[PATCH v4 2/2] misc: Add Nitro Secure Module driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When running Linux inside a Nitro Enclave, the hypervisor provides a
special virtio device called "NSM". This device has 3 main functions:

  1) Provide attestation reports
  2) Modify PCR state
  3) Provide entropy

This patch adds a driver for NSM that exposes a /dev/nsm device node which
user space can issue ioctls on to request attestation documents, influence
PCR states, read entropy and enumerate status of the device. In addition,
the driver implements a hwrng backend and exposes some of the NSM device
metadata as sysfs entries.

Originally-by: Petre Eftime <petre.eftime@xxxxxxxxx>
Signed-off-by: Alexander Graf <graf@xxxxxxxxxx>

---

v1 -> v2:

  - Remove boilerplate
  - Add uapi header

v2 -> v3:

  - Move globals to device struct
  - Add compat handling
  - Simplify some naming
  - Remove debug prints
  - Use module_virtio_driver
  - Drop use of uio.h

v3 -> v4:

  - Merge hwrng into the misc driver
  - Add dependency on CBOR library
  - Add internal and ioctl logic for all current NSM actions
  - Use in-struct arrays instead of kvecs
  - Add sysfs entries for NSM metadata
  - Use dev_ print and devm_ allocation helpers
---
 MAINTAINERS              |    9 +
 drivers/misc/Kconfig     |   13 +
 drivers/misc/Makefile    |    1 +
 drivers/misc/nsm.c       | 1466 ++++++++++++++++++++++++++++++++++++++
 include/uapi/linux/nsm.h |  188 +++++
 5 files changed, 1677 insertions(+)
 create mode 100644 drivers/misc/nsm.c
 create mode 100644 include/uapi/linux/nsm.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 5c23081ede95..28f861eea8e5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -15104,6 +15104,15 @@ F:	include/linux/nitro_enclaves.h
 F:	include/uapi/linux/nitro_enclaves.h
 F:	samples/nitro_enclaves/
 
+NITRO SECURE MODULE (NSM)
+M:	Alexander Graf <graf@xxxxxxxxxx>
+L:	linux-kernel@xxxxxxxxxxxxxxx
+L:	The AWS Nitro Enclaves Team <aws-nitro-enclaves-devel@xxxxxxxxxx>
+S:	Supported
+W:	https://aws.amazon.com/ec2/nitro/nitro-enclaves/
+F:	drivers/misc/nsm.c
+F:	include/uapi/linux/nsm.h
+
 NOHZ, DYNTICKS SUPPORT
 M:	Frederic Weisbecker <frederic@xxxxxxxxxx>
 M:	Thomas Gleixner <tglx@xxxxxxxxxxxxx>
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index cadd4a820c03..236f36a8e8d4 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -562,6 +562,19 @@ config TPS6594_PFSM
 	  This driver can also be built as a module.  If so, the module
 	  will be called tps6594-pfsm.
 
+config NSM
+	tristate "Nitro (Enclaves) Security Module support"
+	depends on VIRTIO
+	select HW_RANDOM
+	select CBOR
+	help
+	  This driver provides support for the Nitro Security Module
+	  in AWS EC2 Nitro based Enclaves. The driver exposes a /dev/nsm
+	  device user space can use to communicate with the hypervisor.
+
+	  To compile this driver as a module, choose M here.
+	  The module will be called nsm.
+
 source "drivers/misc/c2port/Kconfig"
 source "drivers/misc/eeprom/Kconfig"
 source "drivers/misc/cb710/Kconfig"
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index f2a4d1ff65d4..ea6ea5bbbc9c 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -67,3 +67,4 @@ obj-$(CONFIG_TMR_MANAGER)      += xilinx_tmr_manager.o
 obj-$(CONFIG_TMR_INJECT)	+= xilinx_tmr_inject.o
 obj-$(CONFIG_TPS6594_ESM)	+= tps6594-esm.o
 obj-$(CONFIG_TPS6594_PFSM)	+= tps6594-pfsm.o
+obj-$(CONFIG_NSM)		+= nsm.o
diff --git a/drivers/misc/nsm.c b/drivers/misc/nsm.c
new file mode 100644
index 000000000000..8baa91233cab
--- /dev/null
+++ b/drivers/misc/nsm.c
@@ -0,0 +1,1466 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Amazon Nitro Secure Module driver.
+ *
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * The Nitro Secure Module implements the following commands via CBOR over virtio:
+ *
+ *   DescribePCR(u16 index) -> { bool lock, u8[] data }
+ *   ExtendPCR(u16 index, u8[] data) -> { u8[] data }
+ *   LockPCR(u16 index) -> {}
+ *   LockPCRs(u16 range_from_zero) -> {}
+ *   DescribeNSM() -> { u16 version_major, u16 version_minor,
+ *                      u16 version_patch, String module_id,
+ *                      u16 max_pcrs, u16[] locked_pcrs, String digest }
+ *   Attestation(u8[] user_data, u8[] nonce, u8[] public_key) -> { u8[] document }
+ *   GetRandom() -> { u8[] random }
+ *
+ * This driver exposes them directly to user space as ioctls on /dev/nsm.
