When running Linux inside a Nitro Enclave, the hypervisor provides a special virtio device called "NSM". This device has 3 main functions: 1) Provide attestation reports 2) Modify PCR state 3) Provide entropy This patch adds a driver for NSM that exposes a /dev/nsm device node which user space can issue ioctls on to request attestation documents, influence PCR states, read entropy and enumerate status of the device. In addition, the driver implements a hwrng backend and exposes some of the NSM device metadata as sysfs entries. Originally-by: Petre Eftime <petre.eftime@xxxxxxxxx> Signed-off-by: Alexander Graf <graf@xxxxxxxxxx> --- v1 -> v2: - Remove boilerplate - Add uapi header v2 -> v3: - Move globals to device struct - Add compat handling - Simplify some naming - Remove debug prints - Use module_virtio_driver - Drop use of uio.h v3 -> v4: - Merge hwrng into the misc driver - Add dependency on CBOR library - Add internal and ioctl logic for all current NSM actions - Use in-struct arrays instead of kvecs - Add sysfs entries for NSM metadata - Use dev_ print and devm_ allocation helpers --- MAINTAINERS | 9 + drivers/misc/Kconfig | 13 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 1466 ++++++++++++++++++++++++++++++++++++++ include/uapi/linux/nsm.h | 188 +++++ 5 files changed, 1677 insertions(+) create mode 100644 drivers/misc/nsm.c create mode 100644 include/uapi/linux/nsm.h diff --git a/MAINTAINERS b/MAINTAINERS index 5c23081ede95..28f861eea8e5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -15104,6 +15104,15 @@ F: include/linux/nitro_enclaves.h F: include/uapi/linux/nitro_enclaves.h F: samples/nitro_enclaves/ +NITRO SECURE MODULE (NSM) +M: Alexander Graf <graf@xxxxxxxxxx> +L: linux-kernel@xxxxxxxxxxxxxxx +L: The AWS Nitro Enclaves Team <aws-nitro-enclaves-devel@xxxxxxxxxx> +S: Supported +W: https://aws.amazon.com/ec2/nitro/nitro-enclaves/ +F: drivers/misc/nsm.c +F: include/uapi/linux/nsm.h + NOHZ, DYNTICKS SUPPORT M: Frederic Weisbecker <frederic@xxxxxxxxxx> M: Thomas Gleixner <tglx@xxxxxxxxxxxxx> diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index cadd4a820c03..236f36a8e8d4 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -562,6 +562,19 @@ config TPS6594_PFSM This driver can also be built as a module. If so, the module will be called tps6594-pfsm. +config NSM + tristate "Nitro (Enclaves) Security Module support" + depends on VIRTIO + select HW_RANDOM + select CBOR + help + This driver provides support for the Nitro Security Module + in AWS EC2 Nitro based Enclaves. The driver exposes a /dev/nsm + device user space can use to communicate with the hypervisor. + + To compile this driver as a module, choose M here. + The module will be called nsm. + source "drivers/misc/c2port/Kconfig" source "drivers/misc/eeprom/Kconfig" source "drivers/misc/cb710/Kconfig" diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index f2a4d1ff65d4..ea6ea5bbbc9c 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -67,3 +67,4 @@ obj-$(CONFIG_TMR_MANAGER) += xilinx_tmr_manager.o obj-$(CONFIG_TMR_INJECT) += xilinx_tmr_inject.o obj-$(CONFIG_TPS6594_ESM) += tps6594-esm.o obj-$(CONFIG_TPS6594_PFSM) += tps6594-pfsm.o +obj-$(CONFIG_NSM) += nsm.o diff --git a/drivers/misc/nsm.c b/drivers/misc/nsm.c new file mode 100644 index 000000000000..8baa91233cab --- /dev/null +++ b/drivers/misc/nsm.c @@ -0,0 +1,1466 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Amazon Nitro Secure Module driver. + * + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * The Nitro Secure Module implements the following commands via CBOR over virtio: + * + * DescribePCR(u16 index) -> { bool lock, u8[] data } + * ExtendPCR(u16 index, u8[] data) -> { u8[] data } + * LockPCR(u16 index) -> {} + * LockPCRs(u16 range_from_zero) -> {} + * DescribeNSM() -> { u16 version_major, u16 version_minor, + * u16 version_patch, String module_id, + * u16 max_pcrs, u16[] locked_pcrs, String digest } + * Attestation(u8[] user_data, u8[] nonce, u8[] public_key) -> { u8[] document } + * GetRandom() -> { u8[] random } + * + * This driver exposes them directly to user space as ioctls on /dev/nsm. + */ + +#include <linux/file.h> +#include <linux/fs.h> +#include <linux/interrupt.h> +#include <linux/hw_random.h> +#include <linux/miscdevice.h> +#include <linux/module.h> +#include <linux/mutex.h> +#include <linux/slab.h> +#include <linux/string.h> +#include <linux/uaccess.h> +#include <linux/uio.h> +#include <linux/virtio_config.h> +#include <linux/virtio_ids.h> +#include <linux/virtio.h> +#include <linux/wait.h> +#include <linux/cbor/decoder.h> +#include <linux/cbor/encoder.h> +#include <linux/cbor/parser.h> +#include <uapi/linux/nsm.h> + +/* Timeout for NSM virtqueue respose in milliseconds. */ +#define NSM_DEFAULT_TIMEOUT_MSECS (120000) /* 2 minutes */ + +struct nsm { + struct list_head node; + struct virtio_device *vdev; + struct virtqueue *vq; + struct mutex lock; + wait_queue_head_t wq; + bool device_notified; + struct miscdevice