1 // SPDX-License-Identifier: GPL-2.0-only
3 * AMD Secure Encrypted Virtualization (SEV) interface
5 * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
7 * Author: Brijesh Singh <brijesh.singh@amd.com>
10 #include <linux/module.h>
11 #include <linux/kernel.h>
12 #include <linux/kthread.h>
13 #include <linux/sched.h>
14 #include <linux/interrupt.h>
15 #include <linux/spinlock.h>
16 #include <linux/spinlock_types.h>
17 #include <linux/types.h>
18 #include <linux/mutex.h>
19 #include <linux/delay.h>
20 #include <linux/hw_random.h>
21 #include <linux/ccp.h>
22 #include <linux/firmware.h>
23 #include <linux/gfp.h>
30 #define DEVICE_NAME "sev"
31 #define SEV_FW_FILE "amd/sev.fw"
32 #define SEV_FW_NAME_SIZE 64
34 static DEFINE_MUTEX(sev_cmd_mutex);
35 static struct sev_misc_dev *misc_dev;
37 static int psp_cmd_timeout = 100;
38 module_param(psp_cmd_timeout, int, 0644);
39 MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
41 static int psp_probe_timeout = 5;
42 module_param(psp_probe_timeout, int, 0644);
43 MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
46 static int psp_timeout;
48 /* Trusted Memory Region (TMR):
49 * The TMR is a 1MB area that must be 1MB aligned. Use the page allocator
50 * to allocate the memory, which will return aligned memory for the specified
53 #define SEV_ES_TMR_SIZE (1024 * 1024)
54 static void *sev_es_tmr;
56 static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
58 struct sev_device *sev = psp_master->sev_data;
60 if (sev->api_major > maj)
63 if (sev->api_major == maj && sev->api_minor >= min)
69 static void sev_irq_handler(int irq, void *data, unsigned int status)
71 struct sev_device *sev = data;
74 /* Check if it is command completion: */
75 if (!(status & SEV_CMD_COMPLETE))
78 /* Check if it is SEV command completion: */
79 reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
80 if (reg & PSP_CMDRESP_RESP) {
82 wake_up(&sev->int_queue);
86 static int sev_wait_cmd_ioc(struct sev_device *sev,
87 unsigned int *reg, unsigned int timeout)
91 ret = wait_event_timeout(sev->int_queue,
92 sev->int_rcvd, timeout * HZ);
96 *reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
101 static int sev_cmd_buffer_len(int cmd)
104 case SEV_CMD_INIT: return sizeof(struct sev_data_init);
105 case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
106 case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
107 case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
108 case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
109 case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
110 case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
111 case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
112 case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
113 case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
114 case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
115 case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
116 case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
117 case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
118 case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
119 case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
120 case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
121 case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
122 case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
123 case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
124 case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
125 case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
126 case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
127 case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
128 case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
129 case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
130 case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
131 case SEV_CMD_ATTESTATION_REPORT: return sizeof(struct sev_data_attestation_report);
138 static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
140 struct psp_device *psp = psp_master;
141 struct sev_device *sev;
142 unsigned int phys_lsb, phys_msb;
143 unsigned int reg, ret = 0;
145 if (!psp || !psp->sev_data)
153 /* Get the physical address of the command buffer */
154 phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;
155 phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;
157 dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
158 cmd, phys_msb, phys_lsb, psp_timeout);
160 print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
161 sev_cmd_buffer_len(cmd), false);
163 iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
164 iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
169 reg <<= SEV_CMDRESP_CMD_SHIFT;
170 reg |= SEV_CMDRESP_IOC;
171 iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
173 /* wait for command completion */
174 ret = sev_wait_cmd_ioc(sev, ®, psp_timeout);
179 dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
185 psp_timeout = psp_cmd_timeout;
188 *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
190 if (reg & PSP_CMDRESP_ERR_MASK) {
191 dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",
192 cmd, reg & PSP_CMDRESP_ERR_MASK);
196 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
197 sev_cmd_buffer_len(cmd), false);
202 static int sev_do_cmd(int cmd, void *data, int *psp_ret)
206 mutex_lock(&sev_cmd_mutex);
207 rc = __sev_do_cmd_locked(cmd, data, psp_ret);
208 mutex_unlock(&sev_cmd_mutex);
213 static int __sev_platform_init_locked(int *error)
215 struct psp_device *psp = psp_master;
216 struct sev_device *sev;
219 if (!psp || !psp->sev_data)
224 if (sev->state == SEV_STATE_INIT)
231 * Do not include the encryption mask on the physical
232 * address of the TMR (firmware should clear it anyway).