+ */
+
+#include <linux/file.h>
+#include <linux/fs.h>
+#include <linux/interrupt.h>
+#include <linux/hw_random.h>
+#include <linux/miscdevice.h>
+#include <linux/module.h>
+#include <linux/mutex.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/uaccess.h>
+#include <linux/uio.h>
+#include <linux/virtio_config.h>
+#include <linux/virtio_ids.h>
+#include <linux/virtio.h>
+#include <linux/wait.h>
+#include <linux/cbor/decoder.h>
+#include <linux/cbor/encoder.h>
+#include <linux/cbor/parser.h>
+#include <uapi/linux/nsm.h>
+
+/* Timeout for NSM virtqueue respose in milliseconds. */
+#define NSM_DEFAULT_TIMEOUT_MSECS (120000) /* 2 minutes */
+
+struct nsm {
+	struct list_head      node;
+	struct virtio_device *vdev;
+	struct virtqueue     *vq;
+	struct mutex          lock;
+	wait_queue_head_t     wq;
+	bool                  device_notified;
+	struct miscdevice     misc;
+	struct hwrng          hwrng;
+	struct work_struct    misc_init;
+	u16                   major;
+	u16                   minor;
+	u16                   patch;
+	u16                   max_pcrs;
+	char                  module_id[256];
+	char                  digest[16];
+};
+
+/* NSM device ID */
+static const struct virtio_device_id id_table[] = {
+	{ VIRTIO_ID_NITRO_SEC_MOD, VIRTIO_DEV_ANY_ID },
+	{ 0 },
+};
+
+/* Full NSM request/response message */
+struct nsm_msg {
+	struct nsm_data_req req;
+	struct nsm_data_resp resp;
+};
+
+static inline struct nsm *file_to_nsm(struct file *file)
+{
+	return container_of(file->private_data, struct nsm, misc);
+}
+
+static inline struct nsm *hwrng_to_nsm(struct hwrng *rng)
+{
+	return container_of(rng, struct nsm, hwrng);
+}
+
+static inline struct nsm *misc_dev_to_nsm(struct miscdevice *misc)
+{
+	return container_of(misc, struct nsm, misc);
+}
+
+static bool cbor_is_str(cbor_reader_t *reader, cbor_item_t *item,
+			const char *str)
+{
+	int len = strlen(str);
+
+	if (item->size != len)
+		return false;
+	return !memcmp(&reader->msg[item->offset], str, len);
+}
+
+/* Copy the request of a raw message to kernel space */
+static int fill_req_raw(struct nsm *nsm, struct nsm_data_req *req,
+			struct nsm_raw *raw)
+{
+	/* Only root has access to raw requests */
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
+
+	/* Verify the user input size. */
+	if (raw->request.len > sizeof(req->data))
+		return -EMSGSIZE;
+
+	/* Copy the request payload */
+	if (copy_from_user(req->data, u64_to_user_ptr(raw->request.addr),
+			   raw->request.len))
+		return -EFAULT;
+
+	req->len = raw->request.len;
+
+	return 0;
+}
+
+static int _fill_req_raw(struct nsm *nsm, struct nsm_data_req *req,
+			 void *buffer)
+{
+	return fill_req_raw(nsm, req, buffer);
+}
+
+/* Copy the response of a raw message back to user-space */
+static int parse_resp_raw(struct nsm *nsm, struct nsm_data_resp *resp,
+			  struct nsm_raw *raw)
+{
+	/* Truncate any message that does not fit. */
+	raw->response.len = min_t(u64, raw->response.len, resp->len);
+
+	/* Copy the response content to user space */
+	if (copy_to_user(u64_to_user_ptr(raw->response.addr),
+			 resp->data, raw->response.len))
+		return -EFAULT;
+
+	return 0;
+}
+
+static int _parse_resp_raw(struct nsm *nsm, struct nsm_data_resp *resp,
+			   void *buffer)
+{
+	return parse_resp_raw(nsm, resp, buffer);
+}
+
+/* Virtqueue interrupt handler */
+static void nsm_vq_callback(struct virtqueue *vq)
+{
+	struct nsm *nsm = vq->vdev->priv;
+
+	nsm->device_notified = true;
+	wake_up(&nsm->wq);
+}
+
+/* Forward a message to the NSM device and wait for the response from it */
+static int nsm_sendrecv_msg(struct nsm *nsm, struct nsm_msg *msg)
+{
+	struct device *dev = &nsm->vdev->dev;
+	struct scatterlist sg_in, sg_out;
+	struct virtqueue *vq = nsm->vq;
+	unsigned int len;
+	void *queue_buf;
+	bool kicked;
+	int rc;
+
+	/* Initialize scatter-gather lists with request and response buffers. */
+	sg_init_one(&sg_out, msg->req.data, msg->req.len);
+	sg_init_one(&sg_in, msg->resp.data, sizeof(msg->resp.data));
+
+	mutex_lock(&nsm->lock);
+
+	/* Add the request buffer (read by the device). */
+	rc = virtqueue_add_outbuf(vq, &sg_out, 1, msg->req.data, GFP_KERNEL);
+	if (rc) {
+		mutex_unlock(&nsm->lock);
+		return rc;
+	}
+
+	/* Add the response buffer (written by the device). */
+	rc = virtqueue_add_inbuf(vq, &sg_in, 1, msg->resp.data, GFP_KERNEL);
+	if (rc)
+		goto cleanup;
+
+	nsm->device_notified = false;
+	kicked = virtqueue_kick(vq);
+	if (!kicked) {
+		/* Cannot kick the virtqueue. */
+		rc = -EIO;
+		goto cleanup;
+	}
+
+	/* If the kick succeeded, wait for the device's response. */
+	rc = wait_event_timeout(nsm->wq,
+		nsm->device_notified == true,
+		msecs_to_jiffies(NSM_DEFAULT_TIMEOUT_MSECS));
+	if (!rc) {
+		rc = -ETIMEDOUT;
+		goto cleanup;
+	}
+
+	queue_buf = virtqueue_get_buf(vq, &len);
+	if (!queue_buf || (queue_buf != msg->req.data)) {
+		dev_err(dev, "wrong request buffer.");
+		rc = -ENODATA;
+		goto cleanup;
+	}
+
+	queue_buf = virtqueue_get_buf(vq, &len);
+	if (!queue_buf || (queue_buf != msg->resp.data)) {
+		dev_err(dev, "wrong response buffer.");
+		rc = -ENODATA;
+		goto cleanup;
+	}
+
+	msg->resp.len = len;
+
+	rc = 0;
+
+cleanup:
+	if (rc) {
+		/* Clean the virtqueue. */
+		while (virtqueue_get_buf(vq, &len) != NULL)
+			;
+	}
+
+	mutex_unlock(&nsm->lock);
+	return rc;
+}
+
+/*
+ * DescribePCR request structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("DescribePCR"),
+ *     value = Map(1) {
+ *       key = String("index"),
+ *       value = Int(pcr)
+ *     }
+ *   }
+ * }
+ */
+static int fill_req_describe_pcr(struct nsm *nsm, struct nsm_data_req *req,
+				 union nsm_describe_pcr *desc_union)
+{
+	struct nsm_describe_pcr_req *desc = &desc_union->req;
