On Thu, Mar 31, 2022 at 04:12:09PM -0500, Mario Limonciello wrote: > Select AMD SOCs include the ability to export capabilities that > have been activated or detected by the platform security processor. > > This information is useful for both system designers as well as system > administrators to ensure that the system has been properly locked down > to their expectations. > > Software such as fwupd will also be modified to use this information > as part of the calculations for a security level score that may be > presented to a user. > > This series also adds the ability to detect that TSME and SME are both > activated simultaneously to notify a user. Previously a user could turn > on TSME and SME at the same time, but the kernel was unable to detect > that TSME was enabled in the OS. > > This information is evaluated "too late" right now in the kernel to stop > the kernel from enabling SME, but if that is desirable at a later time > some of the early code can be modified to read the same information and > make that decision. > > Mario Limonciello (4): > crypto: ccp: cache capability into psp device > crypto: ccp: Export PSP security bits to userspace > crypto: ccp: Allow PSP driver to load without SEV/TEE support > crypto: ccp: When TSME and SME both detected notify user > > Documentation/ABI/testing/sysfs-driver-ccp | 87 ++++++++++++++++++++++ > drivers/crypto/ccp/psp-dev.c | 49 +++++------- > drivers/crypto/ccp/psp-dev.h | 22 ++++++ > drivers/crypto/ccp/sp-pci.c | 62 +++++++++++++++ > 4 files changed, 189 insertions(+), 31 deletions(-) > create mode 100644 Documentation/ABI/testing/sysfs-driver-ccp All applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt