Select AMD SOCs include the ability to export capabilities that have been activated or detected by the platform security processor. This information is useful for both system designers as well as system administrators to ensure that the system has been properly locked down to their expectations. Software such as fwupd will also be modified to use this information as part of the calculations for a security level score that may be presented to a user. This series also adds the ability to detect that TSME and SME are both activated simultaneously to notify a user. Previously a user could turn on TSME and SME at the same time, but the kernel was unable to detect that TSME was enabled in the OS. This information is evaluated "too late" right now in the kernel to stop the kernel from enabling SME, but if that is desirable at a later time some of the early code can be modified to read the same information and make that decision. Mario Limonciello (4): crypto: ccp: cache capability into psp device crypto: ccp: Export PSP security bits to userspace crypto: ccp: Allow PSP driver to load without SEV/TEE support crypto: ccp: When TSME and SME both detected notify user Documentation/ABI/testing/sysfs-driver-ccp | 87 ++++++++++++++++++++++ drivers/crypto/ccp/psp-dev.c | 49 +++++------- drivers/crypto/ccp/psp-dev.h | 22 ++++++ drivers/crypto/ccp/sp-pci.c | 62 +++++++++++++++ 4 files changed, 189 insertions(+), 31 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-driver-ccp -- 2.34.1