2 * AMD Platform Security Processor (PSP) interface
4 * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
6 * Author: Brijesh Singh <brijesh.singh@amd.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/kthread.h>
16 #include <linux/sched.h>
17 #include <linux/interrupt.h>
18 #include <linux/spinlock.h>
19 #include <linux/spinlock_types.h>
20 #include <linux/types.h>
21 #include <linux/mutex.h>
22 #include <linux/delay.h>
23 #include <linux/hw_random.h>
24 #include <linux/ccp.h>
29 #define DEVICE_NAME "sev"
31 static DEFINE_MUTEX(sev_cmd_mutex);
32 static struct sev_misc_dev *misc_dev;
33 static struct psp_device *psp_master;
35 static struct psp_device *psp_alloc_struct(struct sp_device *sp)
37 struct device *dev = sp->dev;
38 struct psp_device *psp;
40 psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
47 snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
52 static irqreturn_t psp_irq_handler(int irq, void *data)
54 struct psp_device *psp = data;
58 /* Read the interrupt status: */
59 status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
61 /* Check if it is command completion: */
62 if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
65 /* Check if it is SEV command completion: */
66 reg = ioread32(psp->io_regs + PSP_CMDRESP);
67 if (reg & PSP_CMDRESP_RESP) {
68 psp->sev_int_rcvd = 1;
69 wake_up(&psp->sev_int_queue);
73 /* Clear the interrupt status by writing the same value we read. */
74 iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
79 static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
81 psp->sev_int_rcvd = 0;
83 wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
84 *reg = ioread32(psp->io_regs + PSP_CMDRESP);
87 static int sev_cmd_buffer_len(int cmd)
90 case SEV_CMD_INIT: return sizeof(struct sev_data_init);
91 case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
92 case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
93 case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
94 case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
95 case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
96 case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
97 case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
98 case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
99 case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
100 case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
101 case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
102 case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
103 case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
104 case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
105 case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
106 case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
107 case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
108 case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
109 case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
110 case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
111 case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
112 case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
113 case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
114 case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
121 static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
123 struct psp_device *psp = psp_master;
124 unsigned int phys_lsb, phys_msb;
125 unsigned int reg, ret = 0;
130 /* Get the physical address of the command buffer */
131 phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;
132 phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;
134 dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x\n",
135 cmd, phys_msb, phys_lsb);
137 print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
138 sev_cmd_buffer_len(cmd), false);
140 iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO);
141 iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI);
144 reg <<= PSP_CMDRESP_CMD_SHIFT;
145 reg |= PSP_CMDRESP_IOC;
146 iowrite32(reg, psp->io_regs + PSP_CMDRESP);
148 /* wait for command completion */
149 sev_wait_cmd_ioc(psp, ®);
152 *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
154 if (reg & PSP_CMDRESP_ERR_MASK) {
155 dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n",
156 cmd, reg & PSP_CMDRESP_ERR_MASK);
160 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
161 sev_cmd_buffer_len(cmd), false);
166 static int sev_do_cmd(int cmd, void *data, int *psp_ret)
170 mutex_lock(&sev_cmd_mutex);
171 rc = __sev_do_cmd_locked(cmd, data, psp_ret);
172 mutex_unlock(&sev_cmd_mutex);
177 static int __sev_platform_init_locked(int *error)
179 struct psp_device *psp = psp_master;
185 if (psp->sev_state == SEV_STATE_INIT)
188 rc = __sev_do_cmd_locked(SEV_CMD_INIT, &psp->init_cmd_buf, error);
192 psp->sev_state = SEV_STATE_INIT;
193 dev_dbg(psp->dev, "SEV firmware initialized\n");
198 int sev_platform_init(int *error)
202 mutex_lock(&sev_cmd_mutex);
203 rc = __sev_platform_init_locked(error);
204 mutex_unlock(&sev_cmd_mutex);
208 EXPORT_SYMBOL_GPL(sev_platform_init);
210 static int __sev_platform_shutdown_locked(int *error)
214 ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, 0, error);
218 psp_master->sev_state = SEV_STATE_UNINIT;
219 dev_dbg(psp_master->dev, "SEV firmware shutdown\n");
224 static int sev_platform_shutdown(int *error)
228 mutex_lock(&sev_cmd_mutex);
229 rc = __sev_platform_shutdown_locked(NULL);
230 mutex_unlock(&sev_cmd_mutex);
235 static int sev_get_platform_state(int *state, int *error)
239 rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
240 &psp_master->status_cmd_buf, error);
244 *state = psp_master->status_cmd_buf.state;
248 static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
253 * The SEV spec requires that FACTORY_RESET must be issued in
254 * UNINIT state. Before we go further lets check if any guest is
257 * If FW is in WORKING state then deny the request otherwise issue
258 * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
261 rc = sev_get_platform_state(&state, &argp->error);
265 if (state == SEV_STATE_WORKING)
268 if (state == SEV_STATE_INIT) {
269 rc = __sev_platform_shutdown_locked(&argp->error);
274 return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, &argp->error);
277 static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
279 struct sev_user_data_status *data = &psp_master->status_cmd_buf;
282 ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);
286 if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
292 static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
296 if (psp_master->sev_state == SEV_STATE_UNINIT) {
297 rc = __sev_platform_init_locked(&argp->error);
302 return __sev_do_cmd_locked(cmd, 0, &argp->error);
305 static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
307 struct sev_user_data_pek_csr input;
308 struct sev_data_pek_csr *data;
312 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
315 data = kzalloc(sizeof(*data), GFP_KERNEL);
319 /* userspace wants to query CSR length */
320 if (!input.address || !input.length)
323 /* allocate a physically contiguous buffer to store the CSR blob */
324 if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
325 input.length > SEV_FW_BLOB_MAX_SIZE) {
330 blob = kmalloc(input.length, GFP_KERNEL);
336 data->address = __psp_pa(blob);
337 data->len = input.length;
340 if (psp_master->sev_state == SEV_STATE_UNINIT) {
341 ret = __sev_platform_init_locked(&argp->error);
346 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
348 /* If we query the CSR length, FW responded with expected data. */
349 input.length = data->len;
351 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
357 if (copy_to_user((void __user *)input.address, blob, input.length))
368 void *psp_copy_user_blob(u64 __user uaddr, u32 len)
373 return ERR_PTR(-EINVAL);
375 /* verify that blob length does not exceed our limit */
376 if (len > SEV_FW_BLOB_MAX_SIZE)
377 return ERR_PTR(-EINVAL);
379 data = kmalloc(len, GFP_KERNEL);
381 return ERR_PTR(-ENOMEM);
383 if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
390 return ERR_PTR(-EFAULT);
392 EXPORT_SYMBOL_GPL(psp_copy_user_blob);
394 static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
396 struct sev_user_data_pek_cert_import input;
397 struct sev_data_pek_cert_import *data;
398 void *pek_blob, *oca_blob;
401 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
404 data = kzalloc(sizeof(*data), GFP_KERNEL);
408 /* copy PEK certificate blobs from userspace */
409 pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
410 if (IS_ERR(pek_blob)) {
411 ret = PTR_ERR(pek_blob);
415 data->pek_cert_address = __psp_pa(pek_blob);
416 data->pek_cert_len = input.pek_cert_len;
418 /* copy PEK certificate blobs from userspace */
419 oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
420 if (IS_ERR(oca_blob)) {
421 ret = PTR_ERR(oca_blob);
425 data->oca_cert_address = __psp_pa(oca_blob);
426 data->oca_cert_len = input.oca_cert_len;
428 /* If platform is not in INIT state then transition it to INIT */
429 if (psp_master->sev_state != SEV_STATE_INIT) {
430 ret = __sev_platform_init_locked(&argp->error);
435 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
446 static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
448 struct sev_user_data_pdh_cert_export input;
449 void *pdh_blob = NULL, *cert_blob = NULL;
450 struct sev_data_pdh_cert_export *data;
453 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
456 data = kzalloc(sizeof(*data), GFP_KERNEL);
460 /* Userspace wants to query the certificate length. */
461 if (!input.pdh_cert_address ||
462 !input.pdh_cert_len ||
463 !input.cert_chain_address)
466 /* Allocate a physically contiguous buffer to store the PDH blob. */
467 if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
468 !access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len)) {
473 /* Allocate a physically contiguous buffer to store the cert chain blob. */
474 if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
475 !access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len)) {
480 pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
486 data->pdh_cert_address = __psp_pa(pdh_blob);
487 data->pdh_cert_len = input.pdh_cert_len;
489 cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
495 data->cert_chain_address = __psp_pa(cert_blob);
496 data->cert_chain_len = input.cert_chain_len;
499 /* If platform is not in INIT state then transition it to INIT. */
500 if (psp_master->sev_state != SEV_STATE_INIT) {
501 ret = __sev_platform_init_locked(&argp->error);
506 ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
508 /* If we query the length, FW responded with expected data. */
