Commit b066e5ee authored by hanliyang's avatar hanliyang
Browse files

x86/csv: Define ATTESTATION secure call command 

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IBGDHO


CVE: NA

---------------------------

Add definition of ATTESTATION secure call command and error codes of
the secure call.

Add struct csv_guest_user_data_attestation to support communicate
between user-space and kernel-space.

Add struct csv3_data_attestation_report to support communicate between
X86 and PSP.

Signed-off-by: default avatarhanliyang <hanliyang@hygon.cn>
parent 1e381fff

arch/x86/kernel/csv-shared.c

+22 −1
Original line number Diff line number Diff line
@@ -76,12 +76,33 @@ 
 * CSV3_SECURE_CMD_UPDATE_SECURE_CALL_TABLE:

 *	CSV3 guest wants to change the secure call pages.

 *	The secure processor re-init the secure call context.

 *

 * CSV3_SECURE_CMD_REQ_REPORT:

 *      CSV3 guest wants to request attestation report.

 *      The secure processor will update the request message buffer and respond

 *      buffer to indicate the result of this request.

 */

enum csv3_secure_command_type {

	CSV3_SECURE_CMD_ENC	= 1,

	/* The secure call request should below CSV3_SECURE_CMD_ACK */

	CSV3_SECURE_CMD_ENC			= 0x1,

	CSV3_SECURE_CMD_DEC,

	CSV3_SECURE_CMD_RESET,

	CSV3_SECURE_CMD_UPDATE_SECURE_CALL_TABLE,

	CSV3_SECURE_CMD_REQ_REPORT		= 0x7,



	/* SECURE_CMD_ACK indicates secure call request can be handled */

	CSV3_SECURE_CMD_ACK			= 0x6b,



	/*

	 * The following values are the error code of the secure call

	 * when firmware can't handling the specific secure call command

	 * as expected.

	 */

	CSV3_SECURE_CMD_ERROR_INTERNAL		= 0x6c,

	CSV3_SECURE_CMD_ERROR_INVALID_COMMAND	= 0x6d,

	CSV3_SECURE_CMD_ERROR_INVALID_PARAM	= 0x6e,

	CSV3_SECURE_CMD_ERROR_INVALID_ADDRESS	= 0x6f,

	CSV3_SECURE_CMD_ERROR_INVALID_LENGTH	= 0x70,

};



/*

include/linux/psp-hygon.h

+22 −0
Original line number Diff line number Diff line
@@ -306,6 +306,28 @@ struct csv3_data_dbg_read_mem { 
	u32 size;			/* In */

} __packed;



/**

 * struct csv3_data_attestation_report - ATTESTATION secure call command parameters

 *

 * @handle: handle of the VM to process

 * @resp_gpa: guest physical address to save the generated report

 * @resp_length: length of the generated report

 * @req_gpa: guest physical address of the input for the report

 * @req_length: length of the input for the report

 * @fw_error_code: firmware status code when generating the report

 */

struct csv3_data_attestation_report {

	u32 handle;				/* Out */

	u32 reserved1;

	u64 resp_gpa;				/* In */

	u8 reserved2[16];

	u32 resp_len;				/* In/Out */

	u32 reserved3;

	u64 req_gpa;				/* In */

	u32 req_len;				/* In,Out */

	u32 fw_error_code;			/* Out */

} __packed;



/**

 * struct csv3_data_send_encrypt_data - SEND_ENCRYPT_DATA command parameters

 *

include/uapi/linux/psp-hygon.h

+13 −0
Original line number Diff line number Diff line
@@ -55,4 +55,17 @@ struct csv_user_data_download_firmware { 
	__u32 length;				/* In */

} __packed;



/**

 * struct csv_guest_user_data_attestation - ATTESTATION command parameters

 *

 * @user_data: user specified data for the attestation report

 * @mnonce: user's random nonce

 * @hash: sm3 hash of the @user_data and @mnonce

 */

struct csv_guest_user_data_attestation {

	__u8 user_data[64];			/* In */

	__u8 monce[16];				/* In */

	__u8 hash[32];				/* In */

} __packed;



#endif	/* __PSP_HYGON_USER_H__ */