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "DescribePCR");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "index");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_unsigned_integer(&writer, desc->index);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_describe_pcr(struct nsm *nsm, struct nsm_data_req *req,
+				  void *buffer)
+{
+	return fill_req_describe_pcr(nsm, req, buffer);
+}
+
+/*
+ * DescribePCR response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("DescribePCR"),
+ *     value = Map(2) {
+ *       key = String("data"),
+ *       value = Array(),
+ *       key = String("lock"),
+ *       value = Bool()
+ *     }
+ *   }
+ * }
+ */
+static int parse_resp_describe_pcr(struct nsm *nsm, struct nsm_data_resp *resp,
+				   union nsm_describe_pcr *desc_union)
+{
+	struct nsm_describe_pcr_resp *desc = &desc_union->resp;
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[7];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid DescribePCR response");
+		return -EINVAL;
+	}
+
+	if (n != 7) {
+		dev_dbg(dev, "Invalid DescribePCR response elements (%zd)", n);
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[1], "DescribePCR")) {
+		dev_dbg(dev, "Invalid DescribePCR response items[1]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[3], "data")) {
+		dev_dbg(dev, "Invalid DescribePCR response items[3]");
+		return -EINVAL;
+	}
+
+	if (items[4].type != CBOR_ITEM_STRING) {
+		dev_dbg(dev, "Invalid DescribePCR response items[4]");
+		return -EINVAL;
+	}
+
+	desc->data.len = items[4].size;
+	memcpy(desc->data.data, &resp->data[items[4].offset],
+	       desc->data.len);
+
+	if (!cbor_is_str(&reader, &items[5], "lock")) {
+		dev_dbg(dev, "Invalid DescribePCR response items[5]");
+		return -EINVAL;
+	}
+
+	if (items[6].type != CBOR_ITEM_SIMPLE_VALUE) {
+		dev_dbg(dev, "Invalid DescribePCR response items[6]");
+		return -EINVAL;
+	}
+
+	desc->lock = 0;
+	err = cbor_decode(&reader, &items[6], &desc->lock, sizeof(u16));
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid DescribePCR respons items[6]");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int _parse_resp_describe_pcr(struct nsm *nsm, struct nsm_data_resp *resp,
+				    void *buffer)
+{
+	return parse_resp_describe_pcr(nsm, resp, buffer);
+}
+
+/*
+ * ExtendPCR request structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("ExtendPCR"),
+ *     value = Map(2) {
+ *       key = String("index"),
+ *       value = Int(pcr),
+ *       key = String("data"),
+ *       value = Array(data),
+ *     }
+ *   }
+ * }
+ */
+static int fill_req_extend_pcr(struct nsm *nsm, struct nsm_data_req *req,
+			       union nsm_extend_pcr *extend_union)
+{
+	struct nsm_extend_pcr_req *extend = &extend_union->req;
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "ExtendPCR");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_map(&writer, 2);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "index");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_unsigned_integer(&writer, extend->index);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "data");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	if (extend->data.len > sizeof(extend->data.data))
+		return -EINVAL;
+
+	err = cbor_encode_byte_string(&writer, extend->data.data,
+				      extend->data.len);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_extend_pcr(struct nsm *nsm, struct nsm_data_req *req,
+				void *buffer)
+{
+	return fill_req_extend_pcr(nsm, req, buffer);
+}
+
+/*
+ * ExtendPCR response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("ExtendPCR"),
+ *     value = Map(1) {
+ *       key = String("data"),
+ *       value = Array()
+ *     }
+ *   }
+ * }
+ */
+static int parse_resp_extend_pcr(struct nsm *nsm, struct nsm_data_resp *resp,
+				 union nsm_extend_pcr *extend_union)
+{
+	struct nsm_extend_pcr_resp *extend = &extend_union->resp;
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[7];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid ExtendPCR response");
+		return -EINVAL;
+	}
+
+	if (n != 5) {
+		dev_dbg(dev, "Invalid ExtendPCR response elements (%zd)", n);
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[1], "ExtendPCR")) {
+		dev_dbg(dev, "Invalid ExtendPCR response items[1]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[3], "data")) {
+		dev_dbg(dev, "Invalid ExtendPCR response items[3]");
+		return -EINVAL;
+	}
+
+	if (items[4].type != CBOR_ITEM_STRING) {
+		dev_dbg(dev, "Invalid ExtendPCR response items[4]");
+		return -EINVAL;
+	}
+
+	extend->data.len = items[4].size;
+	memcpy(extend->data.data, &resp->data[items[4].offset],
+	       extend->data.len);
+
+	return 0;
+}
+
+static int _parse_resp_extend_pcr(struct nsm *nsm, struct nsm_data_resp *resp,
+				  void *buffer)
+{
+	return parse_resp_extend_pcr(nsm, resp, buffer);
+}
+
+/*
+ * LockPCR request structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("LockPCR"),
+ *     value = Map(1) {
+ *       key = String("index"),
+ *       value = Int(pcr)
+ *     }
+ *   }
+ * }
+ */
+static int fill_req_lock_pcr(struct nsm *nsm, struct nsm_data_req *req,
+			     union nsm_lock_pcr *lock_union)
+{
+	struct nsm_lock_pcr_req *lock = &lock_union->req;
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "LockPCR");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "index");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_unsigned_integer(&writer, lock->index);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_lock_pcr(struct nsm *nsm, struct nsm_data_req *req,
+			      void *buffer)
+{
+	return fill_req_lock_pcr(nsm, req, buffer);
+}
+
+/*
+ * LockPCR error response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("Error"),
+ *     value = String("ReadOnlyIndex"),
+ *   }
+ * }
+ *
+ * Any other response means success.
