the user via the vmpck_id module parameter, choose the vmpck key based on the active VMPL level. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/b88081c5d88263176849df8ea93e90a404619cab.1717600736.git.thomas.lendacky@amd.com
This commit is contained in:
parent
61564d3468
commit
eb65f96cb3
@ -204,6 +204,17 @@ has taken care to make use of the SEV-SNP CPUID throughout all stages of boot.
|
||||
Otherwise, guest owner attestation provides no assurance that the kernel wasn't
|
||||
fed incorrect values at some point during boot.
|
||||
|
||||
4. SEV Guest Driver Communication Key
|
||||
=====================================
|
||||
|
||||
Communication between an SEV guest and the SEV firmware in the AMD Secure
|
||||
Processor (ASP, aka PSP) is protected by a VM Platform Communication Key
|
||||
(VMPCK). By default, the sev-guest driver uses the VMPCK associated with the
|
||||
VM Privilege Level (VMPL) at which the guest is running. Should this key be
|
||||
wiped by the sev-guest driver (see the driver for reasons why a VMPCK can be
|
||||
wiped), a different key can be used by reloading the sev-guest driver and
|
||||
specifying the desired key using the vmpck_id module parameter.
|
||||
|
||||
|
||||
Reference
|
||||
---------
|
||||
|
@ -237,6 +237,9 @@ struct svsm_call {
|
||||
#define SVSM_CORE_DELETE_VCPU 3
|
||||
|
||||
#ifdef CONFIG_AMD_MEM_ENCRYPT
|
||||
|
||||
extern u8 snp_vmpl;
|
||||
|
||||
extern void __sev_es_ist_enter(struct pt_regs *regs);
|
||||
extern void __sev_es_ist_exit(void);
|
||||
static __always_inline void sev_es_ist_enter(struct pt_regs *regs)
|
||||
@ -319,7 +322,10 @@ u64 snp_get_unsupported_features(u64 status);
|
||||
u64 sev_get_status(void);
|
||||
void sev_show_status(void);
|
||||
void snp_update_svsm_ca(void);
|
||||
#else
|
||||
|
||||
#else /* !CONFIG_AMD_MEM_ENCRYPT */
|
||||
|
||||
#define snp_vmpl 0
|
||||
static inline void sev_es_ist_enter(struct pt_regs *regs) { }
|
||||
static inline void sev_es_ist_exit(void) { }
|
||||
static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; }
|
||||
@ -349,7 +355,8 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
|
||||
static inline u64 sev_get_status(void) { return 0; }
|
||||
static inline void sev_show_status(void) { }
|
||||
static inline void snp_update_svsm_ca(void) { }
|
||||
#endif
|
||||
|
||||
#endif /* CONFIG_AMD_MEM_ENCRYPT */
|
||||
|
||||
#ifdef CONFIG_KVM_AMD_SEV
|
||||
bool snp_probe_rmptable_info(void);
|
||||
|
@ -36,7 +36,8 @@
|
||||
* early boot, both with identity mapped virtual addresses and proper kernel
|
||||
* virtual addresses.
|
||||
*/
|
||||
static u8 snp_vmpl __ro_after_init;
|
||||
u8 snp_vmpl __ro_after_init;
|
||||
EXPORT_SYMBOL_GPL(snp_vmpl);
|
||||
static struct svsm_ca *boot_svsm_caa __ro_after_init;
|
||||
static u64 boot_svsm_caa_pa __ro_after_init;
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
/*
|
||||
* AMD Secure Encrypted Virtualization (SEV) guest driver interface
|
||||
*
|
||||
* Copyright (C) 2021 Advanced Micro Devices, Inc.
|
||||
* Copyright (C) 2021-2024 Advanced Micro Devices, Inc.
|
||||
*
|
||||
* Author: Brijesh Singh <brijesh.singh@amd.com>
|
||||
*/
|
||||
@ -70,8 +70,15 @@ struct snp_guest_dev {
|
||||
u8 *vmpck;
|
||||
};
|
||||
|
||||
static u32 vmpck_id;
|
||||
module_param(vmpck_id, uint, 0444);
|
||||
/*
|
||||
* The VMPCK ID represents the key used by the SNP guest to communicate with the
|
||||
* SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key
|
||||
* used will be the key associated with the VMPL at which the guest is running.
|
||||
* Should the default key be wiped (see snp_disable_vmpck()), this parameter
|
||||
* allows for using one of the remaining VMPCKs.
|
||||
*/
|
||||
static int vmpck_id = -1;
|
||||
module_param(vmpck_id, int, 0444);
|
||||
MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.");
|
||||
|
||||
/* Mutex to serialize the shared buffer access and command handling. */
|
||||
@ -923,6 +930,10 @@ static int __init sev_guest_probe(struct platform_device *pdev)
|
||||
if (!snp_dev)
|
||||
goto e_unmap;
|
||||
|
||||
/* Adjust the default VMPCK key based on the executing VMPL level */
|
||||
if (vmpck_id == -1)
|
||||
vmpck_id = snp_vmpl;
|
||||
|
||||
ret = -EINVAL;
|
||||
snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno);
|
||||
if (!snp_dev->vmpck) {
|
||||
|
Loading…
Reference in New Issue
Block a user