234 tmr_pa = __pa(sev_es_tmr);
236 sev->init_cmd_buf.flags |= SEV_INIT_FLAGS_SEV_ES;
237 sev->init_cmd_buf.tmr_address = tmr_pa;
238 sev->init_cmd_buf.tmr_len = SEV_ES_TMR_SIZE;
241 rc = __sev_do_cmd_locked(SEV_CMD_INIT, &sev->init_cmd_buf, error);
245 sev->state = SEV_STATE_INIT;
247 /* Prepare for first SEV guest launch after INIT */
248 wbinvd_on_all_cpus();
249 rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
253 dev_dbg(sev->dev, "SEV firmware initialized\n");
258 int sev_platform_init(int *error)
262 mutex_lock(&sev_cmd_mutex);
263 rc = __sev_platform_init_locked(error);
264 mutex_unlock(&sev_cmd_mutex);
268 EXPORT_SYMBOL_GPL(sev_platform_init);
270 static int __sev_platform_shutdown_locked(int *error)
272 struct sev_device *sev = psp_master->sev_data;
275 ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
279 sev->state = SEV_STATE_UNINIT;
280 dev_dbg(sev->dev, "SEV firmware shutdown\n");
285 static int sev_platform_shutdown(int *error)
289 mutex_lock(&sev_cmd_mutex);
290 rc = __sev_platform_shutdown_locked(NULL);
291 mutex_unlock(&sev_cmd_mutex);
296 static int sev_get_platform_state(int *state, int *error)
298 struct sev_device *sev = psp_master->sev_data;
301 rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
302 &sev->status_cmd_buf, error);
306 *state = sev->status_cmd_buf.state;
310 static int sev_ioctl_do_reset(struct sev_issue_cmd *argp, bool writable)
318 * The SEV spec requires that FACTORY_RESET must be issued in
319 * UNINIT state. Before we go further lets check if any guest is
322 * If FW is in WORKING state then deny the request otherwise issue
323 * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
326 rc = sev_get_platform_state(&state, &argp->error);
330 if (state == SEV_STATE_WORKING)
333 if (state == SEV_STATE_INIT) {
334 rc = __sev_platform_shutdown_locked(&argp->error);
339 return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
342 static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
344 struct sev_device *sev = psp_master->sev_data;
345 struct sev_user_data_status *data = &sev->status_cmd_buf;
348 ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);
352 if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
358 static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
360 struct sev_device *sev = psp_master->sev_data;
366 if (sev->state == SEV_STATE_UNINIT) {
367 rc = __sev_platform_init_locked(&argp->error);
372 return __sev_do_cmd_locked(cmd, NULL, &argp->error);
375 static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
377 struct sev_device *sev = psp_master->sev_data;
378 struct sev_user_data_pek_csr input;
379 struct sev_data_pek_csr *data;
380 void __user *input_address;
387 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
390 data = kzalloc(sizeof(*data), GFP_KERNEL);
394 /* userspace wants to query CSR length */
395 if (!input.address || !input.length)
398 /* allocate a physically contiguous buffer to store the CSR blob */
399 input_address = (void __user *)input.address;
400 if (input.length > SEV_FW_BLOB_MAX_SIZE) {
405 blob = kmalloc(input.length, GFP_KERNEL);
411 data->address = __psp_pa(blob);
412 data->len = input.length;
415 if (sev->state == SEV_STATE_UNINIT) {
416 ret = __sev_platform_init_locked(&argp->error);
421 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
423 /* If we query the CSR length, FW responded with expected data. */
424 input.length = data->len;
426 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
432 if (copy_to_user(input_address, blob, input.length))
443 void *psp_copy_user_blob(u64 uaddr, u32 len)
446 return ERR_PTR(-EINVAL);
448 /* verify that blob length does not exceed our limit */
449 if (len > SEV_FW_BLOB_MAX_SIZE)
450 return ERR_PTR(-EINVAL);
452 return memdup_user((void __user *)uaddr, len);
454 EXPORT_SYMBOL_GPL(psp_copy_user_blob);
456 static int sev_get_api_version(void)
458 struct sev_device *sev = psp_master->sev_data;
459 struct sev_user_data_status *status;
462 status = &sev->status_cmd_buf;
463 ret = sev_platform_status(status, &error);
466 "SEV: failed to get status. Error: %#x\n", error);
470 sev->api_major = status->api_major;
471 sev->api_minor = status->api_minor;
472 sev->build = status->build;
473 sev->state = status->state;
478 static int sev_get_firmware(struct device *dev,
479 const struct firmware **firmware)
481 char fw_name_specific[SEV_FW_NAME_SIZE];
482 char fw_name_subset[SEV_FW_NAME_SIZE];
484 snprintf(fw_name_specific, sizeof(fw_name_specific),
485 "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
486 boot_cpu_data.x86, boot_cpu_data.x86_model);
488 snprintf(fw_name_subset, sizeof(fw_name_subset),
489 "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
490 boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
492 /* Check for SEV FW for a particular model.