+ */
+static int parse_resp_lock_pcr(struct nsm *nsm, struct nsm_data_resp *resp)
+{
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[7];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid LockPCR response");
+		return -EINVAL;
+	}
+
+	if (n == 3 &&
+	    cbor_is_str(&reader, &items[1], "Error"))
+		return -EINVAL;
+
+	return 0;
+}
+
+static int _parse_resp_lock_pcr(struct nsm *nsm, struct nsm_data_resp *resp,
+				void *buffer)
+{
+	return parse_resp_lock_pcr(nsm, resp);
+}
+
+/*
+ * LockPCRs request structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("LockPCRs"),
+ *     value = Map(1) {
+ *       key = String("range"),
+ *       value = Int(pcr)
+ *     }
+ *   }
+ * }
+ */
+static int fill_req_lock_pcrs(struct nsm *nsm, struct nsm_data_req *req,
+			      union nsm_lock_pcrs *lock_union)
+{
+	struct nsm_lock_pcrs_req *lock = &lock_union->req;
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "LockPCRs");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "range");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_unsigned_integer(&writer, lock->range_from_zero);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_lock_pcrs(struct nsm *nsm, struct nsm_data_req *req,
+			       void *buffer)
+{
+	return fill_req_lock_pcrs(nsm, req, buffer);
+}
+
+/*
+ * LockPCRs error response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("Error"),
+ *     value = String("ReadOnlyIndex"),
+ *   }
+ * }
+ *
+ * Any other response means success.
+ */
+static int parse_resp_lock_pcrs(struct nsm *nsm, struct nsm_data_resp *resp)
+{
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[7];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid LockPCRs response");
+		return -EINVAL;
+	}
+
+	if (n == 3 &&
+	    cbor_is_str(&reader, &items[1], "Error"))
+		return -EINVAL;
+
+	return 0;
+}
+
+static int _parse_resp_lock_pcrs(struct nsm *nsm, struct nsm_data_resp *resp,
+				 void *buffer)
+{
+	return parse_resp_lock_pcrs(nsm, resp);
+}
+
+/*
+ * DescribeNSM request structure:
+ *
+ * {
+ *   String("DescribeNSM"),
+ * }
+ */
+static int fill_req_describe_nsm(struct nsm *nsm, struct nsm_data_req *req)
+{
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+
+	err = cbor_encode_null_terminated_text_string(&writer, "DescribeNSM");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_describe_nsm(struct nsm *nsm, struct nsm_data_req *req,
+				  void *buffer)
+{
+	return fill_req_describe_nsm(nsm, req);
+}
+
+/*
+ * DescribeNSM response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("DescribeNSM"),
+ *     value = Map(7) {
+ *       key = String("digest"),
+ *       value = String("SHA384"),
+ *       key = String("max_pcrs"),
+ *       value = Int(32),
+ *       key = String("module_id"),
+ *       value = String("i-1234-enc5678"),
+ *       key = String("locked_pcrs"),
+ *       value = Array<u16>() (libcbor lists every element as item)
+ *       key = String("version_major"),
+ *       value = Int(1),
+ *       key = String("version_minor"),
+ *       value = Int(0),
+ *       key = String("version_patch"),
+ *       value = Int(0)
+ *     }
+ *   }
+ * }
+ */
+static int parse_resp_describe_nsm(struct nsm *nsm, struct nsm_data_resp *resp,
+				   union nsm_describe_nsm *desc_union)
+{
+	struct nsm_describe_nsm_resp *desc = &desc_union->resp;
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[64];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+	int i;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid DescribeNSM response");
+		return -EINVAL;
+	}
+
+	if (n < 11) {
+		dev_dbg(dev, "Invalid DescribeNSM response elements (%zd)", n);
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[1], "DescribeNSM")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[1]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[3], "digest")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[3]");
+		return -EINVAL;
+	}
+
+	if (items[4].type != CBOR_ITEM_STRING) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[4]");
+		return -EINVAL;
+	}
+
+	memset(desc->digest, 0, sizeof(desc->digest));
+	memcpy(desc->digest, &resp->data[items[4].offset],
+	       min_t(size_t, items[4].size, sizeof(desc->digest)));
+
+	if (!cbor_is_str(&reader, &items[5], "max_pcrs")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[5]");
+		return -EINVAL;
+	}
+
+	desc->max_pcrs = 0;
+	err = cbor_decode(&reader, &items[6], &desc->max_pcrs,
+			  sizeof(desc->max_pcrs));
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid DescribeNSM respons items[6]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[7], "module_id")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[7]");
+		return -EINVAL;
+	}
+
+	memset(desc->module_id, 0, sizeof(desc->module_id));
+	memcpy(desc->module_id, &resp->data[items[8].offset],
+	       min_t(size_t, items[8].size, sizeof(desc->module_id)));
+
+	if (!cbor_is_str(&reader, &items[9], "locked_pcrs")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[9]");
+		return -EINVAL;
+	}
+
