crypto: ccp: Define CSV3 key management command id

hygon inclusion category: feature CVE: NA --------------------------- Define Hygon CSV3 key management command id and structure. CSV3 is the technology for Hygon secure virtualization to improve security of guest with secure isolated memory technology in hardware. The command definition is available in CSV3 spec. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
deepin-community · Aug 19, 2024 · c26f93e · c26f93e
1 parent 68a6875
commit c26f93e
Show file tree

Hide file tree

Showing 2 changed files with 187 additions and 0 deletions.
diff --git a/drivers/crypto/ccp/hygon/csv-dev.c b/drivers/crypto/ccp/hygon/csv-dev.c
@@ -46,6 +46,15 @@ int csv_cmd_buffer_len(int cmd)
 	switch (cmd) {
 	case CSV_CMD_HGSC_CERT_IMPORT:		return sizeof(struct csv_data_hgsc_cert_import);
 	case CSV_CMD_RING_BUFFER:		return sizeof(struct csv_data_ring_buffer);
+	case CSV3_CMD_LAUNCH_ENCRYPT_DATA:	return sizeof(struct csv3_data_launch_encrypt_data);
+	case CSV3_CMD_LAUNCH_ENCRYPT_VMCB:	return sizeof(struct csv3_data_launch_encrypt_vmcb);
+	case CSV3_CMD_UPDATE_NPT:		return sizeof(struct csv3_data_update_npt);
+	case CSV3_CMD_SET_SMR:			return sizeof(struct csv3_data_set_smr);
+	case CSV3_CMD_SET_SMCR:			return sizeof(struct csv3_data_set_smcr);
+	case CSV3_CMD_SET_GUEST_PRIVATE_MEMORY:
+					return sizeof(struct csv3_data_set_guest_private_memory);
+	case CSV3_CMD_DBG_READ_VMSA:		return sizeof(struct csv3_data_dbg_read_vmsa);
+	case CSV3_CMD_DBG_READ_MEM:		return sizeof(struct csv3_data_dbg_read_mem);
 	default:				return 0;
 	}
 }

diff --git a/include/linux/psp-hygon.h b/include/linux/psp-hygon.h
@@ -28,6 +28,34 @@ enum csv_cmd {
 	CSV_CMD_MAX,
 };
 
+/**
+ * Guest/platform management commands for CSV3
+ */
+enum csv3_cmd {
+	/* Guest launch commands */
+	CSV3_CMD_SET_GUEST_PRIVATE_MEMORY	= 0x200,
+	CSV3_CMD_LAUNCH_ENCRYPT_DATA		= 0x201,
+	CSV3_CMD_LAUNCH_ENCRYPT_VMCB		= 0x202,
+	/* Guest NPT(Nested Page Table) management commands */
+	CSV3_CMD_UPDATE_NPT			= 0x203,
+
+	/* Guest migration commands */
+	CSV3_CMD_SEND_ENCRYPT_DATA		= 0x210,
+	CSV3_CMD_SEND_ENCRYPT_CONTEXT		= 0x211,
+	CSV3_CMD_RECEIVE_ENCRYPT_DATA		= 0x212,
+	CSV3_CMD_RECEIVE_ENCRYPT_CONTEXT	= 0x213,
+
+	/* Guest debug commands */
+	CSV3_CMD_DBG_READ_VMSA			= 0x220,
+	CSV3_CMD_DBG_READ_MEM			= 0x221,
+
+	/* Platform secure memory management commands */
+	CSV3_CMD_SET_SMR			= 0x230,
+	CSV3_CMD_SET_SMCR			= 0x231,
+
+	CSV3_CMD_MAX,
+};
+
 /**
  * CSV communication state
  */
@@ -127,6 +155,156 @@ struct csv_data_ring_buffer {
 	u16 int_on_empty;		/* In */
 } __packed;
 
