From patchwork Fri Feb 28 17:07:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996810 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 928072755E9 for ; Fri, 28 Feb 2025 17:07:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762461; cv=none; b=tw61N+8pu3lwh1Ue4Xgw2FXz4OeeEjU+Z0BlMDoKo9vgsIrR9JLd7dLxlpXXLvp9JGqo2jgK683UmG0mbZAHWLo/Gj4FjtUQ3TaZ6AI4PfhoWktZZgUcwLvNVhvT7q1Eg3GSRVIIcq9qlXVJoGm7Kc4vHyOKYXkLzVMWiG5B96s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762461; c=relaxed/simple; bh=aEEZifLiGL53ScaXp+CXWqgBL/vGbd9gqxOvNaB+tFk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IUazaUcD/huuSn8Jkm7cTl3o51Cl8dbH5ViqDv8ZtxAV1XvGBOMrAzHoLlM7YYu8qorvg+lCIEhTv+WW0PeJUyi8Eztg9djGDOcl9JvRzP1V+yRkdT/pr8OL2R+ws+S6JUP35tXikZZ7rqzTN1OGJ3BIbfladwW5mJ+XccjdTa4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WM90rHSu; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WM90rHSu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qecp1vaZHwIDMhKlcuRnrXpf0LcVGcRS2iGT3pazr30=; b=WM90rHSuHKM/RSngXIg1bE5wpxrRCDMFPTce0oG0xCBHGYj3yYLHhf0gQDaG+XO2thkSv7 C8HO9HeDXcnJhtgUZN0+rfK3RQB5aCfU8mrD/UZFsOQ5KWTelwJOrdVKUPKDMdsP5BlJYo wMeGym7WjX8xiUYR6dgk4xSTUo15HSU= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-333-NRxfIQ0dOYmznuJx-0NYQw-1; Fri, 28 Feb 2025 12:07:36 -0500 X-MC-Unique: NRxfIQ0dOYmznuJx-0NYQw-1 X-Mimecast-MFC-AGG-ID: NRxfIQ0dOYmznuJx-0NYQw_1740762455 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-390eefb2913so546717f8f.0 for ; Fri, 28 Feb 2025 09:07:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762455; x=1741367255; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qecp1vaZHwIDMhKlcuRnrXpf0LcVGcRS2iGT3pazr30=; b=JSiKMVL0As33diibCQ/8/MbjbUewALkO/PIDn+eqwRdmwhTY4ghbwEnYZHx5QWY6lU QOdA5T5zEXvRNdv1T89rjodFgWBAf0T68YZATG8g1+hoeYAf1/nlng/0QHyh/UAvKvLi TPDHEHcLadHo8BhKaQHVi/cQg4KedCOmw6ttTW3i7PNPcaRVExmCXARWc3gKhOb7zFJE HVLcIc7HJSClx1SzFJVWFF2KN9wFIGPYcP7pzYF7WMa8PITpbRcqfv2TYAF4CzUlxrGE N1kGNUF8mjYIy4IZUT16A2CFSTb2aH54NsdZoZ8Ihp1rw3cyHeFlyDwfPrRZa3HzUJWC xJWA== X-Forwarded-Encrypted: i=1; AJvYcCXbvhBtXBY0m1GyFSy+/OrPobydsrtzURkUrP2uu7PUywIVbKiq8KGT9vZoB5Z/dakRLpaNacdp8YqwPjy6Dlw=@vger.kernel.org X-Gm-Message-State: AOJu0YydYmEKICWI98d+yILNLFb92CsqdLaN5AqrZisIn51Bn2gPHwWj jjlkPhzEyEwRi+KlGR7iFVNKlH6GvWi0G1Q40b4M1iTnkm1ezbld0zwXc/vhGHZ5WOlZ/WCW9oy h+Fs2cVNcTLyCyKCFzaZLgEBDBrsA88nWLmfzwoGE9lr+6De4lqVAUoIVttBUkqI79Q== X-Gm-Gg: ASbGnctazGK4GRF3vM7zhUxT2fllkzknCiOt+CdAVqr+S0WZKqicgkYN1vaw+qBr8HQ w2iUNMtHlT69sugztz9dLuSR7zhx1BDlVxIJ9d7jFk/BHPYsqUOl12CTQS0PfGIVju2R3ps9O3C erC7/76biuGjoLGzwdKFoyOYVPW4ng7179uE4XVl9TnQeET554Mq2hORjoYXbCteKT+DGXRVRVv MJy/cwjizqfIjyBckBj5k+xwE3Y4weu0zRpuHT0iXvJS8eT6sxBWP6veqx4LBH4XX6UsioWeZI7 l68juxREzJqXaL7InH4k X-Received: by 2002:a05:6000:2cd:b0:390:ebfb:ab62 with SMTP id ffacd0b85a97d-390ec7ca2cdmr2939258f8f.4.1740762454673; Fri, 28 Feb 2025 09:07:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IEYTdPfOuJtFP7Q89g8LktQNvlTWyj6T8itcLSVDjI66N081G17gpijbMoIoSAJ3qAUH7gyfA== X-Received: by 2002:a05:6000:2cd:b0:390:ebfb:ab62 with SMTP id ffacd0b85a97d-390ec7ca2cdmr2939200f8f.4.1740762453994; Fri, 28 Feb 2025 09:07:33 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-390e47a7473sm5847556f8f.38.2025.02.28.09.07.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:07:29 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 1/6] x86/sev: add SVSM call macros for the vTPM protocol Date: Fri, 28 Feb 2025 18:07:15 +0100 Message-ID: <20250228170720.144739-2-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add macros for SVSM_VTPM_QUERY and SVSM_VTPM_CMD calls as defined in the "Secure VM Service Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00 Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf Signed-off-by: Stefano Garzarella --- arch/x86/include/asm/sev.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..f6ebf4492606 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -384,6 +384,10 @@ struct svsm_call { #define SVSM_ATTEST_SERVICES 0 #define SVSM_ATTEST_SINGLE_SERVICE 1 +#define SVSM_VTPM_CALL(x) ((2ULL << 32) | (x)) +#define SVSM_VTPM_QUERY 0 +#define SVSM_VTPM_CMD 1 + #ifdef CONFIG_AMD_MEM_ENCRYPT extern u8 snp_vmpl; From patchwork Fri Feb 28 17:07:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996811 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0776D2777FA for ; Fri, 28 Feb 2025 