misc; + struct hwrng hwrng; + struct work_struct misc_init; + u16 major; + u16 minor; + u16 patch; + u16 max_pcrs; + char module_id[256]; + char digest[16]; +}; + +/* NSM device ID */ +static const struct virtio_device_id id_table[] = { + { VIRTIO_ID_NITRO_SEC_MOD, VIRTIO_DEV_ANY_ID }, + { 0 }, +}; + +/* Full NSM request/response message */ +struct nsm_msg { + struct nsm_data_req req; + struct nsm_data_resp resp; +}; + +static inline struct nsm *file_to_nsm(struct file *file) +{ + return container_of(file->private_data, struct nsm, misc); +} + +static inline struct nsm *hwrng_to_nsm(struct hwrng *rng) +{ + return container_of(rng, struct nsm, hwrng); +} + +static inline struct nsm *misc_dev_to_nsm(struct miscdevice *misc) +{ + return container_of(misc, struct nsm, misc); +} + +static bool cbor_is_str(cbor_reader_t *reader, cbor_item_t *item, + const char *str) +{ + int len = strlen(str); + + if (item->size != len) + return false; + return !memcmp(&reader->msg[item->offset], str, len); +} + +/* Copy the request of a raw message to kernel space */ +static int fill_req_raw(struct nsm *nsm, struct nsm_data_req *req, + struct nsm_raw *raw) +{ + /* Only root has access to raw requests */ + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + + /* Verify the user input size. */ + if (raw->request.len > sizeof(req->data)) + return -EMSGSIZE; + + /* Copy the request payload */ + if (copy_from_user(req->data, u64_to_user_ptr(raw->request.addr), + raw->request.len)) + return -EFAULT; + + req->len = raw->request.len; + + return 0; +} + +static int _fill_req_raw(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_raw(nsm, req, buffer); +} + +/* Copy the response of a raw message back to user-space */ +static int parse_resp_raw(struct nsm *nsm, struct nsm_data_resp *resp, + struct nsm_raw *raw) +{ + /* Truncate any message that does not fit. */ + raw->response.len = min_t(u64, raw->response.len, resp->len); + + /* Copy the response content to user space */ + if (copy_to_user(u64_to_user_ptr(raw->response.addr), + resp->data, raw->response.len)) + return -EFAULT; + + return 0; +} + +static int _parse_resp_raw(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_raw(nsm, resp, buffer); +} + +/* Virtqueue interrupt handler */ +static void nsm_vq_callback(struct virtqueue *vq) +{ + struct nsm *nsm = vq->vdev->priv; + + nsm->device_notified = true; + wake_up(&nsm->wq); +} + +/* Forward a message to the NSM device and wait for the response from it */ +static int nsm_sendrecv_msg(struct nsm *nsm, struct nsm_msg *msg) +{ + struct device *dev = &nsm->vdev->dev; + struct scatterlist sg_in, sg_out; + struct virtqueue *vq = nsm->vq; + unsigned int len; + void *queue_buf; + bool kicked; + int rc; + + /* Initialize scatter-gather lists with request and response buffers. */ + sg_init_one(&sg_out, msg->req.data, msg->req.len); + sg_init_one(&sg_in, msg->resp.data, sizeof(msg->resp.data)); + + mutex_lock(&nsm->lock); + + /* Add the request buffer (read by the device). */ + rc = virtqueue_add_outbuf(vq, &sg_out, 1, msg->req.data, GFP_KERNEL); + if (rc) { + mutex_unlock(&nsm->lock); + return rc; + } + + /* Add the response buffer (written by the device). */ + rc = virtqueue_add_inbuf(vq, &sg_in, 1, msg->resp.data, GFP_KERNEL); + if (rc) + goto cleanup; + + nsm->device_notified = false; + kicked = virtqueue_kick(vq); + if (!kicked) { + /* Cannot kick the virtqueue. */ + rc = -EIO; + goto cleanup; + } + + /* If the kick succeeded, wait for the device's response. */ + rc = wait_event_timeout(nsm->wq, + nsm->device_notified == true, + msecs_to_jiffies(NSM_DEFAULT_TIMEOUT_MSECS)); + if (!rc) { + rc = -ETIMEDOUT; + goto cleanup; + } + + queue_buf = virtqueue_get_buf(vq, &len); + if (!queue_buf || (queue_buf != msg->req.data)) { + dev_err(dev, "wrong request buffer."); + rc = -ENODATA; + goto cleanup; + } + + queue_buf = virtqueue_get_buf(vq, &len); + if (!queue_buf || (queue_buf != msg->resp.data)) { + dev_err(dev, "wrong response buffer."); + rc = -ENODATA; + goto cleanup; + } + + msg->resp.len = len; + + rc = 0; + +cleanup: + if (rc) { + /* Clean the virtqueue. */ + while (virtqueue_get_buf(vq, &len) != NULL) + ; + } + + mutex_unlock(&nsm->lock); + return rc; +} + +/* + * DescribePCR request structure: + * + * { + * Map(1) { + * key = String("DescribePCR"), + * value = Map(1) { + * key = String("index"), + * value = Int(pcr) + * } + * } + * } + */ +static int fill_req_describe_pcr(struct nsm *nsm, struct nsm_data_req *req, + union nsm_describe_pcr *desc_union) +{ + struct nsm_describe_pcr_req *desc = &desc_union->req; + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "DescribePCR"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "index"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_unsigned_integer(&writer, desc->index); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_describe_pcr(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_describe_pcr(nsm, req, buffer); +} + +/* + * DescribePCR response structure: + * + * { + * Map(1) { + * key = String("DescribePCR"), + * value = Map(2) { + * key = String("data"), + * value = Array(), + * key = String("lock"), + * value = Bool() + * } + * } + * } + */ +static int parse_resp_describe_pcr(struct nsm *nsm, struct nsm_data_resp *resp, + union nsm_describe_pcr *desc_union) +{ + struct nsm_describe_pcr_resp *desc = &desc_union->resp; + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[7]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid DescribePCR response"); + return -EINVAL; + } + + if (n != 7) { + dev_dbg(dev, "Invalid DescribePCR response elements (%zd)", n); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[1], "DescribePCR")) { + dev_dbg(dev, "Invalid DescribePCR response items[1]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[3], "data")) { + dev_dbg(dev, "Invalid DescribePCR response items[3]"); + return -EINVAL; + } + + if (items[4].type != CBOR_ITEM_STRING) { + dev_dbg(dev, "Invalid DescribePCR response items[4]"); + return -EINVAL; + } + + desc->data.len = items[4].size; + memcpy(desc->data.data, &resp->data[items[4].offset], + desc->data.len); + + if (!cbor_is_str(&reader, &items[5], "lock")) { + dev_dbg(dev, "Invalid DescribePCR response items[5]"); + return -EINVAL; + } + + if (items[6].type != CBOR_ITEM_SIMPLE_VALUE) { + dev_dbg(dev, "Invalid DescribePCR response items[6]"); + return -EINVAL; + } + + desc->lock = 0; + err = cbor_decode(&reader, &items[6], &desc->lock, sizeof(u16)); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid DescribePCR respons items[6]"); + return -EINVAL; + } + + return 0; +} + +static int _parse_resp_describe_pcr(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_describe_pcr(nsm, resp, buffer); +} + +/* + * ExtendPCR request structure: + * + * { + * Map(1) { + * key = String("ExtendPCR"), + * value = Map(2) { + * key = String("index"), + * value = Int(pcr), + * key = String("data"), + * value = Array(data), + * } + * } + * } + */ +static int fill_req_extend_pcr(struct nsm *nsm, struct nsm_data_req *req, + union nsm_extend_pcr *extend_union) +{ + struct nsm_extend_pcr_req *extend = &extend_union->req; + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "ExtendPCR"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_map(&writer, 2); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "index"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_unsigned_integer(&writer, extend->index); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "data"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + if (extend->data.len > sizeof(extend->data.data)) + return -EINVAL; + + err = cbor_encode_byte_string(&writer, extend->data.data, + extend->data.len); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_extend_pcr(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_extend_pcr(nsm, req, buffer); +} + +/* + * ExtendPCR response structure: + * + * { + * Map(1) { + * key = String("ExtendPCR"), + * value = Map(1) { + * key = String("data"), + * value = Array() + * } + * } + * } + */ +static int parse_resp_extend_pcr(struct nsm *nsm, struct nsm_data_resp *resp, + union nsm_extend_pcr *extend_union) +{ + struct nsm_extend_pcr_resp *extend = &extend_union->resp; + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[7]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid ExtendPCR response"); + return -EINVAL; + } + + if (n != 5) { + dev_dbg(dev, "Invalid ExtendPCR response elements (%zd)", n); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[1], "ExtendPCR")) { + dev_dbg(dev, "Invalid ExtendPCR response items[1]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[3], "data")) { + dev_dbg(dev, "Invalid ExtendPCR response items[3]"); + return -EINVAL; + } + + if (items[4].type != CBOR_ITEM_STRING) { + dev_dbg(dev, "Invalid ExtendPCR response items[4]"); + return -EINVAL; + } + + extend->data.len = items[4].size; + memcpy(extend->data.data, &resp->data[items[4].offset], + extend->data.len); + + return 0; +} + +static int _parse_resp_extend_pcr(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_extend_pcr(nsm, resp, buffer); +} + +/* + * LockPCR request structure: + * + * { + * Map(1) { + * key = String("LockPCR"), + * value = Map(1) { + * key = String("index"), + * value = Int(pcr) + * } + * } + * } + */ +static int fill_req_lock_pcr(struct nsm *nsm, struct nsm_data_req *req, + union nsm_lock_pcr *lock_union) +{ + struct nsm_lock_pcr_req *lock = &lock_union->req; + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "LockPCR"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "index"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_unsigned_integer(&writer, lock->index); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_lock_pcr(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_lock_pcr(nsm, req, buffer); +} + +/* + * LockPCR error response structure: + * + * { + * Map(1) { + * key = String("Error"), + * value = String("ReadOnlyIndex"), + * } + * } + * + * Any other response