+	desc->locked_pcrs.u16s = min_t(size_t, ARRAY_SIZE(desc->locked_pcrs.u16),
+				       items[10].size);
+	memcpy(desc->locked_pcrs.u16, &resp->data[items[10].offset],
+	       desc->locked_pcrs.u16s * sizeof(u16));
+
+	/* libcbor interprets each array element as item, use dynamic index */
+	i = 11 + desc->locked_pcrs.u16s;
+
+	if (i > n)
+		return -EINVAL;
+
+	if (!cbor_is_str(&reader, &items[i], "version_major")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i);
+		return -EINVAL;
+	}
+
+	if (++i > n)
+		return -EINVAL;
+
+	desc->major = 0;
+	err = cbor_decode(&reader, &items[i], &desc->major,
+			  sizeof(desc->major));
+
+	if (++i > n)
+		return -EINVAL;
+
+	if (!cbor_is_str(&reader, &items[i], "version_minor")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i);
+		return -EINVAL;
+	}
+
+	if (++i > n)
+		return -EINVAL;
+
+	desc->minor = 0;
+	err = cbor_decode(&reader, &items[i], &desc->minor,
+			  sizeof(desc->minor));
+
+	if (++i > n)
+		return -EINVAL;
+
+	if (!cbor_is_str(&reader, &items[i], "version_patch")) {
+		dev_dbg(dev, "Invalid DescribeNSM response items[%d]", i);
+		return -EINVAL;
+	}
+
+	if (++i > n)
+		return -EINVAL;
+
+	desc->patch = 0;
+	err = cbor_decode(&reader, &items[i], &desc->patch,
+			  sizeof(desc->patch));
+
+	return 0;
+}
+
+static int _parse_resp_describe_nsm(struct nsm *nsm, struct nsm_data_resp *resp,
+				    void *buffer)
+{
+	return parse_resp_describe_nsm(nsm, resp, buffer);
+}
+
+/*
+ * Attestation request structure:
+ *
+ *   Map(1) {
+ *     key = String("Attestation"),
+ *     value = Map(3) {
+ *       key = String("user_data"),
+ *       value = Array(),
+ *       key = String("nonce"),
+ *       value = Array(),
+ *       key = String("public_key"),
+ *       value = Array(),
+ *     }
+ *   }
+ * }
+ */
+static int fill_req_attestation(struct nsm *nsm, struct nsm_data_req *req,
+				union nsm_attestation *att_union)
+{
+	struct nsm_attestation_req *att = &att_union->req;
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+
+	err = cbor_encode_map(&writer, 1);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "Attestation");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_map(&writer, 3);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "user_data");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	att->user_data.len = min_t(u32, att->user_data.len,
+				   sizeof(att->user_data.data));
+	err = cbor_encode_byte_string(&writer, att->user_data.data,
+				      att->user_data.len);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "nonce");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	att->nonce.len = min_t(u32, att->nonce.len, sizeof(att->nonce.data));
+	err = cbor_encode_byte_string(&writer, att->nonce.data,
+				      att->nonce.len);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	err = cbor_encode_null_terminated_text_string(&writer, "public_key");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	att->public_key.len = min_t(u32, att->public_key.len,
+				    sizeof(att->public_key.data));
+	err = cbor_encode_byte_string(&writer, att->public_key.data,
+				      att->public_key.len);
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_attestation(struct nsm *nsm, struct nsm_data_req *req,
+				 void *buffer)
+{
+	return fill_req_attestation(nsm, req, buffer);
+}
+
+/*
+ * Attestation response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("Attestation"),
+ *     value = Map(1) {
+ *       key = String("document"),
+ *       value = Array()
+ *     }
+ *   }
+ * }
+ */
+static int parse_resp_attestation(struct nsm *nsm, struct nsm_data_resp *resp,
+				  union nsm_attestation *att_union)
+{
+	struct nsm_attestation_resp *att = &att_union->resp;
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[6];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid Attestation response");
+		return -EINVAL;
+	}
+
+	if (n != 5) {
+		dev_dbg(dev, "Invalid Attestation response elements (%zd)", n);
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[1], "Attestation")) {
+		dev_dbg(dev, "Invalid Attestation response items[1]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[3], "document")) {
+		dev_dbg(dev, "Invalid Attestation response items[3]");
+		return -EINVAL;
+	}
+
+	if (items[4].type != CBOR_ITEM_STRING) {
+		dev_dbg(dev, "Invalid Attestation response items[4]");
+		return -EINVAL;
+	}
+
+	att->document.len = items[4].size;
+	memcpy(att->document.data, &resp->data[items[4].offset],
+	       att->document.len);
+
+	return 0;
+}
+
+static int _parse_resp_attestation(struct nsm *nsm, struct nsm_data_resp *resp,
+				   void *buffer)
+{
+	return parse_resp_attestation(nsm, resp, buffer);
+}
+
+/*
+ * GetRandom request structure:
+ *
+ * {
+ *   String("GetRandom")
+ * }
+ */
+static int fill_req_get_random(struct nsm *nsm, struct nsm_data_req *req)
+{
+	cbor_writer_t writer;
+	cbor_error_t err;
+
+	cbor_writer_init(&writer, req->data, sizeof(req->data));
+	err = cbor_encode_null_terminated_text_string(&writer, "GetRandom");
+	if (err != CBOR_SUCCESS)
+		return -ENOMEM;