17:07:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762467; cv=none; b=FIVa52XtiZdfs+NDIcajulSGHZw39jLlQhIpUQUDdK/vTwwUu6sFTp6JipNXmgTdfnvp3GxTFapNI5YJ2aIsWSEq1M3k21DZFODcoEfYVasm3LgVLEJ07D1tkCqXiuwDjdZIsdh/0d/1XyZF8Y3xCu9MC5c4BD47XFt/r95Vx6Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762467; c=relaxed/simple; bh=isgbJApTlCyBGPxQFjLRsJbEwGToiMAg7wsViEvYcmk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SK401/4I73COhu9HTzNcZ0T1A6Y47qmlafQM1e6w4rN5BzrxSUCsy3YILeJjgoxyEpLj7u0XAFGyPgZkociuJY5oUTnIVI8DfphIUPo22tlGCD705s52v02/1KHXhp+ol24d8BYCT6HxgvGr3y7RZG0Fs6eXomjHUagdlfoU9VM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=CVVr/aAL; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="CVVr/aAL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7eRRsXwQ9b5BVtkXOCbQvcRoNNZrcFjbeyN4c0+Tojs=; b=CVVr/aALEvSXmtQUhS9t/OakErMgsj72vPqIH2ray6IYxHsH56PFeixTttZLze7Kdy7qat 5rRN0JG0IkLcAvJc3j2g28bEQpcbJKszcsEnvYuTBNBj0mO4RFIzqTOKHZLdjuYlKCgkcU RfLabSseSwhQc8QAwvAH+uPRsXL55vo= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-qxstVnuUOh-7ccx_xDd4yQ-1; Fri, 28 Feb 2025 12:07:43 -0500 X-MC-Unique: qxstVnuUOh-7ccx_xDd4yQ-1 X-Mimecast-MFC-AGG-ID: qxstVnuUOh-7ccx_xDd4yQ_1740762462 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-38f55ccb04bso1445158f8f.3 for ; Fri, 28 Feb 2025 09:07:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762462; x=1741367262; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7eRRsXwQ9b5BVtkXOCbQvcRoNNZrcFjbeyN4c0+Tojs=; b=J/CBrtsihq7qsX23ySc5+zlB4iHZ3c9LXCOEC8Xjw6YhVTgr3JC744wSgOMH68GVMh h+BRRlv8mNW4TeCVEVmvMIDkSEmladgFFn133UL3sJfrcVhnP3SehkfcZ6Bic79xeSxw r/05+CqRRi/YEc7Rz/m1uRbmLDcNk1XYm851DyxkUuTLECa63/LqV4XqnDNKpYsjO+PL CaD7wGohDiSka5b6YxJtrKxIg0cAknlyQPDKap0XX95ytLIqNRtPaiK8J2j5Xp9XN/M4 3r26gQlwpFM3Ru6v/PXaOVUFPYjZ0IqGFIE3VRMev6L3E9ak8QelUK4hsz7elt7OrGLZ M+Sw== X-Forwarded-Encrypted: i=1; AJvYcCWOAN0l3tLq/E1QuU+foQXS74LWAXxWd+vUI6IErkVwWZsfZiaDccobfiongHVTtW+7WZwqDyYEl7KqxAlRxhU=@vger.kernel.org X-Gm-Message-State: AOJu0YxjN5S3jMD15Hkyayc9/OcPp7SclfBbpNS0qvlNRTlMcI8ZAvY4 1JHvKE1sS2XcRJla0lI6VeSQpkSuxPgWrJUxi3KueBH+sEpuO0YZwCsnrswYXV/LqqMuyWND1Na kZ5rTZLb+rTsxPk/ZrNjicbZRQJgaeY3Z81JF+t9AGXWc0b5KMjagBclI+FxgbmV9XA== X-Gm-Gg: ASbGncvVCcsfmpMcuFJQxpERjsnA4WijGM1vdUAAL+BPhVuJIJBg0F5kWFh1rSeBlyY 1zsG/2+fCkvdZ5GXPRnHYJ3sR/mqg3Pz9FCd8ekSjFQSMW4RvgkHmegazQbRpgkxA0EtdItv5XK iubGfMhUq9qcqKPUa1ZGdEnG+o5SroeDZBZCJxbR4h3rG7o4UCMWnuUVf0olne7ieEwMdyrCOxX X29T3/zANXT8Dpy4tz4y0uxutti8a9uO810uxOYlmycnizUqe8MbowUsqQIGclpIV2oH3ZMrRj6 cAAPJZqNumk87gEYUUIx X-Received: by 2002:a5d:64cf:0:b0:38f:30a3:51fe with SMTP id ffacd0b85a97d-390eca53071mr3032897f8f.42.1740762461825; Fri, 28 Feb 2025 09:07:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IFUfCkTRPfiaBO1sKSMwjiWtyLlnIdvMfWDewKknFvnz/aj1uQU6OJDIxFqKk7dZj8v3YEtog== X-Received: by 2002:a5d:64cf:0:b0:38f:30a3:51fe with SMTP id ffacd0b85a97d-390eca53071mr3032826f8f.42.1740762461199; Fri, 28 Feb 2025 09:07:41 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43b7a28bcfdsm62305695e9.40.2025.02.28.09.07.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:07:38 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 2/6] x86/sev: add SVSM vTPM probe/send_command functions Date: Fri, 28 Feb 2025 18:07:16 +0100 Message-ID: <20250228170720.144739-3-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add two new functions to probe and send commands to the SVSM vTPM. They leverage the two calls defined by the AMD SVSM specification for the vTPM protocol: SVSM_VTPM_QUERY and SVSM_VTPM_CMD. Expose these functions to be used by other modules such as a tpm driver. Co-developed-by: James Bottomley Signed-off-by: James Bottomley Co-developed-by: Claudio Carvalho Signed-off-by: Claudio Carvalho Signed-off-by: Stefano Garzarella --- James, Claudio are you fine with the Cdb, Sob? The code is pretty much similar to what was in the initial RFC, but I changed the context for that I reset the author but added C-o-b. Please, let me know if this is okay or if I need to do anything else (reset the author, etc.) --- arch/x86/include/asm/sev.h | 3 +++ arch/x86/coco/sev/core.c | 47 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f6ebf4492606..e379bcdddf07 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -485,6 +485,9 @@ void snp_msg_free(struct snp_msg_desc *mdesc); int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio); +bool snp_svsm_vtpm_probe(void); +int snp_svsm_vtpm_send_command(u8 *buffer); + void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..4158e447d645 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2628,6 +2628,53 @@ static int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_dat return ret; } +bool snp_svsm_vtpm_probe(void) +{ + struct svsm_call call = {}; + u64 send_cmd_mask = 0; + u64 platform_cmds; + u64 features; + int ret; + + /* The vTPM device is available only if we have a SVSM */ + if (!snp_vmpl) + return false; + + call.caa = svsm_get_caa(); + call.rax = SVSM_VTPM_CALL(SVSM_VTPM_QUERY); + + ret = svsm_perform_call_protocol(&call); + + if (ret != SVSM_SUCCESS) + return false; + + features = call.rdx_out; + platform_cmds = call.rcx_out; + + /* No feature