means success. + */ +static int parse_resp_lock_pcr(struct nsm *nsm, struct nsm_data_resp *resp) +{ + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[7]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid LockPCR response"); + return -EINVAL; + } + + if (n == 3 && + cbor_is_str(&reader, &items[1], "Error")) + return -EINVAL; + + return 0; +} + +static int _parse_resp_lock_pcr(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_lock_pcr(nsm, resp); +} + +/* + * LockPCRs request structure: + * + * { + * Map(1) { + * key = String("LockPCRs"), + * value = Map(1) { + * key = String("range"), + * value = Int(pcr) + * } + * } + * } + */ +static int fill_req_lock_pcrs(struct nsm *nsm, struct nsm_data_req *req, + union nsm_lock_pcrs *lock_union) +{ + struct nsm_lock_pcrs_req *lock = &lock_union->req; + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "LockPCRs"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "range"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_unsigned_integer(&writer, lock->range_from_zero); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_lock_pcrs(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_lock_pcrs(nsm, req, buffer); +} + +/* + * LockPCRs error response structure: + * + * { + * Map(1) { + * key = String("Error"), + * value = String("ReadOnlyIndex"), + * } + * } + * + * Any other response means success. + */ +static int parse_resp_lock_pcrs(struct nsm *nsm, struct nsm_data_resp *resp) +{ + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[7]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid LockPCRs response"); + return -EINVAL; + } + + if (n == 3 && + cbor_is_str(&reader, &items[1], "Error")) + return -EINVAL; + + return 0; +} + +static int _parse_resp_lock_pcrs(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_lock_pcrs(nsm, resp); +} + +/* + * DescribeNSM request structure: + * + * { + * String("DescribeNSM"), + * } + */ +static int fill_req_describe_nsm(struct nsm *nsm, struct nsm_data_req *req) +{ + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + + err = cbor_encode_null_terminated_text_string(&writer, "DescribeNSM"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_describe_nsm(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_describe_nsm(nsm, req); +} + +/* + * DescribeNSM response structure: + * + * { + * Map(1) { + * key = String("DescribeNSM"), + * value = Map(7) { + * key = String("digest"), + * value = String("SHA384"), + * key = String("max_pcrs"), + * value = Int(32), + * key = String("module_id"), + * value = String("i-1234-enc5678"), + * key = String("locked_pcrs"), + * value = Array<u16>() (libcbor lists every element as item) + * key = String("version_major"), + * value = Int(1), + * key = String("version_minor"), + * value = Int(0), + * key = String("version_patch"), + * value = Int(0) + * } + * } + * } + */ +static int parse_resp_describe_nsm(struct nsm *nsm, struct nsm_data_resp *resp, + union nsm_describe_nsm *desc_union) +{ + struct nsm_describe_nsm_resp *desc = &desc_union->resp; + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[64]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + int i; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid DescribeNSM response"); + return -EINVAL; + } + + if (n < 11) { + dev_dbg(dev, "Invalid DescribeNSM response elements (%zd)", n); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[1], "DescribeNSM")) { + dev_dbg(dev, "Invalid DescribeNSM response items[1]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[3], "digest")) { + dev_dbg(dev, "Invalid DescribeNSM response items[3]"); + return -EINVAL; + } + + if (items[4].type != CBOR_ITEM_STRING) { + dev_dbg(dev, "Invalid DescribeNSM response items[4]"); + return -EINVAL; + } + + memset(desc->digest, 0, sizeof(desc->digest)); + memcpy(desc->digest, &resp->data[items[4].offset], + min_t(size_t, items[4].size, sizeof(desc->digest))); + + if (!cbor_is_str(&reader, &items[5], "max_pcrs")) { + dev_dbg(dev, "Invalid DescribeNSM response items[5]"); + return -EINVAL; + } + + desc->max_pcrs = 0; + err = cbor_decode(&reader, &items[6], &desc->max_pcrs, + sizeof(desc->max_pcrs)); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid DescribeNSM respons items[6]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[7], "module_id")) { + dev_dbg(dev, "Invalid DescribeNSM response items[7]"); + return -EINVAL; + } + + memset(desc->module_id, 0, sizeof(desc->module_id)); + memcpy(desc->module_id, &resp->data[items[8].offset], + min_t(size_t, items[8].size, sizeof(desc->module_id))); + + if (!cbor_is_str(&reader, &items[9], "locked_pcrs")) { + dev_dbg(dev, "Invalid DescribeNSM response items[9]"); + return -EINVAL; + } + + desc->locked_pcrs.u16s = min_t(size_t, ARRAY_SIZE(desc->locked_pcrs.u16), + items[10].size); + memcpy(desc->locked_pcrs.u16, &resp->data[items[10].offset], + desc->locked_pcrs.u16s * sizeof(u16)); + + /* libcbor interprets each array element as item, use dynamic index */ + i = 11 + desc->locked_pcrs.u16s; + + if (i > n) + return -EINVAL; + + if (!cbor_is_str(&reader, &items[i], "version_major")) { + dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i); + return -EINVAL; + } + + if (++i > n) + return -EINVAL; + + desc->major = 0; + err = cbor_decode(&reader, &items[i], &desc->major, + sizeof(desc->major)); + + if (++i > n) + return -EINVAL; + + if (!cbor_is_str(&reader, &items[i], "version_minor")) { + dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i); + return -EINVAL; + } + + if (++i > n) + return -EINVAL; + + desc->minor = 0; + err = cbor_decode(&reader, &items[i], &desc->minor, + sizeof(desc->minor)); + + if (++i > n) + return -EINVAL; + + if (!cbor_is_str(&reader, &items[i], "version_patch")) { + dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i); + return -EINVAL; + } + + if (++i > n) + return -EINVAL; + + desc->patch = 0; + err = cbor_decode(&reader, &items[i], &desc->patch, + sizeof(desc->patch)); + + return 0; +} + +static int _parse_resp_describe_nsm(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_describe_nsm(nsm, resp, buffer); +} + +/* + * Attestation request structure: + * + * Map(1) { + * key = String("Attestation"), + * value = Map(3) { + * key = String("user_data"), + * value = Array(), + * key = String("nonce"), + * value = Array(), + * key = String("public_key"), + * value = Array(), + * } + * } + * } + */ +static int fill_req_attestation(struct nsm *nsm, struct nsm_data_req *req, + union nsm_attestation *att_union) +{ + struct nsm_attestation_req *att = &att_union->req; + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + + err = cbor_encode_map(&writer, 1); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "Attestation"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_map(&writer, 3); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "user_data"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + att->user_data.len = min_t(u32, att->user_data.len, + sizeof(att->user_data.data)); + err = cbor_encode_byte_string(&writer, att->user_data.data, + att->user_data.len); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "nonce"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + att->nonce.len = min_t(u32, att->nonce.len, sizeof(att->nonce.data)); + err = cbor_encode_byte_string(&writer, att->nonce.data, + att->nonce.len); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + err = cbor_encode_null_terminated_text_string(&writer, "public_key"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + att->public_key.len = min_t(u32, att->public_key.len, + sizeof(att->public_key.data)); + err = cbor_encode_byte_string(&writer, att->public_key.data, + att->public_key.len); + if (err != CBOR_SUCCESS) + return -ENOMEM; + + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_attestation(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_attestation(nsm, req, buffer); +} + +/* + * Attestation response structure: + * + * { + * Map(1) { + * key = String("Attestation"), + * value = Map(1) { + * key = String("document"), + * value = Array() + * } + * } + * } + */ +static int parse_resp_attestation(struct nsm *nsm, struct nsm_data_resp *resp, + union nsm_attestation *att_union) +{ + struct nsm_attestation_resp *att = &att_union->resp; + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[6]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid Attestation response"); + return -EINVAL; + } + + if (n != 5) { + dev_dbg(dev, "Invalid Attestation response elements (%zd)", n); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[1], "Attestation")) { + dev_dbg(dev, "Invalid Attestation response items[1]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[3], "document")) { + dev_dbg(dev, "Invalid Attestation response items[3]"); + return -EINVAL; + } + + if (items[4].type != CBOR_ITEM_STRING) { + dev_dbg(dev, "Invalid Attestation response items[4]"); + return -EINVAL; + } + + att->document.len = items[4].size; + memcpy(att->document.data, &resp->data[items[4].offset], + att->document.len); + + return 0; +} + +static int _parse_resp_attestation(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_attestation(nsm, resp, buffer); +} + +/* + * GetRandom request structure: + * + * { + * String("GetRandom") + * } + */ +static int fill_req_get_random(struct nsm *nsm, struct nsm_data_req *req) +{ + cbor_writer_t writer; + cbor_error_t err; + + cbor_writer_init(&writer, req->data, sizeof(req->data)); + err = cbor_encode_null_terminated_text_string(&writer, "GetRandom"); + if (err != CBOR_SUCCESS) + return -ENOMEM; + req->len = cbor_writer_len(&writer); + + return 0; +} + +static int _fill_req_get_random(struct nsm *nsm, struct nsm_data_req *req, + void *buffer) +{ + return fill_req_get_random(nsm, req); +} + +/* + * GetRandom response structure: + * + * { + * Map(1) { + * key = String("GetRandom"), + * value = Map(1) { + * key = String("random"), + * value = Array() + * } + * } + * } + */ +static int parse_resp_get_random(struct nsm *nsm, struct nsm_data_resp *resp, + union nsm_get_random *random_union) +{ + struct nsm_get_random_resp *random = &random_union->resp; + struct device *dev = &nsm->vdev->dev; + cbor_item_t items[6]; + cbor_reader_t reader; + cbor_error_t err; + size_t n; + + cbor_reader_init(&reader, items, ARRAY_SIZE(items)); + err = cbor_parse(&reader, resp->data, resp->len, &n); + if (err != CBOR_SUCCESS) { + dev_dbg(dev, "Invalid GetRandom response"); + return -EINVAL; + } + + if (n != 5) { + dev_dbg(dev, "Invalid GetRandom response elements (%zd)", n); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[1], "GetRandom")) { + dev_dbg(dev, "Invalid GetRandom response items[1]"); + return -EINVAL; + } + + if (!cbor_is_str(&reader, &items[3], "random")) { + dev_dbg(dev, "Invalid GetRandom response items[3]"); + return -EINVAL; + } + + if (items[4].type != CBOR_ITEM_STRING) { + dev_dbg(dev, "Invalid GetRandom response items[4]"); + return -EINVAL; + } + + random->random.len = items[4].size; + memcpy(random->random.data, &resp->data[items[4].offset], + random->random.len); + + return 0; +} + +static int _parse_resp_get_random(struct nsm *nsm, struct nsm_data_resp *resp, + void *buffer) +{ + return parse_resp_get_random(nsm, resp, buffer); +} + +/* + * HwRNG implementation + */ +static int nsm_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) +{ + struct nsm *nsm = hwrng_to_nsm(rng); + struct device *dev = &nsm->vdev->dev; + union nsm_get_random *random = NULL; + struct nsm_msg *msg; + int rc = 0; + + /* NSM always needs to wait for a response */ + if (!wait) + return 0; + + msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL); + if (!msg) + return -ENOMEM; + + rc = -ENOMEM; + random = devm_kzalloc(dev, sizeof(*random), GFP_KERNEL); + if (!random) + goto out; + + rc = fill_req_get_random(nsm, &msg->req); + if (rc != 0) + goto out; + + rc = nsm_sendrecv_msg(nsm, msg); + if (rc != 0) + goto out; + + rc = parse_resp_get_random(nsm, &msg->resp, random); + if (rc != 0) + goto out; + + rc = min_t(size_t, random->resp.random.len, max); + memcpy(data, random->resp.random.data, rc); + + dev_dbg(dev, "RNG: returning rand bytes = %d", rc); +out: + devm_kfree(dev, random); + devm_kfree(dev, msg); + return rc; +} + +static ssize_t version_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct miscdevice *misc_dev = dev_get_drvdata(dev); + struct nsm *nsm = misc_dev_to_nsm(misc_dev); + + return sysfs_emit(buf, "%d.%d.%d\n", nsm->major, nsm->minor, nsm->patch); +} +static DEVICE_ATTR_RO(version); + +static ssize_t max_pcrs_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct miscdevice *misc_dev = dev_get_drvdata(dev); + struct nsm *nsm = misc_dev_to_nsm(misc_dev); + + return sysfs_emit(buf, "%d\n", nsm->max_pcrs); +} +static DEVICE_ATTR_RO(max_pcrs); + +static ssize_t digest_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct miscdevice *misc_dev = dev_get_drvdata(dev); + struct nsm *nsm = misc_dev_to_nsm(misc_dev); + + return sysfs_emit(buf, "%s\n", nsm->digest); +} +static DEVICE_ATTR_RO(digest); + +static ssize_t module_id_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct miscdevice *misc_dev = dev_get_drvdata(dev); + struct nsm *nsm = misc_dev_to_nsm(misc_dev); + + return sysfs_emit(buf, "%s\n", nsm->module_id); +} +static DEVICE_ATTR_RO(module_id); + +/* Sysfs files to access NSM state in addition to ioctls */ +static struct attribute *nsm_dev_attrs[] = { + &dev_attr_version.attr, + &dev_attr_max_pcrs.attr, + &dev_attr_digest.attr, + &dev_attr_module_id.attr, + NULL +}; +ATTRIBUTE_GROUPS(nsm_dev); + +/* + * IOCTL handlers. We always follow the same pattern for each of these: We copy + * the full user struct to kernel space, then we generate a device message from + * it, send it to the device and parse the response back into the in-kernel + * struct. Then we copy the full result back to user space. + */ +struct nsm_ioctl_handler { + int cmd; + int (*fill_req)(struct nsm *nsm, struct nsm_data_req *req, void *buffer); + int (*parse_resp)(struct nsm *nsm, struct nsm_data_resp *resp, void *buffer); +}; + +static const struct nsm_ioctl_handler nsm_ioctls[] = { + { NSM_IOCTL_RAW, _fill_req_raw, _parse_resp_raw }, + { NSM_IOCTL_DESCRIBE_PCR, _fill_req_describe_pcr, _parse_resp_describe_pcr }, + { NSM_IOCTL_EXTEND_PCR, _fill_req_extend_pcr, _parse_resp_extend_pcr }, + { NSM_IOCTL_LOCK_PCR, _fill_req_lock_pcr, _parse_resp_lock_pcr }, + { NSM_IOCTL_LOCK_PCRS, _fill_req_lock_pcrs, _parse_resp_lock_pcrs }, + { NSM_IOCTL_DESCRIBE_NSM, _fill_req_describe_nsm, _parse_resp_describe_nsm }, + { NSM_IOCTL_ATTESTATION, _fill_req_attestation, _parse_resp_attestation }, + { NSM_IOCTL_RANDOM, _fill_req_get_random, _parse_resp_get_random }, +}; + +static const struct nsm_ioctl_handler *nsm_dev_ioctl_handler(int cmd) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(nsm_ioctls); i++) + if (nsm_ioctls[i].cmd == cmd) + return &nsm_ioctls[i]; + + return NULL; +} + +static long nsm_dev_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + void __user *argp = u64_to_user_ptr((u64)arg); + const struct nsm_ioctl_handler *handler; + struct nsm *nsm = file_to_nsm(file); + struct device *dev = &nsm->vdev->dev; + struct nsm_msg *msg = NULL; + void *buffer = NULL; + int r = 0; + + /* Find handler for this ioctl */ + r = -EINVAL; + handler = nsm_dev_ioctl_handler(cmd); + if (!handler) + goto out; + + /* Allocate message buffers to device */ + r = -ENOMEM; + msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL); + if (!msg) + goto out; + + /* Allocate kernel copy of ioctl argument */ + r = -ENOMEM; + buffer = devm_kmalloc(dev, _IOC_SIZE(cmd), GFP_KERNEL); + if (!buffer) + goto out; + + /* Copy user argument struct to kernel argument struct */ + r = -EFAULT; + if (copy_from_user(buffer, argp, _IOC_SIZE(cmd))) + goto out; + + /* Convert kernel argument struct to device request */ + r = handler->fill_req(nsm, &msg->req, buffer); + if (r) + goto out; + + /* Send message to NSM and read reply */ + r = nsm_sendrecv_msg(nsm, msg); + if (r) + goto out; + + /* Parse device response into kernel argument struct */ + r = handler->parse_resp(nsm, &msg->resp, buffer); + if (r) + goto out; + + /* Copy kernel argument struct back to user argument struct */ + r = -EFAULT; + if (copy_to_user(argp, buffer, _IOC_SIZE(cmd))) + goto out; + + r = 0; + +out: + devm_kfree(dev, msg); + devm_kfree(dev, buffer); + return r; +} + +static int nsm_dev_file_open(struct inode *node, struct file *file) +{ + return 0; +} + +static int nsm_dev_file_close(struct inode *inode, struct file *file) +{ + return 0; +} + +static int nsm_device_init_vq(struct virtio_device *vdev) +{ + struct virtqueue *vq = virtio_find_single_vq(vdev, + nsm_vq_callback, "nsm.vq.0"); + struct nsm *nsm = vdev->priv; + + if (IS_ERR(vq)) + return PTR_ERR(vq); + + nsm->vq = vq; + + return 0; +} + +static const struct file_operations nsm_dev_fops = { + .open = nsm_dev_file_open, + .release = nsm_dev_file_close, + .unlocked_ioctl = nsm_dev_ioctl, + .compat_ioctl = compat_ptr_ioctl, +}; + +static int nsm_init_sysfs(struct nsm *nsm) +{ + struct device *dev = &nsm->vdev->dev; + union nsm_describe_nsm *desc = NULL; + struct nsm_msg *msg = NULL; + int rc = 0; + + rc = -ENOMEM; + msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL); + if (!msg) + goto out; + + rc = -ENOMEM; + desc = devm_kzalloc(dev, sizeof(*desc), GFP_KERNEL); + if (!desc) + goto out; + + rc = fill_req_describe_nsm(nsm, &msg->req); + if (rc != 0) + goto out; + + rc = nsm_sendrecv_msg(nsm, msg); + if (rc != 0) + goto out; + + rc = parse_resp_describe_nsm(nsm, &msg->resp, desc); + if (rc != 0) + goto out; + + nsm->major = desc->resp.major; + nsm->minor = desc->resp.minor; + nsm->patch = desc->resp.patch; + memcpy(nsm->module_id, desc->resp.module_id, sizeof(nsm->module_id)); + memcpy(nsm->digest, desc->resp.digest, sizeof(nsm->digest)); + +out: + kfree(desc); + kfree(msg); + return rc; +} + +static void nsm_misc_init(struct work_struct *work) +{ + struct nsm *nsm = container_of(work, struct nsm, misc_init); + struct device *dev = &nsm->vdev->dev; + int rc; + + /* Initialize sysfs data */ + rc = nsm_init_sysfs(nsm); + if (rc) { + dev_err(dev, "Initializing sysfs failed: %d\n", rc); + return; + } + + /* Register /dev/nsm device node */ + nsm->misc = (struct miscdevice) { + .minor = MISC_DYNAMIC_MINOR, + .name = "nsm", + .fops = &nsm_dev_fops, + .mode = 0666, + .groups = nsm_dev_groups, + }; + + rc = misc_register(&nsm->misc); + if (rc) + dev_err(dev, "misc device registration error: %d.\n", rc); +} + +/* Handler for probing the NSM device */ +static int nsm_device_probe(struct virtio_device *vdev) +{ + struct device *dev = &vdev->dev; + struct nsm *nsm; + int rc; + + nsm = devm_kzalloc(&vdev->dev, sizeof(*nsm), GFP_KERNEL); + if (!nsm) + return -ENOMEM; + + vdev->priv = nsm; + nsm->vdev = vdev; + + rc = nsm_device_init_vq(vdev); + if (rc) { + dev_err(dev, "queue failed to initialize: %d.\n", rc); + goto err_init_vq; + } + + mutex_init(&nsm->lock); + init_waitqueue_head(&nsm->wq); + + /* Register as hwrng provider */ + nsm->hwrng = (struct hwrng) { + .read = nsm_rng_read, + .name = "nsm-hwrng", + .quality = 1000, + }; + + rc = devm_hwrng_register(&vdev->dev, &nsm->hwrng); + if (rc) { + dev_err(dev, "RNG initialization error: %d.