+/**
+ * struct csv3_data_launch_encrypt_data - CSV3_CMD_LAUNCH_ENCRYPT_DATA command
+ *
+ * @handle: handle of the VM to update
+ * @gpa: guest address where data is copied
+ * @length: len of memory to be encrypted
+ * @data_blocks: memory regions to hold data page address
+ */
+struct csv3_data_launch_encrypt_data {
+	u32 handle;			/* In */
+	u32 reserved;			/* In */
+	u64 gpa;			/* In */
+	u32 length;			/* In */
+	u32 reserved1;			/* In */
+	u64 data_blocks[8];		/* In */
+} __packed;
+
+/**
+ * struct csv3_data_launch_encrypt_vmcb - CSV3_CMD_LAUNCH_ENCRYPT_VMCB command
+ *
+ * @handle: handle of the VM
+ * @vcpu_id: id of vcpu per vmsa/vmcb
+ * @vmsa_addr: memory address of initial vmsa data
+ * @vmsa_len: len of initial vmsa data
+ * @shadow_vmcb_addr: memory address of shadow vmcb data
+ * @shadow_vmcb_len: len of shadow vmcb data
+ * @secure_vmcb_addr: memory address of secure vmcb data
+ * @secure_vmcb_len: len of secure vmcb data
+ */
+struct csv3_data_launch_encrypt_vmcb {
+	u32 handle;			/* In */
+	u32 reserved;			/* In */
+	u32 vcpu_id;			/* In */
+	u32 reserved1;			/* In */
+	u64 vmsa_addr;			/* In */
+	u32 vmsa_len;			/* In */
+	u32 reserved2;			/* In */
+	u64 shadow_vmcb_addr;		/* In */
+	u32 shadow_vmcb_len;		/* In */
+	u32 reserved3;			/* In */
+	u64 secure_vmcb_addr;		/* Out */
+	u32 secure_vmcb_len;		/* Out */
+} __packed;
+
+/**
+ * struct csv3_data_update_npt - CSV3_CMD_UPDATE_NPT command
+ *
+ * @handle: handle assigned to the VM
+ * @error_code: nested page fault error code
+ * @gpa: guest page address where npf happens
+ * @spa: physical address which maps to gpa in host page table
+ * @level: page level which can be mapped in nested page table
+ * @page_attr: page attribute for gpa
+ * @page_attr_mask: which page attribute bit should be set
+ * @npages: number of pages from gpa is handled.
+ */
+struct csv3_data_update_npt {
+	u32 handle;			/* In */
+	u32 reserved;			/* In */
+	u32 error_code;			/* In */
+	u32 reserved1;			/* In */
+	u64 gpa;			/* In */
+	u64 spa;			/* In */
+	u64 level;			/* In */
+	u64 page_attr;			/* In */
+	u64 page_attr_mask;		/* In */
+	u32 npages;			/* In/Out */
+} __packed;
+
+/**
+ * struct csv3_data_mem_region - define a memory region
+ *
+ * @base_address: base address of a memory region
+ * @size: size of memory region
+ */
+struct csv3_data_memory_region {
+	u64 base_address;		/* In */
+	u64 size;			/* In */
+} __packed;
+
+/**
+ * struct csv3_data_set_guest_private_memory - CSV3_CMD_SET_GUEST_PRIVATE_MEMORY
+ * command parameters
+ *
+ * @handle: handle assigned to the VM
+ * @nregions: number of memory regions
+ * @regions_paddr: address of memory containing multiple memory regions
+ */
+struct csv3_data_set_guest_private_memory {
+	u32 handle;			/* In */
+	u32 nregions;			/* In */
+	u64 regions_paddr;		/* In */
+} __packed;
+
+/**
+ * struct csv3_data_set_smr - CSV3_CMD_SET_SMR command parameters
+ *
+ * @smr_entry_size: size of SMR entry
+ * @nregions: number of memory regions
+ * @regions_paddr: address of memory containing multiple memory regions
+ */
+struct csv3_data_set_smr {
+	u32 smr_entry_size;		/* In */
+	u32 nregions;			/* In */
+	u64 regions_paddr;		/* In */
+} __packed;
+
+/**
+ * struct csv3_data_set_smcr - CSV3_CMD_SET_SMCR command parameters
+ *
+ * @base_address: start address of SMCR memory
+ * @size: size of SMCR memory
+ */
+struct csv3_data_set_smcr {
+	u64 base_address;		/* In */
+	u64 size;			/* In */
+} __packed;
+
+/**
+ * struct csv3_data_dbg_read_vmsa - CSV3_CMD_DBG_READ_VMSA command parameters
+ *
+ * @handle: handle assigned to the VM
+ * @spa: system physical address of memory to get vmsa of the specific vcpu
+ * @size: size of the host memory
+ * @vcpu_id: the specific vcpu
+ */
+struct csv3_data_dbg_read_vmsa {
+	u32 handle;			/* In */
+	u32 reserved;			/* In */
+	u64 spa;			/* In */
+	u32 size;			/* In */
+	u32 vcpu_id;			/* In */
+} __packed;
+
+/**
+ * struct csv3_data_dbg_read_mem - CSV3_CMD_DBG_READ_MEM command parameters
+ *
+ * @handle: handle assigned to the VM
+ * @gpa: guest physical address of the memory to access
+ * @spa: system physical address of memory to get data from gpa
+ * @size: size of guest memory to access
+ */
+struct csv3_data_dbg_read_mem {
+	u32 handle;			/* In */
+	u32 reserved;			/* In */
+	u64 gpa;			/* In */
+	u64 spa;			/* In */
+	u32 size;			/* In */
+} __packed;
+
 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
 
 int psp_do_cmd(int cmd, void *data, int *psp_ret);