supported, it should be zero */ + if (features) + pr_warn("SNP SVSM vTPM unsupported features: 0x%llx\n", + features); + + /* TPM_SEND_COMMAND - platform command 8 */ + send_cmd_mask = 1 << 8; + + return (platform_cmds & send_cmd_mask) == send_cmd_mask; +} +EXPORT_SYMBOL_GPL(snp_svsm_vtpm_probe); + +int snp_svsm_vtpm_send_command(u8 *buffer) +{ + struct svsm_call call = {}; + + call.caa = svsm_get_caa(); + call.rax = SVSM_VTPM_CALL(SVSM_VTPM_CMD); + call.rcx = __pa(buffer); + + return svsm_perform_call_protocol(&call); +} +EXPORT_SYMBOL_GPL(snp_svsm_vtpm_send_command); + static struct platform_device sev_guest_device = { .name = "sev-guest", .id = -1, From patchwork Fri Feb 28 17:07:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996812 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE917281357 for ; Fri, 28 Feb 2025 17:07:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762474; cv=none; b=GNVxF3By2mMcyGwxRHhY5ELwJZpknwo79NSxlrumF96LbOXN152Dc7IbcKj4tdScZE2ku1rUBR9g8u68qZXkBZxieK/HPlETGunppI7dp8YiuM+xSOLsj7F7Ju816h8QkWLF1dNTj4mbU7P9cIppfSpwenkbzh/o4lPbEACVz5I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762474; c=relaxed/simple; bh=UdkFdwGky8r8xX5xE/qH3AptQWC28byd36YcVlJKMHQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EJxsoYoMTwZN9GkXc4SKEEM6beAh9Enm8h4a/PFz31DsFXz2VrCwjjiTnPYDZVn/WTLMZKVy3WMk3AlguKLH9pAzKCmL9LQcgwwMpfOG9Qk4d9x5UMHlRPqm8yk5APDIgf6MI4E4+97UbCZAniUrnfdL8f/AVGyGfmLO5Bs+HkE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=MbSWl/mV; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MbSWl/mV" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762471; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h8oGEg/h+TCiOvWbhbC4Zsf5+aY/ltLTYIAtq8932Y4=; b=MbSWl/mVDxTkx2HXVmSsjzp+2XzWxjsQvagry1++a2dAz7d3Xo8aRjl7vSSCseaX1PhVd0 P2n7nAQxPUsuYPCwcyp3WNPKyMNzVt89ce4HYSoQXSCQ+4zozYgnthEnuIdjlXyXCobVAd TB3H1Ouq/Y6A0BKnpW6D2uOq6VwIZzs= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-156-vFufPUMsPuy7w6VSjtVayg-1; Fri, 28 Feb 2025 12:07:50 -0500 X-MC-Unique: vFufPUMsPuy7w6VSjtVayg-1 X-Mimecast-MFC-AGG-ID: vFufPUMsPuy7w6VSjtVayg_1740762469 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-390ddebcbd1so1412860f8f.2 for ; Fri, 28 Feb 2025 09:07:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762469; x=1741367269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h8oGEg/h+TCiOvWbhbC4Zsf5+aY/ltLTYIAtq8932Y4=; b=pAjkzzuVSYu8j2cZLTPifrWSP1QMXDW2bDaFjfmmDgvQnIyX050Y4aenBP9889Pib1 mHLK2U4BCQcqwe/cRQAI2FuBQXoJaPC4Fh1gd+rhn34C82u+AweKwX0pmwVe4n2wdXNM urKDTxNsV97zkFDp6NmVCUjjHbMg1NAGcBzfcWPMz8rm/7n11ViXbK3ZbyXjza3rUBRe kIdYoiB5MwlFnCRuImrGMxzWRL9rMY7F6s8s6pVuAsLZzkv7D1Cg+DD3P1UxmCAJgyF1 oM6RBrxxsU/Arx9SC3xOJ7dtxXrt3InOSerWdaQobJm+7BruNdku1jkIHg5eXxgxW0Ux lv8w== X-Forwarded-Encrypted: i=1; AJvYcCX5JxPmP/wZa+1zY+WiKcOETHXZziv2u0INOifQMNqmwWxAafD6v4ZFgr4WSQtRDMTF1oCAEBJReUcwxKlDVE4=@vger.kernel.org X-Gm-Message-State: AOJu0YzA8PvKbiK/QPDs3LSGovBcy305qiktVPJSrH7oCdRN7hFd8Id1 5rTtMC+OU+TZ+NDU7Fvm+UdesN5r9CQvMiUUXotIWIm5wxae7COKaWQmVeuCpRQu7qaOXIT0530 MNWb8CJTgTssZZWhvnMvPv2xoIivMPKiIAZHLUnMzE7suROUO7V7U+h2AG8Ie9CvGeg== X-Gm-Gg: ASbGnct4xX7vFkpDro5tXCIsclZ1eGAJOdTH7XV2efDuZ85T3ryiDOd3luzGJuSDyS8 2gZiAKrgt4J7WaX4/PiXlQm2y2CDLcdZ87Tq0KrBICtcfDfNYZJPsKPWal3bmPHkiES8gw/20A3 Ev4XPA0yfPcD7fQoSMAUd0jpEvl1ZZlqGz9t7JCj5Dw5h81QmyYLDu148pxZzp8+Yc66K9nN/Ew uz+1tJDqLCBF1iSOWLNvf5IlzNeP5LxUhdtsK91hocwnTFwtt2T3YiXas0cZYvzO1shRC4jzvgI +lBMyvZsgdg2ZhVyFpOH X-Received: by 2002:a5d:64a6:0:b0:38f:503c:ad80 with SMTP id ffacd0b85a97d-390ec7c7039mr3336351f8f.5.1740762468702; Fri, 28 Feb 2025 09:07:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IG/Nxe6WMAVJwXXr/C1J+GuxrUo1O7QoMaasTUiuVrqT64txBIeDvvVO3zbdNEwK5gDuewOmA== X-Received: by 2002:a5d:64a6:0:b0:38f:503c:ad80 with SMTP id ffacd0b85a97d-390ec7c7039mr3336286f8f.5.1740762467958; Fri, 28 Feb 2025 09:07:47 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43aba5710ebsm98667785e9.26.2025.02.28.09.07.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:07:45 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 3/6] tpm: add send_recv() ops in tpm_class_ops Date: Fri, 28 Feb 2025 18:07:17 +0100 Message-ID: <20250228170720.144739-4-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Some devices do not support interrupts and provide a single operation to send the command and receive the response on the same buffer. To support this scenario, a driver could set TPM_CHIP_FLAG_IRQ in the chip's flags to get recv() to be called immediately after send() in tpm_try_transmit(). Instead of abusing TPM_CHIP_FLAG_IRQ, introduce a new callback send_recv(). If that callback is defined, it is called in tpm_try_transmit() to send the command and receive the response on the same buffer in a single call. Suggested-by: Jason Gunthorpe Signed-off-by: Stefano Garzarella --- include/linux/tpm.h | 2 ++ drivers/char/tpm/tpm-interface.