493 * Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
497 * Check for SEV FW common to a subset of models.
498 * Ex. amd_sev_fam17h_model0xh.sbin for
499 * Family 17h Model 00h -- Family 17h Model 0Fh
503 * Fall-back to using generic name: sev.fw
505 if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
506 (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
507 (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
513 /* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
514 static int sev_update_firmware(struct device *dev)
516 struct sev_data_download_firmware *data;
517 const struct firmware *firmware;
518 int ret, error, order;
522 if (sev_get_firmware(dev, &firmware) == -ENOENT) {
523 dev_dbg(dev, "No SEV firmware file present\n");
528 * SEV FW expects the physical address given to it to be 32
529 * byte aligned. Memory allocated has structure placed at the
530 * beginning followed by the firmware being passed to the SEV
531 * FW. Allocate enough memory for data structure + alignment
534 data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
536 order = get_order(firmware->size + data_size);
537 p = alloc_pages(GFP_KERNEL, order);
544 * Copy firmware data to a kernel allocated contiguous
547 data = page_address(p);
548 memcpy(page_address(p) + data_size, firmware->data, firmware->size);
550 data->address = __psp_pa(page_address(p) + data_size);
551 data->len = firmware->size;
553 ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
555 dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
557 dev_info(dev, "SEV firmware update successful\n");
559 __free_pages(p, order);
562 release_firmware(firmware);
567 static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
569 struct sev_device *sev = psp_master->sev_data;
570 struct sev_user_data_pek_cert_import input;
571 struct sev_data_pek_cert_import *data;
572 void *pek_blob, *oca_blob;
578 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
581 data = kzalloc(sizeof(*data), GFP_KERNEL);
585 /* copy PEK certificate blobs from userspace */
586 pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
587 if (IS_ERR(pek_blob)) {
588 ret = PTR_ERR(pek_blob);
592 data->pek_cert_address = __psp_pa(pek_blob);
593 data->pek_cert_len = input.pek_cert_len;
595 /* copy PEK certificate blobs from userspace */
596 oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
597 if (IS_ERR(oca_blob)) {
598 ret = PTR_ERR(oca_blob);
602 data->oca_cert_address = __psp_pa(oca_blob);
603 data->oca_cert_len = input.oca_cert_len;
605 /* If platform is not in INIT state then transition it to INIT */
606 if (sev->state != SEV_STATE_INIT) {
607 ret = __sev_platform_init_locked(&argp->error);
612 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
623 static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
625 struct sev_user_data_get_id2 input;
626 struct sev_data_get_id *data;
627 void __user *input_address;
628 void *id_blob = NULL;
631 /* SEV GET_ID is available from SEV API v0.16 and up */
632 if (!sev_version_greater_or_equal(0, 16))
635 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
638 input_address = (void __user *)input.address;
640 data = kzalloc(sizeof(*data), GFP_KERNEL);
644 if (input.address && input.length) {
645 id_blob = kmalloc(input.length, GFP_KERNEL);
651 data->address = __psp_pa(id_blob);
652 data->len = input.length;
655 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
658 * Firmware will return the length of the ID value (either the minimum
659 * required length or the actual length written), return it to the user.