\n", rc); + goto err_hwrng; + } + + /* + * To initialize the misc device's sysfs properties we need to + * communicate with NSM which only works after probe is finished. + * Trigger work so we can delay the misc device registration. + */ + INIT_WORK(&nsm->misc_init, nsm_misc_init); + schedule_work(&nsm->misc_init); + + return 0; + +err_hwrng: + vdev->config->del_vqs(vdev); +err_init_vq: + kfree(nsm); + return rc; +} + +/* Handler for removing the NSM device */ +static void nsm_device_remove(struct virtio_device *vdev) +{ + struct nsm *nsm = vdev->priv; + + hwrng_unregister(&nsm->hwrng); + + vdev->config->del_vqs(vdev); + misc_deregister(&nsm->misc); + list_del(&nsm->node); +} + +/* NSM device configuration structure */ +static struct virtio_driver virtio_nsm_driver = { + .feature_table = 0, + .feature_table_size = 0, + .feature_table_legacy = 0, + .feature_table_size_legacy = 0, + .driver.name = KBUILD_MODNAME, + .driver.owner = THIS_MODULE, + .id_table = id_table, + .probe = nsm_device_probe, + .remove = nsm_device_remove, +}; + +module_virtio_driver(virtio_nsm_driver); +MODULE_DEVICE_TABLE(virtio, id_table); +MODULE_DESCRIPTION("Virtio NSM driver"); +MODULE_LICENSE("GPL"); diff --git a/include/uapi/linux/nsm.h b/include/uapi/linux/nsm.h new file mode 100644 index 000000000000..4b5c02f0fbf6 --- /dev/null +++ b/include/uapi/linux/nsm.h @@ -0,0 +1,188 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + */ + +#ifndef __UAPI_LINUX_NSM_H +#define __UAPI_LINUX_NSM_H + +#include <linux/ioctl.h> +#include <linux/types.h> + +#define NSM_MAGIC 0x0A + +#define NSM_REQUEST_MAX_SIZE 0x1000 +#define NSM_RESPONSE_MAX_SIZE 0x3000 +#define NSM_PCR_MAX_SIZE 0x200 +#define NSM_MAX_PCRS 0x100 + +struct nsm_iovec { + __u64 addr; /* Virtual address of target buffer */ + __u64 len; /* Length of target buffer */ +}; + +/* Raw NSM message. Only available with CAP_SYS_ADMIN. */ +struct nsm_raw { + /* Request from user */ + struct nsm_iovec request; + /* Response to user */ + struct nsm_iovec response; +}; +#define NSM_IOCTL_RAW _IOWR(NSM_MAGIC, 0x0, struct nsm_raw) + +/* Maximum length input data */ +struct nsm_data_req { + __u32 len; + __u8 data[NSM_REQUEST_MAX_SIZE]; +}; + +/* Maximum length output data */ +struct nsm_data_resp { + __u32 len; + __u8 data[NSM_RESPONSE_MAX_SIZE]; +}; + +/* PCR hash. Currently at most 512 bits, but let's leave room for up to 4096. */ +struct nsm_pcr_data { + __u32 len; + __u8 data[NSM_PCR_MAX_SIZE]; +}; + +/* + * DescribePCR + * + * Queries the PCR contents of a single PCR. Returns whether the PCR is + * currently in locked state and the PCR hash value. + */ +struct nsm_describe_pcr_req { + __u16 index; +}; + +struct nsm_describe_pcr_resp { + __u16 lock; + struct nsm_pcr_data data; +}; + +union nsm_describe_pcr { + struct nsm_describe_pcr_req req; + struct nsm_describe_pcr_resp resp; +}; +#define NSM_IOCTL_DESCRIBE_PCR _IOWR(NSM_MAGIC, 0x1, union nsm_describe_pcr) + +/* + * ExtendPCR + * + * Extends the PCR hash with additional binary data. Returns the new PCR + * hash value after extension. + */ +struct nsm_extend_pcr_req { + __u16 index; + __u16 pad; + struct nsm_data_req data; +}; + +struct nsm_extend_pcr_resp { + struct nsm_pcr_data data; +}; + +union nsm_extend_pcr { + struct nsm_extend_pcr_req req; + struct nsm_extend_pcr_resp resp; +}; +#define NSM_IOCTL_EXTEND_PCR _IOWR(NSM_MAGIC, 0x2, union nsm_extend_pcr) + +/* + * LockPCR + * + * Enables lock state for a single PCR. After this operation, the PCR becomes + * unmodifyable until Enclave destruction. + */ +struct nsm_lock_pcr_req { + __u16 index; +}; + +union nsm_lock_pcr { + struct nsm_lock_pcr_req req; +}; +#define NSM_IOCTL_LOCK_PCR _IOWR(NSM_MAGIC, 0x3, union nsm_lock_pcr) + +/* + * LockPCRs + * + * Enables lock state for all PCR from 0 up to the given range_from_zero + * parameter. After this operation, all PCR in range become unmodifyable + * until Enclave destruction. + */ +struct nsm_lock_pcrs_req { + __u16 range_from_zero; +}; + +union nsm_lock_pcrs { + struct nsm_lock_pcrs_req req; +}; +#define NSM_IOCTL_LOCK_PCRS _IOWR(NSM_MAGIC, 0x4, union nsm_lock_pcrs) + +/* + * DescribeNSM + * + * Provides metadata information about the NSM backend implementation, + * such as version and maximum number of PCRs. + */ +struct nsm_u16_resp { + __u32 u16s; + __u16 u16[NSM_MAX_PCRS]; +}; + +struct nsm_describe_nsm_resp { + __u16 major; + __u16 minor; + __u16 patch; + char module_id[256]; /* null-terminated C string */ + __u16 max_pcrs; + struct nsm_u16_resp locked_pcrs; + char digest[16]; /* null-terminated C string */ +}; + +union nsm_describe_nsm { + struct nsm_describe_nsm_resp resp; +}; +#define NSM_IOCTL_DESCRIBE_NSM _IOWR(NSM_MAGIC, 0x5, union nsm_describe_nsm) + +/* + * Attestation + * + * Provides an attestation document that you can use to attest the Enclave + * against external services. Takes 3 binary input parameters that get + * reflected 1:1 inside the attestation document. + */ +struct nsm_attestation_req { + struct nsm_data_req user_data; + struct nsm_data_req nonce; + struct nsm_data_req public_key; +}; + +struct nsm_attestation_resp { + struct nsm_data_resp document; +}; + +union nsm_attestation { + struct nsm_attestation_req req; + struct nsm_attestation_resp resp; +}; +#define NSM_IOCTL_ATTESTATION _IOWR(NSM_MAGIC, 0x6, union nsm_attestation) + +/* + * GetRandom + * + * Returns random bytes. + */ +struct nsm_get_random_resp { + struct nsm_data_resp random; +}; + +union nsm_get_random { + struct nsm_get_random_resp resp; +}; +#define NSM_IOCTL_RANDOM _IOWR(NSM_MAGIC, 0x7, union nsm_get_random) + +#endif /* __UAPI_LINUX_NSM_H */ -- 2.40.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879