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 20a40ade8030..2ede8e0592d3 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -88,6 +88,8 @@ struct tpm_class_ops { bool (*req_canceled)(struct tpm_chip *chip, u8 status); int (*recv) (struct tpm_chip *chip, u8 *buf, size_t len); int (*send) (struct tpm_chip *chip, u8 *buf, size_t len); + int (*send_recv)(struct tpm_chip *chip, u8 *buf, size_t buf_len, + size_t to_send); void (*cancel) (struct tpm_chip *chip); u8 (*status) (struct tpm_chip *chip); void (*update_timeouts)(struct tpm_chip *chip, diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index b1daa0d7b341..4f92b0477696 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -82,6 +82,9 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz) return -E2BIG; } + if (chip->ops->send_recv) + goto out_recv; + rc = chip->ops->send(chip, buf, count); if (rc < 0) { if (rc != -EPIPE) @@ -123,7 +126,10 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz) return -ETIME; out_recv: - len = chip->ops->recv(chip, buf, bufsiz); + if (chip->ops->send_recv) + len = chip->ops->send_recv(chip, buf, bufsiz, count); + else + len = chip->ops->recv(chip, buf, bufsiz); if (len < 0) { rc = len; dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc); From patchwork Fri Feb 28 17:07:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996813 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E95EE27424E for ; Fri, 28 Feb 2025 17:08:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762482; cv=none; b=fDXGD2l3YGqHuV+O7dvuGIqZKgbxV3V86+wg36kbvcq50pv4vBi3bRZt/XatyFseRxyYTY6b3zGTjzafJJ4xxf2ZjM49EODZkYfgrtqfUuICR/MOQ3C3oBHExSYh7LY40borA9vRk0n/LBK4keY8HOdqd38BvPST5Xju3bvM3bE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762482; c=relaxed/simple; bh=Ksa1M2URKta/PhoGiy4gircs0cKYJG4eWuTkZ5ZKvjA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YXXe/Sn4mPRjVzutSEoYwkIPd/ouDnYP1pIA4EgxmNrq1tG1QeVFYfXY6D9qqudL02uLLdLa1esQUdcgrKSCL1TDYj0sBYJDsuaxgkAwwuDEh0htVL/NrfjzHCHIBjtjl5NdNKnJPlN7SsBjvJ/RhZ84qdv4yeiYk0HF77BwdWc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=CuXaXjaU; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="CuXaXjaU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0nS7fF8L8t1+avyJ6pviS0kCFZYZceBM1sa3c81ODJY=; b=CuXaXjaUzd0AovkzlQyY/ndgwpI7C9YyTJt1YoCNsLIVTD4d5sSSKWe1+7bMpuI+CJRy9r pza1kZo1+zyliFeGCTRsMSA/jcDrjyDI6aszTtsRuEMTQ4bx12EHEvtxSq6QkUDnxFewo7 erXpOy3cOXJJ9HCpt5zg73fif3qmLNU= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-197-prIvXXCBPdmztLnlg0z8Yw-1; Fri, 28 Feb 2025 12:07:57 -0500 X-MC-Unique: prIvXXCBPdmztLnlg0z8Yw-1 X-Mimecast-MFC-AGG-ID: prIvXXCBPdmztLnlg0z8Yw_1740762476 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-4394c489babso13789635e9.1 for ; Fri, 28 Feb 2025 09:07:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762476; x=1741367276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0nS7fF8L8t1+avyJ6pviS0kCFZYZceBM1sa3c81ODJY=; b=Bi2GRWzn2V7byTHuqnYywHjsQJl7/PXI+1rcLINQzZD+kCxpqQcxD1nTWTOEBkuQmu ps6rLyvYZg15SfaQmxXVhRHqi43G1SJuEIXAhhn0Fu2XP5luosbYzg5mTnDUS9FYolTs ZNo/7BarU8FcKsUPAAqyENELhQnT7I0uDjKENV/9L9/0VioLD+8WLY/gOQlTuo12/Rqk r7zmAvNy+k38aZffM4180L61VvEqupYkf82zYlxNVVEUQvI/rBecJWTW0C7z+G5att4t tHFp5cW1T/IegiGGclrMez2D0K5LOk29xQkv//gYCq2hzWJf6/r8k42bIqSGMmBEl1MT AfwA== X-Forwarded-Encrypted: i=1; AJvYcCWbQ2axrJw4RYHz/+GUI466me58qFH/pff1eCpNO8BFU61wVHovEOYjcHF3PI76Gz9WVzE1FRBUI0FlR7Jnz9o=@vger.kernel.org X-Gm-Message-State: AOJu0YyTudL9TOClDfaDWDXKWrjqwaYNFfJs/qXDndCWKIbhApqker51 9h4KcAdPK8edlJDjX7bi4CYn0mWMLZfKQEzYnL+3Tzj2IC4mmNbyiBH1Olvnreob4hQl2HKppID GWxBGca7wSceZeIQwzRiDuBb0E+APvD4P/14v9hZKNAxMs71cTBJJsCGxDZwTZeYlxw== X-Gm-Gg: ASbGncuDEs71zZhtRsnXp0H3Hz8GhjkzLIrXLCYIroahFKgTH+jHBwvC079XGhF+HlP Oc6b7Ow0v+g5Hq+rHJvWUhQt1O/LKnrz2Xz99bQUai2swiH6ewmX8sK1FjyoXha7hCvZd2kbZXk Bb0M9ztMSJKo5GbI4UQZjq/JcIZkgPrjWIqHwbR3EcZN5R4kBt0EOKPF4Nd5kUshX0wVxOaIO8D h6yHQfxSchEYVUKMzrt82OuiJXcWWMOjmPZBlBGk0Z5RHbBWpy0elUNtZASxTTP7jS3hRLZKYCj j8H/lJzTWC6fZH7+7r8e X-Received: by 2002:a05:600c:1c25:b0:439:8340:637 with SMTP id 5b1f17b1804b1-43ba6774ba2mr41118205e9.30.1740762476032; Fri, 28 Feb 2025 09:07:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IFT5lVwEvi1NYBOm/4AGf7I1bPtCAZ2aMeaY+YrZA5HnzpATeQRyKTtPTEseLbhxBVQleI/AQ== X-Received: by 2002:a05:600c:1c25:b0:439:8340:637 with SMTP id 5b1f17b1804b1-43ba6774ba2mr41117315e9.30.1740762475346; Fri, 28 Feb 2025 09:07:55 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-390e47b7dcfsm5841288f8f.55.2025.02.28.09.07.