661 input.length = data->len;
663 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
669 if (copy_to_user(input_address, id_blob, data->len)) {
682 static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
684 struct sev_data_get_id *data;
685 u64 data_size, user_size;
689 /* SEV GET_ID available from SEV API v0.16 and up */
690 if (!sev_version_greater_or_equal(0, 16))
693 /* SEV FW expects the buffer it fills with the ID to be
694 * 8-byte aligned. Memory allocated should be enough to
695 * hold data structure + alignment padding + memory
696 * where SEV FW writes the ID.
698 data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
699 user_size = sizeof(struct sev_user_data_get_id);
701 mem = kzalloc(data_size + user_size, GFP_KERNEL);
706 id_blob = mem + data_size;
708 data->address = __psp_pa(id_blob);
709 data->len = user_size;
711 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
713 if (copy_to_user((void __user *)argp->data, id_blob, data->len))
722 static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
724 struct sev_device *sev = psp_master->sev_data;
725 struct sev_user_data_pdh_cert_export input;
726 void *pdh_blob = NULL, *cert_blob = NULL;
727 struct sev_data_pdh_cert_export *data;
728 void __user *input_cert_chain_address;
729 void __user *input_pdh_cert_address;
732 /* If platform is not in INIT state then transition it to INIT. */
733 if (sev->state != SEV_STATE_INIT) {
737 ret = __sev_platform_init_locked(&argp->error);
742 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
745 data = kzalloc(sizeof(*data), GFP_KERNEL);
749 /* Userspace wants to query the certificate length. */
750 if (!input.pdh_cert_address ||
751 !input.pdh_cert_len ||
752 !input.cert_chain_address)
755 input_pdh_cert_address = (void __user *)input.pdh_cert_address;
756 input_cert_chain_address = (void __user *)input.cert_chain_address;
758 /* Allocate a physically contiguous buffer to store the PDH blob. */
759 if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) {
764 /* Allocate a physically contiguous buffer to store the cert chain blob. */
765 if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) {
770 pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
776 data->pdh_cert_address = __psp_pa(pdh_blob);
777 data->pdh_cert_len = input.pdh_cert_len;
779 cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
785 data->cert_chain_address = __psp_pa(cert_blob);
786 data->cert_chain_len = input.cert_chain_len;
789 ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
791 /* If we query the length, FW responded with expected data. */
792 input.cert_chain_len = data->cert_chain_len;
793 input.pdh_cert_len = data->pdh_cert_len;
795 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
801 if (copy_to_user(input_pdh_cert_address,
802 pdh_blob, input.pdh_cert_len)) {
809 if (copy_to_user(input_cert_chain_address,
810 cert_blob, input.cert_chain_len))
823 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
825 void __user *argp = (void __user *)arg;
826 struct sev_issue_cmd input;
828 bool writable = file->f_mode & FMODE_WRITE;
830 if (!psp_master || !psp_master->sev_data)
833 if (ioctl != SEV_ISSUE_CMD)
836 if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
839 if (input.cmd > SEV_MAX)
842 mutex_lock(&sev_cmd_mutex);
846 case SEV_FACTORY_RESET:
847 ret = sev_ioctl_do_reset(&input, writable);
849 case SEV_PLATFORM_STATUS:
850 ret = sev_ioctl_do_platform_status(&input);
853 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input, writable);
856 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input, writable);
859 ret = sev_ioctl_do_pek_csr(&input, writable);
861 case SEV_PEK_CERT_IMPORT:
862 ret = sev_ioctl_do_pek_import(&input, writable);
864 case SEV_PDH_CERT_EXPORT:
865 ret = sev_ioctl_do_pdh_export(&input, writable);
868 pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
869 ret = sev_ioctl_do_get_id(&input);
872 ret = sev_ioctl_do_get_id2(&input);
879 if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
882 mutex_unlock(&sev_cmd_mutex);
887 static const struct file_operations sev_fops = {
888 .owner = THIS_MODULE,
889 .unlocked_ioctl = sev_ioctl,
892 int sev_platform_status(struct sev_user_data_status *data, int *error)
894 return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
896 EXPORT_SYMBOL_GPL(sev_platform_status);
898 int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
900 return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
902 EXPORT_SYMBOL_GPL(sev_guest_deactivate);
904 int sev_guest_activate(struct sev_data_activate *data, int *error)
906 return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
908 EXPORT_SYMBOL_GPL(sev_guest_activate);
910 int sev_guest_decommission(struct sev_data_decommission *data, int *error)
912 return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
914 EXPORT_SYMBOL_GPL(sev_guest_decommission);
916 int sev_guest_df_flush(int *error)
918 return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
920 EXPORT_SYMBOL_GPL(sev_guest_df_flush);
922 static void sev_exit(struct kref *ref)
924 misc_deregister(&misc_dev->misc);
929 static int sev_misc_init(struct sev_device *sev)
931 struct device *dev = sev->dev;
935 * SEV feature support can be detected on multiple devices but the SEV
936 * FW commands must be issued on the master. During probe, we do not
937 * know the master hence we create /dev/sev on the first device probe.
