| Message ID | 20230420163140.14940-1-mario.limonciello@amd.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add dynamic boost control support | expand |
Hi! > Dynamic boost control is a feature of some SoCs that allows > an authenticated entity to send commands to the security processor > to control certain SOC characteristics with the intention to improve > performance. > > This is implemented via a mechanism that a userspace application would > authenticate using a nonce and key exchange over an IOCTL interface. > > After authentication is complete an application can exchange signed > messages with the security processor and both ends can validate the > data transmitted. Why is this acceptable? This precludes cross-platform interfaces, right? Why would application want to validate data from PSP? That precludes virtualization, right? Just put the key in kernel. Users have right to control their own hardware. Pavel --
On 4/26/23 08:47, Pavel Machek wrote: > Hi! > >> Dynamic boost control is a feature of some SoCs that allows >> an authenticated entity to send commands to the security processor >> to control certain SOC characteristics with the intention to improve >> performance. >> >> This is implemented via a mechanism that a userspace application would >> authenticate using a nonce and key exchange over an IOCTL interface. >> >> After authentication is complete an application can exchange signed >> messages with the security processor and both ends can validate the >> data transmitted. > Why is this acceptable? This precludes cross-platform interfaces, > right? Why would application want to validate data from PSP? That > precludes virtualization, right? > > Just put the key in kernel. Users have right to control their own > hardware. > Pavel This matches exactly how the interface works in Windows as well. The reason for validating the data from the PSP is because the data crosses multiple trust boundaries and this ensures that the application can trust it to make informed decisions.
On Wed 2023-04-26 09:43:43, Mario Limonciello wrote: > > On 4/26/23 08:47, Pavel Machek wrote: > > Hi! > > > > > Dynamic boost control is a feature of some SoCs that allows > > > an authenticated entity to send commands to the security processor > > > to control certain SOC characteristics with the intention to improve > > > performance. > > > > > > This is implemented via a mechanism that a userspace application would > > > authenticate using a nonce and key exchange over an IOCTL interface. > > > > > > After authentication is complete an application can exchange signed > > > messages with the security processor and both ends can validate the > > > data transmitted. > > Why is this acceptable? This precludes cross-platform interfaces, > > right? Why would application want to validate data from PSP? That > > precludes virtualization, right? > > > > Just put the key in kernel. Users have right to control their own > > hardware. > > Pavel > > This matches exactly how the interface works in Windows as well. Windows has different design constrants. > The reason for validating the data from the PSP is because the data > crosses multiple trust boundaries and this ensures that the application > can trust it to make informed decisions. If the application can not trust kernel, you are already doomed on Linux. Pavel
Dynamic boost control is a feature of some SoCs that allows an authenticated entity to send commands to the security processor to control certain SOC characteristics with the intention to improve performance. This is implemented via a mechanism that a userspace application would authenticate using a nonce and key exchange over an IOCTL interface. After authentication is complete an application can exchange signed messages with the security processor and both ends can validate the data transmitted. This series includes a test suite that can be run on real hardware to ensure that the communication works as expected. This can also be used for an application to model the communication path. Two sysfs files are introduced for reading the PSP bootloader version as well as TEE version which can be useful data points for debugging communication problems. Mario Limonciello (10): crypto: ccp: Rename macro for security attributes crypto: ccp: Add support for displaying PSP firmware versions crypto: ccp: Add bootloader and TEE version offsets crypto: ccp: move setting PSP master to earlier in the init crypto: ccp: Add support for fetching a nonce for dynamic boost control crypto: ccp: Add support for setting user ID for dynamic boost control crypto: ccp: Add support for getting and setting DBC parameters crypto: ccp: Add a sample script for Dynamic Boost Control crypto: ccp: Add unit tests for dynamic boost control crypto: ccp: Add Mario to MAINTAINERS Documentation/ABI/testing/sysfs-driver-ccp | 18 ++ MAINTAINERS | 11 + drivers/crypto/ccp/Makefile | 3 +- drivers/crypto/ccp/dbc.c | 250 +++++++++++++++++++ drivers/crypto/ccp/dbc.h | 56 +++++ drivers/crypto/ccp/psp-dev.c | 16 +- drivers/crypto/ccp/psp-dev.h | 1 + drivers/crypto/ccp/sp-dev.h | 7 + drivers/crypto/ccp/sp-pci.c | 90 ++++++- include/linux/psp-platform-access.h | 4 + include/uapi/linux/psp-dbc.h | 147 ++++++++++++ tools/crypto/ccp/.gitignore | 1 + tools/crypto/ccp/dbc.py | 98 ++++++++ tools/crypto/ccp/dbc_cli.py | 123 ++++++++++ tools/crypto/ccp/test_dbc.py | 266 +++++++++++++++++++++ 15 files changed, 1074 insertions(+), 17 deletions(-) create mode 100644 drivers/crypto/ccp/dbc.c create mode 100644 drivers/crypto/ccp/dbc.h create mode 100644 include/uapi/linux/psp-dbc.h create mode 100644 tools/crypto/ccp/.gitignore create mode 100644 tools/crypto/ccp/dbc.py create mode 100755 tools/crypto/ccp/dbc_cli.py create mode 100755 tools/crypto/ccp/test_dbc.py base-commit: 482c84e906e535072c55395acabd3a58e9443d12