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:07:52 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 4/6] tpm: add interface to interact with devices based on TCG Simulator Date: Fri, 28 Feb 2025 18:07:18 +0100 Message-ID: <20250228170720.144739-5-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This is primarily designed to support an enlightened driver for the AMD SVSM based vTPM, but it could be used by any TPM driver which communicates with a TPM device implemented through the TCG TPM reference implementation (https://github.com/TrustedComputingGroup/TPM) Co-developed-by: James Bottomley Signed-off-by: James Bottomley Co-developed-by: Claudio Carvalho Signed-off-by: Claudio Carvalho Signed-off-by: Stefano Garzarella --- James, Claudio are you fine with the Cdb, Sob? The code is based to what was in the initial RFC, but I removed the tpm_platform module, moved some code in the header, changed some names, etc. For these reasons I reset the author but added C-o-b. Please, let me know if this is okay or if I need to do anything else (reset the author, etc.) --- include/linux/tpm_tcgsim.h | 136 +++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 include/linux/tpm_tcgsim.h diff --git a/include/linux/tpm_tcgsim.h b/include/linux/tpm_tcgsim.h new file mode 100644 index 000000000000..bd5b123c393b --- /dev/null +++ b/include/linux/tpm_tcgsim.h @@ -0,0 +1,136 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 James.Bottomley@HansenPartnership.com + * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. + * + * Generic interface usable by TPM drivers interacting with devices + * implemented through the TCG Simulator. + */ +#ifndef _TPM_TCGSIM_H_ +#define _TPM_TCGSIM_H_ + +#include +#include +#include + +/* + * The current TCG Simulator TPM commands we support. The complete list is + * in the TcpTpmProtocol header: + * + * https://github.com/TrustedComputingGroup/TPM/blob/main/TPMCmd/Simulator/include/TpmTcpProtocol.h + */ + +#define TPM_SEND_COMMAND 8 +#define TPM_SIGNAL_CANCEL_ON 9 +#define TPM_SIGNAL_CANCEL_OFF 10 +/* + * Any platform specific commands should be placed here and should start + * at 0x8000 to avoid clashes with the TCG Simulator protocol. They should + * follow the same self describing buffer format below. + */ + +#define TPM_TCGSIM_MAX_BUFFER 4096 /* max req/resp buffer size */ + +/** + * struct tpm_req - generic request header for single word command + * + * @cmd: The command to send + */ +struct tpm_req { + u32 cmd; +} __packed; + +/** + * struct tpm_resp - generic response header + * + * @size: The response size (zero if nothing follows) + * + * Note: most TCG Simulator commands simply return zero here with no indication + * of success or failure. + */ +struct tpm_resp { + u32 size; +} __packed; + +/** + * struct tpm_send_cmd_req - Structure for a TPM_SEND_COMMAND request + * + * @hdr: The request header whit the command (must be TPM_SEND_COMMAND) + * @locality: The locality + * @inbuf_size: The size of the input buffer following + * @inbuf: A buffer of size inbuf_size + * + * Note that TCG Simulator expects @inbuf_size to be equal to the size of the + * specific TPM command, otherwise an TPM_RC_COMMAND_SIZE error is + * returned. + */ +struct tpm_send_cmd_req { + struct tpm_req hdr; + u8 locality; + u32 inbuf_size; + u8 inbuf[]; +} __packed; + +/** + * struct tpm_send_cmd_req - Structure for a TPM_SEND_COMMAND response + * + * @hdr: The response header whit the following size + * @outbuf: A buffer of size hdr.size + */ +struct tpm_send_cmd_resp { + struct tpm_resp hdr; + u8 outbuf[]; +} __packed; + +/** + * tpm_tcgsim_fill_send_cmd() - fill a struct tpm_send_cmd_req to be sent to the + * TCG Simulator. + * @req: The struct tpm_send_cmd_req to fill + * @locality: The locality + * @buf: The buffer from where to copy the payload of the command + * @len: The size of the buffer + * + * Return: 0 on success, negative error code on failure. + */ +static inline int +tpm_tcgsim_fill_send_cmd(struct tpm_send_cmd_req *req, u8 locality, + const u8 *buf, size_t len) +{ + if (len > TPM_TCGSIM_MAX_BUFFER - sizeof(*req)) + return -EINVAL; + + req->hdr.cmd = TPM_SEND_COMMAND; + req->locality = locality; + req->inbuf_size = len; + + memcpy(req->inbuf, buf, len); + + return 0; +} + +/** + * tpm_tcgsim_parse_send_cmd() - Parse a struct tpm_send_cmd_resp received from + * the TCG Simulator + * @resp: The struct tpm_send_cmd_resp to parse + * @buf: The buffer where to copy the response + * @len: The size of the buffer + * + * Return: buffer size filled with the response on success, negative error + * code on failure. + */ +static inline int +tpm_tcgsim_parse_send_cmd(const struct tpm_send_cmd_resp *resp, u8 *buf, + size_t len) +{ + if (len < resp->hdr.size) + return -E2BIG; + + if (resp->hdr.size > TPM_TCGSIM_MAX_BUFFER - sizeof(*resp)) + return -EINVAL; // Invalid response from the platform