1. SEV_CMD_GM_PUBKEY_GEN - Get SM2 random public key from SEV firmware
to start SM2 key exchange.
2. SEV_CMD_GM_GET_DIGEST - Get key digest from SEV firmware during SM2
key exchange.
3. SEV_CMD_GM_VERIFY_DIGEST - Verify guest owner's key digest during
SM2 key exchange.
Signed-off-by: Hao Feng <fenghao@xxxxxxxx>
---
drivers/crypto/ccp/psp-dev.c | 3 +++
include/linux/psp-sev.h | 49 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fadf859..fafebf4 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -139,6 +139,9 @@ static int sev_cmd_buffer_len(int cmd)
case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
+ case SEV_CMD_GM_PUBKEY_GEN: return sizeof(struct sev_data_gm_pubkey_gen);
+ case SEV_CMD_GM_GET_DIGEST: return sizeof(struct sev_data_gm_get_digest);
+ case SEV_CMD_GM_VERIFY_DIGEST: return sizeof(struct sev_data_gm_verify_digest);
default: return 0;
}
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 827c601..0171849 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -87,6 +87,11 @@ enum sev_cmd {
SEV_CMD_DBG_DECRYPT = 0x060,
SEV_CMD_DBG_ENCRYPT = 0x061,
+ /* GM specific commands */
+ SEV_CMD_GM_PUBKEY_GEN = 0x070,
+ SEV_CMD_GM_GET_DIGEST = 0x071,
+ SEV_CMD_GM_VERIFY_DIGEST = 0x072,
+
SEV_CMD_MAX,
};
@@ -485,6 +490,50 @@ struct sev_data_dbg {
u32 len; /* In */
} __packed;
+/**
+ * struct sev_data_gm_pubkey_gen - GM_PUBKEY_GEN command parameters
+ *
+ * @key_id_address: physical address containing key id
+ * @key_id_len: len of key id
+ * @pubkey_address: physical address containing GM public key
+ * @pubkey_len: len of GM public key
+ */
+struct sev_data_gm_pubkey_gen {
+ u64 key_id_address; /* In */
+ u32 key_id_len; /* In */
+ u32 reserved;
+ u64 pubkey_address; /* In */
+ u32 pubkey_len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_data_gm_get_digest - GM_GET_DIGEST command parameters
+ *
+ * @handle: handle of the VM to process
+ * @address: physical address containing the digest blob
+ * @len: len of digest blob
+ */
+struct sev_data_gm_get_digest {
+ u32 handle; /* In */
+ u32 reserved;
+ u64 address; /* In */
+ u32 len; /* In/Out */
+} __packed;
+
+/**
+ * struct sev_data_gm_verify_digest - GM_VERIFY_DIGEST command parameters
+ *
+ * @handle: handle of the VM to verify
+ * @address: physical address containing the digest blob
+ * @len: len of digest blob
+ */
+struct sev_data_gm_verify_digest {
+ u32 handle; /* In */
+ u32 reserved;
+ u64 address; /* In */
+ u32 len; /* In */
+};
+
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
/**
--
2.7.4