509 input.cert_chain_len = data->cert_chain_len;
510 input.pdh_cert_len = data->pdh_cert_len;
512 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
518 if (copy_to_user((void __user *)input.pdh_cert_address,
519 pdh_blob, input.pdh_cert_len)) {
526 if (copy_to_user((void __user *)input.cert_chain_address,
527 cert_blob, input.cert_chain_len))
540 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
542 void __user *argp = (void __user *)arg;
543 struct sev_issue_cmd input;
549 if (ioctl != SEV_ISSUE_CMD)
552 if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
555 if (input.cmd > SEV_MAX)
558 mutex_lock(&sev_cmd_mutex);
562 case SEV_FACTORY_RESET:
563 ret = sev_ioctl_do_reset(&input);
565 case SEV_PLATFORM_STATUS:
566 ret = sev_ioctl_do_platform_status(&input);
569 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input);
572 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
575 ret = sev_ioctl_do_pek_csr(&input);
577 case SEV_PEK_CERT_IMPORT:
578 ret = sev_ioctl_do_pek_import(&input);
580 case SEV_PDH_CERT_EXPORT:
581 ret = sev_ioctl_do_pdh_export(&input);
588 if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
591 mutex_unlock(&sev_cmd_mutex);
596 static const struct file_operations sev_fops = {
597 .owner = THIS_MODULE,
598 .unlocked_ioctl = sev_ioctl,
601 int sev_platform_status(struct sev_user_data_status *data, int *error)
603 return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
605 EXPORT_SYMBOL_GPL(sev_platform_status);
607 int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
609 return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
611 EXPORT_SYMBOL_GPL(sev_guest_deactivate);
613 int sev_guest_activate(struct sev_data_activate *data, int *error)
615 return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
617 EXPORT_SYMBOL_GPL(sev_guest_activate);
619 int sev_guest_decommission(struct sev_data_decommission *data, int *error)
621 return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
623 EXPORT_SYMBOL_GPL(sev_guest_decommission);
625 int sev_guest_df_flush(int *error)
627 return sev_do_cmd(SEV_CMD_DF_FLUSH, 0, error);
629 EXPORT_SYMBOL_GPL(sev_guest_df_flush);
631 static void sev_exit(struct kref *ref)
633 struct sev_misc_dev *misc_dev = container_of(ref, struct sev_misc_dev, refcount);
635 misc_deregister(&misc_dev->misc);
638 static int sev_misc_init(struct psp_device *psp)
640 struct device *dev = psp->dev;
644 * SEV feature support can be detected on multiple devices but the SEV
645 * FW commands must be issued on the master. During probe, we do not
646 * know the master hence we create /dev/sev on the first device probe.
647 * sev_do_cmd() finds the right master device to which to issue the
648 * command to the firmware.
651 struct miscdevice *misc;
653 misc_dev = devm_kzalloc(dev, sizeof(*misc_dev), GFP_KERNEL);
657 misc = &misc_dev->misc;
658 misc->minor = MISC_DYNAMIC_MINOR;
659 misc->name = DEVICE_NAME;
660 misc->fops = &sev_fops;
662 ret = misc_register(misc);
666 kref_init(&misc_dev->refcount);
668 kref_get(&misc_dev->refcount);
671 init_waitqueue_head(&psp->sev_int_queue);
672 psp->sev_misc = misc_dev;
673 dev_dbg(dev, "registered SEV device\n");
678 static int sev_init(struct psp_device *psp)
680 /* Check if device supports SEV feature */
681 if (!(ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)) {
682 dev_dbg(psp->dev, "device does not support SEV\n");
686 return sev_misc_init(psp);
689 int psp_dev_init(struct sp_device *sp)
691 struct device *dev = sp->dev;
692 struct psp_device *psp;
696 psp = psp_alloc_struct(sp);
702 psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
705 dev_err(dev, "missing driver data\n");
709 psp->io_regs = sp->io_map + psp->vdata->offset;
711 /* Disable and clear interrupts until ready */
712 iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
713 iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTSTS);
716 ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
718 dev_err(dev, "psp: unable to allocate an IRQ\n");
726 if (sp->set_psp_master_device)
727 sp->set_psp_master_device(sp);
729 /* Enable interrupt */
730 iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTEN);
735 sp_free_psp_irq(psp->sp, psp);
739 dev_notice(dev, "psp initialization failed\n");
744 void psp_dev_destroy(struct sp_device *sp)
746 struct psp_device *psp = sp->psp_data;
749 kref_put(&misc_dev->refcount, sev_exit);
751 sp_free_psp_irq(sp, psp);
754 int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
755 void *data, int *error)
757 if (!filep || filep->f_op != &sev_fops)
760 return sev_do_cmd(cmd, data, error);
762 EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
764 void psp_pci_init(void)
766 struct sev_user_data_status *status;
767 struct sp_device *sp;
770 sp = sp_get_psp_master_device();
774 psp_master = sp->psp_data;
776 /* Initialize the platform */
777 rc = sev_platform_init(&error);
779 dev_err(sp->dev, "SEV: failed to INIT error %#x\n", error);
783 /* Display SEV firmware version */
784 status = &psp_master->status_cmd_buf;
785 rc = sev_platform_status(status, &error);
787 dev_err(sp->dev, "SEV: failed to get status error %#x\n", error);
791 dev_info(sp->dev, "SEV API:%d.%d build:%d\n", status->api_major,
792 status->api_minor, status->build);
799 void psp_pci_exit(void)
804 sev_platform_shutdown(NULL);