TPM + + memcpy(buf, resp->outbuf, resp->hdr.size); + + return resp->hdr.size; +} + +#endif /* _TPM_TCGSIM_H_ */ From patchwork Fri Feb 28 17:07:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996814 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A82801F4C96 for ; Fri, 28 Feb 2025 17:08:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762490; cv=none; b=MBS46NfFAa9b1gd8Z5MNgce7AjUSs/71CVpyFHRVXQnRrchzrAiRTsPlfrOwYrSNbguGdFZDeSjEwdQXZg287/Y/hC6tm0wXtWPC2ioZ3kg8xrpFDL2z4l9w++NBcOGKRSGnpx9If1gVgRupNxS8m3mrbTxooym6HGf+0GgqCW8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762490; c=relaxed/simple; bh=fD7myLE7ZbsP4UOrvsDMKLYCzpzMGkG8rvS6jnv0syU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pz4a22BEiW22tZtOEKWtU5NN1h903M0NgRj5FfN7dqOknbAK8tOmdhp5kEuJ+Vrme6AKvaYtnQE/LW2l+HH8BSo1m7t9QYJ5OPJEt4M2QRNMPvcU8GrN90xHCJffdm3p/xy5ad/t0tfT7i8EbDb1Vwq58nFGfa7l/94ByDwIgxg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=i+QtIARl; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="i+QtIARl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PCDQVqTr6hmhHqFxDWe5bIvKzwcioj+1kYTpxwIAaU4=; b=i+QtIARlpqJqXiAAS5gddm7MLIR9bUlpJlbCgtZYVwh7KVQa9pzQvtSGK9f2rqCfwQ8f79 oUZ+AYVJUz/1c6SDAZ2JLuHWRt0X6l2QHRUBifLm20EzQooSsWakqBzeuECurpQHlAq3Ws Lyk7A4TNylS438rvd01Hztq+OS12684= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-92-KHdVqxRIMkC_f70wtaWv0A-1; Fri, 28 Feb 2025 12:08:05 -0500 X-MC-Unique: KHdVqxRIMkC_f70wtaWv0A-1 X-Mimecast-MFC-AGG-ID: KHdVqxRIMkC_f70wtaWv0A_1740762484 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-390e50c1d00so1652470f8f.1 for ; Fri, 28 Feb 2025 09:08:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762484; x=1741367284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PCDQVqTr6hmhHqFxDWe5bIvKzwcioj+1kYTpxwIAaU4=; b=CUk1+HpLRwiypnU1mB7/kkrWx8WhRd2ZKYp6bZ2s1ylRMutwf34tvZ/Ryis1VXx06c yKnUHG3XgV1ovfcm4xweDRMU+JKGvsDTSPEzkUzZgS0Og13ySgrx7wQPizb5EeXN0IcN 3MUxHqEk73KC558+XtNunxtAZTWmkvy2jo5aKVG2VhgvVvRAhFjuZHw+BI8Rrw6JJO4o y7+pxNwLUNjM/bFEr9I+vQBX/Nzi0ymjSRpS9dBsImSvTqqW/KdRz4xkk0z/thdoCghr uo3oK5v6EWvMCPMvLqsnkCSpzj9KMcO4wvr5UDYAieFbWa9SOiXoyoO2IrOYYG3KzM1a ej9Q== X-Forwarded-Encrypted: i=1; AJvYcCU6V0VZem1oxR/pMzcWHpYEprqqa1vqeTTe626WpjUXIdPaEKRUDu4rDk1wbv0gQyFxDlmIHjAif8AV043WW90=@vger.kernel.org X-Gm-Message-State: AOJu0YynUr8ySgdF9zGnkgV3yvE5wTv3J0DPnoSddpe0IK2IzI8T7Wtq ZzefRjAi32uuqv152j8C0nUaPTWINnQ5vqf8hdK5eqLVOcxJKnuAV9ibZRNZlia2B53N1TNLqSl d/RkgN1S0AfhANCHSd8eFfWmQhFjTEsUQCQ9mBLiuI2g0+S12GSNH70fO/qbJqHm3Zw== X-Gm-Gg: ASbGncsep1x/+7mfr6Elm6E91QFw6PNu9GD7XZpX6DIPxM8Z+HtAFhPnjkksoAIwYXi pk4KtuEYnTkiIMtq7ITgmO/lEwI1EcpdXHF3WEu4F6//c7cMx0yYhrMi0AxFcaWgXTdoHpRb+an PhsjnwcFsIfGhYebF+i+IhwF5u1AuLTyInSYustx3LwYNXZ6XCDMdgrohX7BlPtI8BCHGXOEk0D QyIW1IN/3q+BjoCG3Ng7+EzjLNxdELzUXq+GtbUsmb/Yu9fceR+rO6rOoI3SKc3Sw5yCqRCHw+j zWV4RrugOOdrHN434mj9 X-Received: by 2002:a05:6000:1f8b:b0:38c:5cd0:ecf3 with SMTP id ffacd0b85a97d-390ec7c8e6amr5632222f8f.11.1740762483976; Fri, 28 Feb 2025 09:08:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IEi3+55T3gLjFA7+VRsA+/+pw6DGiNP5lywvegd/8noBWWF1sFz3oYBCHvDQEOy4ijFyvRJyQ== X-Received: by 2002:a05:6000:1f8b:b0:38c:5cd0:ecf3 with SMTP id ffacd0b85a97d-390ec7c8e6amr5632102f8f.11.1740762483303; Fri, 28 Feb 2025 09:08:03 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-390e47b7d69sm5911935f8f.60.2025.02.28.09.07.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:07:59 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 5/6] tpm: add SNP SVSM vTPM driver Date: Fri, 28 Feb 2025 18:07:19 +0100 Message-ID: <20250228170720.144739-6-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add driver for the vTPM defined by the AMD SVSM spec [1]. The specification defines a protocol that a SEV-SNP guest OS can use to discover and talk to a vTPM emulated by the Secure VM Service Module (SVSM) in the guest context, but at a more privileged level (VMPL0). The new tpm-svsm platform driver uses two functions exposed by x86/sev to verify that the device is actually emulated by the platform and to send commands and receive responses. The vTPM is emulated through the TCG reference implementation, so this driver leverages tpm_tcgsim.h to fill commands and parse responses. The device cannot be hot-plugged/unplugged as it is emulated by the platform, so we can use module_platform_driver_probe(). The probe function will only check whether in the current runtime configuration, SVSM is present and provides a vTPM. [1] "Secure VM Service Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00 https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf Signed-off-by: Stefano Garzarella --- drivers/char/tpm/tpm_svsm.c | 120 ++++++++++++++++++++++++++++++++++++ drivers/char/tpm/Kconfig | 10 +++ drivers/char/tpm/Makefile | 1 + 3 files changed, 131 insertions(+) create mode 100644 drivers/char/tpm/tpm_svsm.c diff --git a/drivers/char/tpm/tpm_svsm.c b/drivers/char/tpm/tpm_svsm.c new file mode 100644 index 000000000000..1c34133990c5 --- /dev/null +++ b/drivers/char/tpm/tpm_svsm.c @@ -0,0 +1,120 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. + * + * Driver for the vTPM defined by the AMD SVSM spec [1]. + * + * The specification defines a protocol that a SEV-SNP guest OS can use to + * discover and talk to a vTPM emulated by the Secure VM Service Module (SVSM) + * in the guest context, but at a more privileged level (usually VMPL0). + * + * The vTPM is emulated through the TCG reference implementation, so this + * driver leverages tpm_tcgsim.h to fill commands and parse responses. + * + * [1] "Secure VM Service Module for SEV-SNP Guests" + * Publication # 58019 Revision: 1.00 + * https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf + */ + +#include +#include +#include +#include +#include + +#include "tpm.h" + +struct tpm_svsm_priv { + u8 buffer[TPM_TCGSIM_MAX_BUFFER]; + u8 locality; +}; + +static int tpm_svsm_send_recv(struct tpm_chip *chip, u8 *buf, size_t buf_len, + size_t to_send) +{ + struct tpm_svsm_priv *priv = dev_get_drvdata(&chip->dev); + int ret; + + ret = tpm_tcgsim_fill_send_cmd((struct tpm_send_cmd_req *)priv->buffer, + priv->locality, buf, to_send); + if (ret) + return ret; + + ret = snp_svsm_vtpm_send_command(priv->buffer); + if (ret) + return ret; + + return tpm_tcgsim_parse_send_cmd((struct tpm_send_cmd_resp *)priv->buffer, + buf, buf_len); +} + +static struct tpm_class_ops tpm_chip_ops = { + .flags = TPM_OPS_AUTO_STARTUP, + .send_recv = tpm_svsm_send_recv, +}; + +static int __init tpm_svsm_probe(struct platform_device *pdev) +{ + struct device *dev = &pdev->dev; + struct tpm_svsm_priv *priv; + struct tpm_chip *chip; + int err; + + if (!snp_svsm_vtpm_probe()) + return -ENODEV; + + priv = devm_kmalloc(dev, sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + /* + * FIXME: before implementing locality we need to agree what it means + * for the SNP SVSM vTPM + */ + priv->locality = 0; + + chip = tpmm_chip_alloc(dev, &tpm_chip_ops); + if (IS_ERR(chip)) + return PTR_ERR(chip); + + dev_set_drvdata(&chip->dev, priv); + + err = tpm2_probe(chip); + if (err) + return err; + + err = tpm_chip_register(chip); + if (err) + return err; + + dev_info(dev, "SNP SVSM vTPM %s device\n", + (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2"); + + return 0; +} + +static void __exit tpm_svsm_remove(struct platform_device *pdev) +{ + struct tpm_chip *chip = platform_get_drvdata(pdev); + + tpm_chip_unregister(chip); +} + +/* + * tpm_svsm_remove() lives in .exit.text. For drivers registered via + * module_platform_driver_probe() this is ok because they cannot get unbound + * at runtime. So mark the driver struct with __refdata to prevent modpost + * triggering a section mismatch warning. + */ +static struct platform_driver tpm_svsm_driver __refdata = { + .remove = __exit_p(tpm_svsm_remove), + .driver = { + .name = "tpm-svsm", + }, +}; + +module_platform_driver_probe(tpm_svsm_driver, tpm_svsm_probe); + +MODULE_DESCRIPTION("SNP SVSM vTPM Driver"); +MODULE_LICENSE("GPL"); +MODULE_ALIAS("platform:tpm-svsm"); diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 0fc9a510e059..fc3f1d10d31d 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -225,5 +225,15 @@ config TCG_FTPM_TEE help This driver proxies for firmware TPM running in TEE. +config TCG_SVSM + tristate "SNP SVSM vTPM interface" + depends on AMD_MEM_ENCRYPT + help + This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest + OS can use to discover and talk to a vTPM emulated by the Secure VM + Service Module (SVSM) in the guest context, but at a more privileged + level (usually VMPL0). To compile this driver as a module, choose M + here; the module will be called tpm_svsm. + source "drivers/char/tpm/st33zp24/Kconfig" endif # TCG_TPM diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 9bb142c75243..52d9d80a0f56 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -44,3 +44,4 @@ obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o obj-$(CONFIG_TCG_CRB) += tpm_crb.o obj-$(CONFIG_TCG_VTPM_PROXY) += tpm_vtpm_proxy.o obj-$(CONFIG_TCG_FTPM_TEE) += tpm_ftpm_tee.o +obj-$(CONFIG_TCG_SVSM) += tpm_svsm.o From patchwork Fri Feb 28 17:07:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13996815 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEC951F4CB2 for ; Fri, 28 Feb 2025 