1. SEV_CMD_GM_PUBKEY_GEN - Get SM2 random public key from SEV firmware to start SM2 key exchange. 2. SEV_CMD_GM_GET_DIGEST - Get key digest from SEV firmware during SM2 key exchange. 3. SEV_CMD_GM_VERIFY_DIGEST - Verify guest owner's key digest during SM2 key exchange. Signed-off-by: Hao Feng <fenghao@xxxxxxxx> --- drivers/crypto/ccp/psp-dev.c | 3 +++ include/linux/psp-sev.h | 49 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index fadf859..fafebf4 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -139,6 +139,9 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret); case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware); case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id); + case SEV_CMD_GM_PUBKEY_GEN: return sizeof(struct sev_data_gm_pubkey_gen); + case SEV_CMD_GM_GET_DIGEST: return sizeof(struct sev_data_gm_get_digest); + case SEV_CMD_GM_VERIFY_DIGEST: return sizeof(struct sev_data_gm_verify_digest); default: return 0; } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 827c601..0171849 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -87,6 +87,11 @@ enum sev_cmd { SEV_CMD_DBG_DECRYPT = 0x060, SEV_CMD_DBG_ENCRYPT = 0x061, + /* GM specific commands */ + SEV_CMD_GM_PUBKEY_GEN = 0x070, + SEV_CMD_GM_GET_DIGEST = 0x071, + SEV_CMD_GM_VERIFY_DIGEST = 0x072, + SEV_CMD_MAX, }; @@ -485,6 +490,50 @@ struct sev_data_dbg { u32 len; /* In */ } __packed; +/** + * struct sev_data_gm_pubkey_gen - GM_PUBKEY_GEN command parameters + * + * @key_id_address: physical address containing key id + * @key_id_len: len of key id + * @pubkey_address: physical address containing GM public key + * @pubkey_len: len of GM public key + */ +struct sev_data_gm_pubkey_gen { + u64 key_id_address; /* In */ + u32 key_id_len; /* In */ + u32 reserved; + u64 pubkey_address; /* In */ + u32 pubkey_len; /* In/Out */ +} __packed; + +/** + * struct sev_data_gm_get_digest - GM_GET_DIGEST command parameters + * + * @handle: handle of the VM to process + * @address: physical address containing the digest blob + * @len: len of digest blob + */ +struct sev_data_gm_get_digest { + u32 handle; /* In */ + u32 reserved; + u64 address; /* In */ + u32 len; /* In/Out */ +} __packed; + +/** + * struct sev_data_gm_verify_digest - GM_VERIFY_DIGEST command parameters + * + * @handle: handle of the VM to verify + * @address: physical address containing the digest blob + * @len: len of digest blob + */ +struct sev_data_gm_verify_digest { + u32 handle; /* In */ + u32 reserved; + u64 address; /* In */ + u32 len; /* In */ +}; + #ifdef CONFIG_CRYPTO_DEV_SP_PSP /** -- 2.7.4