File virt-sevguest-Add-support-to-derive-key of Package linux-glibc-devel.29113
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Thu, 24 Feb 2022 10:56:23 -0600
Subject: virt: sevguest: Add support to derive key
Git-commit: 68de0b2f938642079c0c853b219bdb88c4dc4d13
Patch-mainline: v5.19-rc1
References: jsc#SLE-19924, jsc#SLE-24814
The SNP_GET_DERIVED_KEY ioctl interface can be used by the SNP guest to
ask the firmware to provide a key derived from a root key. The derived
key may be used by the guest for any purposes it chooses, such as a
sealing key or communicating with the external entities.
See SEV-SNP firmware spec for more information.
[ bp: No need to memset "req" - it will get overwritten. ]
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Link: https://lore.kernel.org/r/20220307213356.2797205-45-brijesh.singh@amd.com
Acked-by: Joerg Roedel <jroedel@suse.de>
---
Documentation/virt/coco/sevguest.rst | 17 ++++++++++++
drivers/virt/coco/sevguest/sevguest.c | 45 ++++++++++++++++++++++++++++++++++
include/uapi/linux/sev-guest.h | 17 ++++++++++++
3 files changed, 79 insertions(+)
--- a/include/linux/sev-guest.h
+++ b/include/linux/sev-guest.h
@@ -30,6 +30,20 @@ struct snp_report_resp {
__u8 data[4000];
};
+struct snp_derived_key_req {
+ __u32 root_key_select;
+ __u32 rsvd;
+ __u64 guest_field_select;
+ __u32 vmpl;
+ __u32 guest_svn;
+ __u64 tcb_version;
+};
+
+struct snp_derived_key_resp {
+ /* response data, see SEV-SNP spec for the format */
+ __u8 data[64];
+};
+
struct snp_guest_request_ioctl {
/* message version number (must be non-zero) */
__u8 msg_version;
@@ -47,4 +61,7 @@ struct snp_guest_request_ioctl {
/* Get SNP attestation report */
#define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
+/* Get a derived key from the root */
+#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
+
#endif /* __UAPI_LINUX_SEV_GUEST_H_ */