17:08:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762499; cv=none; b=iP5WdQLSL+77BDIZ485rItHX/afrbSmOKpfFzuPd7fHtrj2mdtRsQFKhRsn6WHH69xVjGRMYt4C5BFKkDMFkmpqKMLOzLyw9DGHFEUvm2RQALCfkUnuSuDjsqs4BeiXnncpbbyTGF+XTA61yKK/nWa5d55CGNn93OVahcqyQlmM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740762499; c=relaxed/simple; bh=qJd0Z4j/r1sbdRqfPYytxXq2rpI9PhS6oCSmMOfbFOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y8tKjUZZM0A5IYEZ5ApcdZ0H7I2qlLgjr5ySGNBhDxWMXd1bG3hwksdcLs3DtIgFsuaBcZv6NnIZFjVwD6JhQirEMJkEJMVMvbOuFpbw231m/SGgSLrwMjF0SGnWs0wSbSDdCHI8MFn1dgN6sNwIvpNxB0CRqik5slBKgxUhRJ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=PzOeph8c; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PzOeph8c" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1740762496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnSy+8VlJ8fotBQ+d996WFV/2A3QtkEvLLAc1C6w9D0=; b=PzOeph8cxuZG+OqWjsU9Kp7ozJ4LTa2qAQ/mtkP65huM5iAnhIo54EqsAExKaLubs6KdI4 qXyMR35gmT5wuC8WfDg557EKrWgJ7iYdaM96QAm5mGjDk4+LsxQGtdG3b+vwqQcZxNKL4d aY910g7QVGa8Hu0NvRB65T+D3IXE+9Q= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-682-I7i-OaIWOQeyFAiv3mzhgQ-1; Fri, 28 Feb 2025 12:08:13 -0500 X-MC-Unique: I7i-OaIWOQeyFAiv3mzhgQ-1 X-Mimecast-MFC-AGG-ID: I7i-OaIWOQeyFAiv3mzhgQ_1740762492 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-38f628ff78eso1386330f8f.1 for ; Fri, 28 Feb 2025 09:08:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740762492; x=1741367292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dnSy+8VlJ8fotBQ+d996WFV/2A3QtkEvLLAc1C6w9D0=; b=ubQmzMnvtq4brlxRRkH+NKLcKvsXzjHoH2xS58prr5NomRZQQtlSJluqOw49vYOd7m cs9UOJOZC2jeHH6oFkLGkEeCYT7c/LlFbmzDrXEp07N7kJLv7hsKnfVaeH7S0czJUXTe nkgYWX44VuJ4TDfGAjtJbP0/+9usIYrfOkzIplBlXg35hPe0BXXaioDwGqrR+9sl4H1R GsEzXxe2jnQh7J7xstFTELCCxGJU4+BEe+7CfFLz0+kbISXd4GFR0uCJYHzrscw0OI/W SSIr6kVB8EicoD7fBezZlji+okkcxqw/CwZs+MrLFa4cLz0BQygMWe/Bqe3i6KSWZIMU +lOw== X-Forwarded-Encrypted: i=1; AJvYcCWO7898FDCKpQ+JbT1sO/akGbfZEaXtskF0hYpuhb8cPVbql3dOSteKlH4p6xZnaciMQzKfPm0tUuk2tdzMZJI=@vger.kernel.org X-Gm-Message-State: AOJu0YzOiaAJtzhgTwlxy0KSPtPORZxvlwwo0QWEaoSHnG6KE/pS9HIJ ca0psOQ5Si8jtMw46sFY82B3vNZtyOkd67SvBTqcmFoZj+qgAIkwDe9RWspnqfdVrnUdeFiY6Cg sasVorUYZCUxSCUXTfHI9giw0BM2v7bF0q94jKB1rr1WsMKhwx0tkGv53JTXJOW6OCg== X-Gm-Gg: ASbGncudWLSKiaF7osxq9S/ZTak8foU+5LIApWZGV2UOjsLRyym1OKeosWRM7GAsdBy HUg9fAfNp4OHIrHNWAYWPRzuYs3aLFdEbxl7Hzjuz6c+48FvqHy2MOQty5hzbE4xXrYCtr4K1TL DZs1AkjJ0TJ2rzD1OQtLCFljYUTRLC07FM9m7bafHvZ2sl5wHnLhYB94gr/LTZwrUDGDEO8IV+K 8AXacZZPaWyT7mplcaDtPJxq+5JheGtqAjOJkxtTA1hI+ENWoySSr+wQEe9TJLroKV8Q0riIvos tltwnJJfLuNWjJ+I6X6E X-Received: by 2002:a5d:5847:0:b0:38d:e3da:8b4f with SMTP id ffacd0b85a97d-390ebf7f818mr3864165f8f.0.1740762492228; Fri, 28 Feb 2025 09:08:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IEzR5hk357PFuAqN46Kj8Gt6yD0kfZMjS/ZQgfr804lPGex0gArLFn/VwUHjTCi7DihJcYMUQ== X-Received: by 2002:a5d:5847:0:b0:38d:e3da:8b4f with SMTP id ffacd0b85a97d-390ebf7f818mr3864097f8f.0.1740762491681; Fri, 28 Feb 2025 09:08:11 -0800 (PST) Received: from stex1.redhat.com ([5.179.147.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-390e47b7d69sm5912302f8f.60.2025.02.28.09.08.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 09:08:07 -0800 (PST) From: Stefano Garzarella To: Jarkko Sakkinen Cc: Thomas Gleixner , Claudio Carvalho , Peter Huewe , x86@kernel.org, Dov Murik , linux-coco@lists.linux.dev, Dionna Glaze , James Bottomley , Ingo Molnar , Joerg Roedel , Jason Gunthorpe , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Dave Hansen , Tom Lendacky , Borislav Petkov , "H. Peter Anvin" , Stefano Garzarella Subject: [RFC PATCH v2 6/6] x86/sev: register tpm-svsm platform device Date: Fri, 28 Feb 2025 18:07:20 +0100 Message-ID: <20250228170720.144739-7-sgarzare@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250228170720.144739-1-sgarzare@redhat.com> References: <20250228170720.144739-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 SNP platform can provide a vTPM device emulated by SVSM. The "tpm-svsm" device can be handled by the platform driver added by the previous commit in drivers/char/tpm/tpm_svsm.c The driver will call snp_svsm_vtpm_probe() to check if SVSM is present and if it's support the vTPM protocol. Signed-off-by: Stefano Garzarella --- arch/x86/coco/sev/core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 4158e447d645..7e91fae7d43a 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2680,6 +2680,11 @@ static struct platform_device sev_guest_device = { .id = -1, }; +static struct platform_device tpm_svsm_device = { + .name = "tpm-svsm", + .id = -1, +}; + static int __init snp_init_platform_device(void) { if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) @@ -2688,6 +2693,9 @@ static int __init snp_init_platform_device(void) if (platform_device_register(&sev_guest_device)) return -ENODEV; + if (platform_device_register(&tpm_svsm_device)) + return -ENODEV; + pr_info("SNP guest platform device initialized.\n"); return 0; }