+	req->len = cbor_writer_len(&writer);
+
+	return 0;
+}
+
+static int _fill_req_get_random(struct nsm *nsm, struct nsm_data_req *req,
+				void *buffer)
+{
+	return fill_req_get_random(nsm, req);
+}
+
+/*
+ * GetRandom response structure:
+ *
+ * {
+ *   Map(1) {
+ *     key = String("GetRandom"),
+ *     value = Map(1) {
+ *       key = String("random"),
+ *       value = Array()
+ *     }
+ *   }
+ * }
+ */
+static int parse_resp_get_random(struct nsm *nsm, struct nsm_data_resp *resp,
+				 union nsm_get_random *random_union)
+{
+	struct nsm_get_random_resp *random = &random_union->resp;
+	struct device *dev = &nsm->vdev->dev;
+	cbor_item_t items[6];
+	cbor_reader_t reader;
+	cbor_error_t err;
+	size_t n;
+
+	cbor_reader_init(&reader, items, ARRAY_SIZE(items));
+	err = cbor_parse(&reader, resp->data, resp->len, &n);
+	if (err != CBOR_SUCCESS) {
+		dev_dbg(dev, "Invalid GetRandom response");
+		return -EINVAL;
+	}
+
+	if (n != 5) {
+		dev_dbg(dev, "Invalid GetRandom response elements (%zd)", n);
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[1], "GetRandom")) {
+		dev_dbg(dev, "Invalid GetRandom response items[1]");
+		return -EINVAL;
+	}
+
+	if (!cbor_is_str(&reader, &items[3], "random")) {
+		dev_dbg(dev, "Invalid GetRandom response items[3]");
+		return -EINVAL;
+	}
+
+	if (items[4].type != CBOR_ITEM_STRING) {
+		dev_dbg(dev, "Invalid GetRandom response items[4]");
+		return -EINVAL;
+	}
+
+	random->random.len = items[4].size;
+	memcpy(random->random.data, &resp->data[items[4].offset],
+	       random->random.len);
+
+	return 0;
+}
+
+static int _parse_resp_get_random(struct nsm *nsm, struct nsm_data_resp *resp,
+				  void *buffer)
+{
+	return parse_resp_get_random(nsm, resp, buffer);
+}
+
+/*
+ * HwRNG implementation
+ */
+static int nsm_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
+{
+	struct nsm *nsm = hwrng_to_nsm(rng);
+	struct device *dev = &nsm->vdev->dev;
+	union nsm_get_random *random = NULL;
+	struct nsm_msg *msg;
+	int rc = 0;
+
+	/* NSM always needs to wait for a response */
+	if (!wait)
+		return 0;
+
+	msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL);
+	if (!msg)
+		return -ENOMEM;
+
+	rc = -ENOMEM;
+	random = devm_kzalloc(dev, sizeof(*random), GFP_KERNEL);
+	if (!random)
+		goto out;
+
+	rc = fill_req_get_random(nsm, &msg->req);
+	if (rc != 0)
+		goto out;
+
+	rc = nsm_sendrecv_msg(nsm, msg);
+	if (rc != 0)
+		goto out;
+
+	rc = parse_resp_get_random(nsm, &msg->resp, random);
+	if (rc != 0)
+		goto out;
+
+	rc = min_t(size_t, random->resp.random.len, max);
+	memcpy(data, random->resp.random.data, rc);
+
+	dev_dbg(dev, "RNG: returning rand bytes = %d", rc);
+out:
+	devm_kfree(dev, random);
+	devm_kfree(dev, msg);
+	return rc;
+}
+
+static ssize_t version_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	struct miscdevice *misc_dev = dev_get_drvdata(dev);
+	struct nsm *nsm = misc_dev_to_nsm(misc_dev);
+
+	return sysfs_emit(buf, "%d.%d.%d\n", nsm->major, nsm->minor, nsm->patch);
+}
+static DEVICE_ATTR_RO(version);
+
+static ssize_t max_pcrs_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	struct miscdevice *misc_dev = dev_get_drvdata(dev);
+	struct nsm *nsm = misc_dev_to_nsm(misc_dev);
+
+	return sysfs_emit(buf, "%d\n", nsm->max_pcrs);
+}
+static DEVICE_ATTR_RO(max_pcrs);
+
+static ssize_t digest_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	struct miscdevice *misc_dev = dev_get_drvdata(dev);
+	struct nsm *nsm = misc_dev_to_nsm(misc_dev);
+
+	return sysfs_emit(buf, "%s\n", nsm->digest);
+}
+static DEVICE_ATTR_RO(digest);
+
+static ssize_t module_id_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	struct miscdevice *misc_dev = dev_get_drvdata(dev);
+	struct nsm *nsm = misc_dev_to_nsm(misc_dev);
+
+	return sysfs_emit(buf, "%s\n", nsm->module_id);
+}
+static DEVICE_ATTR_RO(module_id);
+
+/* Sysfs files to access NSM state in addition to ioctls */
+static struct attribute *nsm_dev_attrs[] = {
+	&dev_attr_version.attr,
+	&dev_attr_max_pcrs.attr,
+	&dev_attr_digest.attr,
+	&dev_attr_module_id.attr,
+	NULL
+};
+ATTRIBUTE_GROUPS(nsm_dev);
+
+/*
+ * IOCTL handlers. We always follow the same pattern for each of these: We copy
+ * the full user struct to kernel space, then we generate a device message from
+ * it, send it to the device and parse the response back into the in-kernel
+ * struct. Then we copy the full result back to user space.
+ */
+struct nsm_ioctl_handler {
+	int cmd;
+	int (*fill_req)(struct nsm *nsm, struct nsm_data_req *req, void *buffer);
+	int (*parse_resp)(struct nsm *nsm, struct nsm_data_resp *resp, void *buffer);
+};
+
+static const struct nsm_ioctl_handler nsm_ioctls[] = {
+	{ NSM_IOCTL_RAW, _fill_req_raw, _parse_resp_raw },
+	{ NSM_IOCTL_DESCRIBE_PCR, _fill_req_describe_pcr, _parse_resp_describe_pcr },
+	{ NSM_IOCTL_EXTEND_PCR, _fill_req_extend_pcr, _parse_resp_extend_pcr },
+	{ NSM_IOCTL_LOCK_PCR, _fill_req_lock_pcr, _parse_resp_lock_pcr },
+	{ NSM_IOCTL_LOCK_PCRS, _fill_req_lock_pcrs, _parse_resp_lock_pcrs },
+	{ NSM_IOCTL_DESCRIBE_NSM, _fill_req_describe_nsm, _parse_resp_describe_nsm },