938 * sev_do_cmd() finds the right master device to which to issue the
939 * command to the firmware.
942 struct miscdevice *misc;
944 misc_dev = kzalloc(sizeof(*misc_dev), GFP_KERNEL);
948 misc = &misc_dev->misc;
949 misc->minor = MISC_DYNAMIC_MINOR;
950 misc->name = DEVICE_NAME;
951 misc->fops = &sev_fops;
953 ret = misc_register(misc);
957 kref_init(&misc_dev->refcount);
959 kref_get(&misc_dev->refcount);
962 init_waitqueue_head(&sev->int_queue);
963 sev->misc = misc_dev;
964 dev_dbg(dev, "registered SEV device\n");
969 int sev_dev_init(struct psp_device *psp)
971 struct device *dev = psp->dev;
972 struct sev_device *sev;
975 sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
984 sev->io_regs = psp->io_regs;
986 sev->vdata = (struct sev_vdata *)psp->vdata->sev;
989 dev_err(dev, "sev: missing driver data\n");
993 psp_set_sev_irq_handler(psp, sev_irq_handler, sev);
995 ret = sev_misc_init(sev);
999 dev_notice(dev, "sev enabled\n");
1004 psp_clear_sev_irq_handler(psp);
1006 psp->sev_data = NULL;
1008 dev_notice(dev, "sev initialization failed\n");
1013 void sev_dev_destroy(struct psp_device *psp)
1015 struct sev_device *sev = psp->sev_data;
1021 kref_put(&misc_dev->refcount, sev_exit);
1023 psp_clear_sev_irq_handler(psp);
1026 int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1027 void *data, int *error)
1029 if (!filep || filep->f_op != &sev_fops)
1032 return sev_do_cmd(cmd, data, error);
1034 EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1036 void sev_pci_init(void)
1038 struct sev_device *sev = psp_master->sev_data;
1039 struct page *tmr_page;
1045 psp_timeout = psp_probe_timeout;
1047 if (sev_get_api_version())
1051 * If platform is not in UNINIT state then firmware upgrade and/or
1052 * platform INIT command will fail. These command require UNINIT state.
1054 * In a normal boot we should never run into case where the firmware
1055 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
1056 * may not go through a typical shutdown sequence and may leave the
1057 * firmware in INIT or WORKING state.
1060 if (sev->state != SEV_STATE_UNINIT) {
1061 sev_platform_shutdown(NULL);
1062 sev->state = SEV_STATE_UNINIT;
1065 if (sev_version_greater_or_equal(0, 15) &&
1066 sev_update_firmware(sev->dev) == 0)
1067 sev_get_api_version();
1069 /* Obtain the TMR memory area for SEV-ES use */
1070 tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE));
1072 sev_es_tmr = page_address(tmr_page);
1076 "SEV: TMR allocation failed, SEV-ES support unavailable\n");
1079 /* Initialize the platform */
1080 rc = sev_platform_init(&error);
1081 if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
1083 * INIT command returned an integrity check failure
1084 * status code, meaning that firmware load and
1085 * validation of SEV related persistent data has
1086 * failed and persistent state has been erased.
1087 * Retrying INIT command here should succeed.
1089 dev_dbg(sev->dev, "SEV: retrying INIT command");
1090 rc = sev_platform_init(&error);
1094 dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
1098 dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
1099 sev->api_minor, sev->build);
1104 psp_master->sev_data = NULL;
1107 void sev_pci_exit(void)
1109 if (!psp_master->sev_data)
1112 sev_platform_shutdown(NULL);
1115 /* The TMR area was encrypted, flush it from the cache */
1116 wbinvd_on_all_cpus();
1118 free_pages((unsigned long)sev_es_tmr,
1119 get_order(SEV_ES_TMR_SIZE));