+	{ NSM_IOCTL_ATTESTATION, _fill_req_attestation, _parse_resp_attestation },
+	{ NSM_IOCTL_RANDOM, _fill_req_get_random, _parse_resp_get_random },
+};
+
+static const struct nsm_ioctl_handler *nsm_dev_ioctl_handler(int cmd)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(nsm_ioctls); i++)
+		if (nsm_ioctls[i].cmd == cmd)
+			return &nsm_ioctls[i];
+
+	return NULL;
+}
+
+static long nsm_dev_ioctl(struct file *file, unsigned int cmd,
+	unsigned long arg)
+{
+	void __user *argp = u64_to_user_ptr((u64)arg);
+	const struct nsm_ioctl_handler *handler;
+	struct nsm *nsm = file_to_nsm(file);
+	struct device *dev = &nsm->vdev->dev;
+	struct nsm_msg *msg = NULL;
+	void *buffer = NULL;
+	int r = 0;
+
+	/* Find handler for this ioctl */
+	r = -EINVAL;
+	handler = nsm_dev_ioctl_handler(cmd);
+	if (!handler)
+		goto out;
+
+	/* Allocate message buffers to device */
+	r = -ENOMEM;
+	msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL);
+	if (!msg)
+		goto out;
+
+	/* Allocate kernel copy of ioctl argument */
+	r = -ENOMEM;
+	buffer = devm_kmalloc(dev, _IOC_SIZE(cmd), GFP_KERNEL);
+	if (!buffer)
+		goto out;
+
+	/* Copy user argument struct to kernel argument struct */
+	r = -EFAULT;
+	if (copy_from_user(buffer, argp, _IOC_SIZE(cmd)))
+		goto out;
+
+	/* Convert kernel argument struct to device request */
+	r = handler->fill_req(nsm, &msg->req, buffer);
+	if (r)
+		goto out;
+
+	/* Send message to NSM and read reply */
+	r = nsm_sendrecv_msg(nsm, msg);
+	if (r)
+		goto out;
+
+	/* Parse device response into kernel argument struct */
+	r = handler->parse_resp(nsm, &msg->resp, buffer);
+	if (r)
+		goto out;
+
+	/* Copy kernel argument struct  back to user argument struct */
+	r = -EFAULT;
+	if (copy_to_user(argp, buffer, _IOC_SIZE(cmd)))
+		goto out;
+
+	r = 0;
+
+out:
+	devm_kfree(dev, msg);
+	devm_kfree(dev, buffer);
+	return r;
+}
+
+static int nsm_dev_file_open(struct inode *node, struct file *file)
+{
+	return 0;
+}
+
+static int nsm_dev_file_close(struct inode *inode, struct file *file)
+{
+	return 0;
+}
+
+static int nsm_device_init_vq(struct virtio_device *vdev)
+{
+	struct virtqueue *vq = virtio_find_single_vq(vdev,
+		nsm_vq_callback, "nsm.vq.0");
+	struct nsm *nsm = vdev->priv;
+
+	if (IS_ERR(vq))
+		return PTR_ERR(vq);
+
+	nsm->vq = vq;
+
+	return 0;
+}
+
+static const struct file_operations nsm_dev_fops = {
+	.open = nsm_dev_file_open,
+	.release = nsm_dev_file_close,
+	.unlocked_ioctl = nsm_dev_ioctl,
+	.compat_ioctl = compat_ptr_ioctl,
+};
+
+static int nsm_init_sysfs(struct nsm *nsm)
+{
+	struct device *dev = &nsm->vdev->dev;
+	union nsm_describe_nsm *desc = NULL;
+	struct nsm_msg *msg = NULL;
+	int rc = 0;
+
+	rc = -ENOMEM;
+	msg = devm_kzalloc(dev, sizeof(*msg), GFP_KERNEL);
+	if (!msg)
+		goto out;
+
+	rc = -ENOMEM;
+	desc = devm_kzalloc(dev, sizeof(*desc), GFP_KERNEL);
+	if (!desc)
+		goto out;
+
+	rc = fill_req_describe_nsm(nsm, &msg->req);
+	if (rc != 0)
+		goto out;
+
+	rc = nsm_sendrecv_msg(nsm, msg);
+	if (rc != 0)
+		goto out;
+
+	rc = parse_resp_describe_nsm(nsm, &msg->resp, desc);
+	if (rc != 0)
+		goto out;
+
+	nsm->major = desc->resp.major;
+	nsm->minor = desc->resp.minor;
+	nsm->patch = desc->resp.patch;
+	memcpy(nsm->module_id, desc->resp.module_id, sizeof(nsm->module_id));
+	memcpy(nsm->digest, desc->resp.digest, sizeof(nsm->digest));
+
+out:
+	kfree(desc);
+	kfree(msg);
+	return rc;
+}
+
+static void nsm_misc_init(struct work_struct *work)
+{
+	struct nsm *nsm = container_of(work, struct nsm, misc_init);
+	struct device *dev = &nsm->vdev->dev;
+	int rc;
+
+	/* Initialize sysfs data */
+	rc = nsm_init_sysfs(nsm);
+	if (rc) {
+		dev_err(dev, "Initializing sysfs failed: %d\n", rc);
+		return;
+	}
+
+	/* Register /dev/nsm device node */
+	nsm->misc = (struct miscdevice) {
+		.minor	= MISC_DYNAMIC_MINOR,
+		.name	= "nsm",
+		.fops	= &nsm_dev_fops,
+		.mode	= 0666,
+		.groups = nsm_dev_groups,
+	};
+
+	rc = misc_register(&nsm->misc);
+	if (rc)
+		dev_err(dev, "misc device registration error: %d.\n", rc);
+}
+
+/* Handler for probing the NSM device */
+static int nsm_device_probe(struct virtio_device *vdev)
+{
+	struct device *dev = &vdev->dev;
+	struct nsm *nsm;
+	int rc;
+
+	nsm = devm_kzalloc(&vdev->dev, sizeof(*nsm), GFP_KERNEL);
+	if (!nsm)
+		return -ENOMEM;
+
+	vdev->priv = nsm;
+	nsm->vdev = vdev;
+
+	rc = nsm_device_init_vq(vdev);
+	if (rc) {
+		dev_err(dev, "queue failed to initialize: %d.\n", rc);
+		goto err_init_vq;
+	}
+
+	mutex_init(&nsm->lock);
+	init_waitqueue_head(&nsm->wq);
+
+	/* Register as hwrng provider */
+	nsm->hwrng = (struct hwrng) {
+		.read = nsm_rng_read,
+		.name = "nsm-hwrng",
+		.quality = 1000,
+	};
+
+	rc = devm_hwrng_register(&vdev->dev, &nsm->hwrng);
+	if (rc) {
+		dev_err(dev, "RNG initialization error: %d.\n", rc);
+		goto err_hwrng;
+	}
+
+	/*
+	 * To initialize the misc device's sysfs properties we need to
+	 * communicate with NSM which only works after probe is finished.
+	 * Trigger work so we can delay the misc device registration.
+	 */
+	INIT_WORK(&nsm->misc_init, nsm_misc_init);
+	schedule_work(&nsm->misc_init);
+
+	return 0;
+
+err_hwrng:
+	vdev->config->del_vqs(vdev);
+err_init_vq:
+	kfree(nsm);
+	return rc;
+}
+
+/* Handler for removing the NSM device */
+static void nsm_device_remove(struct virtio_device *vdev)
+{
+	struct nsm *nsm = vdev->priv;
+
+	hwrng_unregister(&nsm->hwrng);
+
+	vdev->config->del_vqs(vdev);
+	misc_deregister(&nsm->misc);
+	list_del(&nsm->node);
+}
+
+/* NSM device configuration structure */
+static struct virtio_driver virtio_nsm_driver = {
+	.feature_table             = 0,
+	.feature_table_size        = 0,
+	.feature_table_legacy      = 0,
+	.feature_table_size_legacy = 0,
+	.driver.name               = KBUILD_MODNAME,
+	.driver.owner              = THIS_MODULE,
+	.id_table                  = id_table,
+	.probe                     = nsm_device_probe,
+	.remove                    = nsm_device_remove,
+};
+
+module_virtio_driver(virtio_nsm_driver);
+MODULE_DEVICE_TABLE(virtio, id_table);
+MODULE_DESCRIPTION("Virtio NSM driver");
+MODULE_LICENSE("GPL");
diff --git a/include/uapi/linux/nsm.h b/include/uapi/linux/nsm.h
new file mode 100644
index 000000000000..4b5c02f0fbf6
--- /dev/null
+++ b/include/uapi/linux/nsm.h
@@ -0,0 +1,188 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ */
+
+#ifndef __UAPI_LINUX_NSM_H
+#define __UAPI_LINUX_NSM_H
+
+#include <linux/ioctl.h>
+#include <linux/types.h>
+
+#define NSM_MAGIC		0x0A
+
+#define NSM_REQUEST_MAX_SIZE	0x1000
+#define NSM_RESPONSE_MAX_SIZE	0x3000
+#define NSM_PCR_MAX_SIZE        0x200
+#define NSM_MAX_PCRS            0x100
+
+struct nsm_iovec {
+	__u64 addr; /* Virtual address of target buffer */
+	__u64 len;  /* Length of target buffer */
+};
+
+/* Raw NSM message. Only available with CAP_SYS_ADMIN. */
+struct nsm_raw {
+	/* Request from user */
+	struct nsm_iovec request;
+	/* Response to user */
+	struct nsm_iovec response;
+};
+#define NSM_IOCTL_RAW		_IOWR(NSM_MAGIC, 0x0, struct nsm_raw)
+
+/* Maximum length input data */
+struct nsm_data_req {
+	__u32 len;
+	__u8  data[NSM_REQUEST_MAX_SIZE];
+};
+
+/* Maximum length output data */
+struct nsm_data_resp {
+	__u32 len;
+	__u8  data[NSM_RESPONSE_MAX_SIZE];
+};
+
+/* PCR hash. Currently at most 512 bits, but let's leave room for up to 4096. */
+struct nsm_pcr_data {
+	__u32 len;
+	__u8  data[NSM_PCR_MAX_SIZE];
+};
+
+/*
+ * DescribePCR
+ *
+ * Queries the PCR contents of a single PCR. Returns whether the PCR is
+ * currently in locked state and the PCR hash value.
+ */
+struct nsm_describe_pcr_req {
+	__u16 index;
+};
+
+struct nsm_describe_pcr_resp {
+	__u16 lock;
+	struct nsm_pcr_data data;
+};
+
+union nsm_describe_pcr {
+	struct nsm_describe_pcr_req req;
+	struct nsm_describe_pcr_resp resp;
+};
+#define NSM_IOCTL_DESCRIBE_PCR	_IOWR(NSM_MAGIC, 0x1, union nsm_describe_pcr)
+
+/*
+ * ExtendPCR
+ *
+ * Extends the PCR hash with additional binary data. Returns the new PCR
+ * hash value after extension.
+ */
+struct nsm_extend_pcr_req {
+	__u16 index;
+	__u16 pad;
+	struct nsm_data_req data;
+};
+
+struct nsm_extend_pcr_resp {
+	struct nsm_pcr_data data;
+};
+
+union nsm_extend_pcr {
+	struct nsm_extend_pcr_req req;
+	struct nsm_extend_pcr_resp resp;
+};
+#define NSM_IOCTL_EXTEND_PCR	_IOWR(NSM_MAGIC, 0x2, union nsm_extend_pcr)
+
+/*
+ * LockPCR
+ *
+ * Enables lock state for a single PCR. After this operation, the PCR becomes
+ * unmodifyable until Enclave destruction.
+ */
+struct nsm_lock_pcr_req {
+	__u16 index;
+};
+
+union nsm_lock_pcr {
+	struct nsm_lock_pcr_req req;
+};
+#define NSM_IOCTL_LOCK_PCR	_IOWR(NSM_MAGIC, 0x3, union nsm_lock_pcr)
+
+/*
+ * LockPCRs
+ *
+ * Enables lock state for all PCR from 0 up to the given range_from_zero
+ * parameter. After this operation, all PCR in range become unmodifyable
+ * until Enclave destruction.
+ */
+struct nsm_lock_pcrs_req {
+	__u16 range_from_zero;
+};
+
+union nsm_lock_pcrs {
+	struct nsm_lock_pcrs_req req;
+};
+#define NSM_IOCTL_LOCK_PCRS	_IOWR(NSM_MAGIC, 0x4, union nsm_lock_pcrs)
+
+/*
+ * DescribeNSM
+ *
+ * Provides metadata information about the NSM backend implementation,
+ * such as version and maximum number of PCRs.
+ */
+struct nsm_u16_resp {
+	__u32 u16s;
+	__u16 u16[NSM_MAX_PCRS];
+};
+
+struct nsm_describe_nsm_resp {
+	__u16 major;
+	__u16 minor;
+	__u16 patch;
+	char module_id[256];			/* null-terminated C string */
+	__u16 max_pcrs;
+	struct nsm_u16_resp locked_pcrs;
+	char digest[16];			/* null-terminated C string */
+};
+
+union nsm_describe_nsm {
+	struct nsm_describe_nsm_resp resp;
+};
+#define NSM_IOCTL_DESCRIBE_NSM	_IOWR(NSM_MAGIC, 0x5, union nsm_describe_nsm)
+
+/*
+ * Attestation
+ *
+ * Provides an attestation document that you can use to attest the Enclave
+ * against external services. Takes 3 binary input parameters that get
+ * reflected 1:1 inside the attestation document.
+ */
+struct nsm_attestation_req {
+	struct nsm_data_req user_data;
+	struct nsm_data_req nonce;
+	struct nsm_data_req public_key;
+};
+
+struct nsm_attestation_resp {
+	struct nsm_data_resp document;
+};
+
+union nsm_attestation {
+	struct nsm_attestation_req req;
+	struct nsm_attestation_resp resp;
+};
+#define NSM_IOCTL_ATTESTATION	_IOWR(NSM_MAGIC, 0x6, union nsm_attestation)
+
+/*
+ * GetRandom
+ *
+ * Returns random bytes.
+ */
+struct nsm_get_random_resp {
+	struct nsm_data_resp random;
+};
+
+union nsm_get_random {
+	struct nsm_get_random_resp resp;
+};
+#define NSM_IOCTL_RANDOM	_IOWR(NSM_MAGIC, 0x7, union nsm_get_random)
+
+#endif /* __UAPI_LINUX_NSM_H */
-- 
2.40.1




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux