Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3610982rdh; Thu, 28 Sep 2023 18:06:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGu1ERX/zz+NKzQZWXQoQx1v1oqcs64DUIGyJGWLtQnSMfV1ToP3dSFwuAnPPLSuL82xn5 X-Received: by 2002:a05:6870:b4a1:b0:1d5:5660:3ae0 with SMTP id y33-20020a056870b4a100b001d556603ae0mr3102161oap.20.1695949614818; Thu, 28 Sep 2023 18:06:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695949614; cv=none; d=google.com; s=arc-20160816; b=EXSLaXffvEyNz+vFTsJ7tSqWgwK0pgPJP6Zj8OSnXj10H5XDw4zWtntAbTkBgKfkPn YtfC5ya1SUYVZJUXVKfbORwh6vN8AR3xg0uV9blBtyZJtFRNtgwgfxT67olrX3MV1+kB KWY7CbSEDrSI5rl0eNpvToY8KpFeKC99VSTdbiUaZmqVY+tMK+41sy+PyYyYTWxHnfyz BNLqeFSZVJ9Wub29OUiEQFCbwZEXuQ6IDmZEKb776jNNcGGirAqCQude3nq4LKeCKZkH cJTV21ra8afDES0iNGESVjgq+UO2ZFC3FNydSmGApIWkLyPSf9FdMNvunUeIJry67Cmd OR0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=NN8BUbBe5IQWldFLhKZkzwvmTBEkE0S0/4uz0sb3TFk=; fh=w3+VeJ/dzQrByU9Qp0AiGIVRS8FEMkjnVDPVuhTWyz0=; b=vKwmKMCj0/y51lRQnuI57GMSseEK9lF+dkXIJ4SZkIQ6xj48uP0qfnsr3hEoXA7y0U KZO0swLvvB+9bfVz01GWZit7+zS9CGKwWtH8Q2Fjik9K7Rs0eEjsXg1RuQwrJcW8dKJV QG6U3ew1CpDZL3p5yiftBHA3iuSGjuoKFkV1fe7MKVi0gMkg5U6wdYGeMQQOY4MqPOER b24StVAwvDejXgfco5pyYl0oCFLkVRqgfdLu4ILrSa6+iY27/wyIPv6yoyM/KJx3VUcP sA3T7GK2BQhx7SRFc2wi7WAFQz7dUlMbOlBrMItjBaQGqCDwiaZ8ZH94hAt/vv4sNHHO MJNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=csTz4Njf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id u11-20020a6540cb000000b005859f850b2csi373317pgp.38.2023.09.28.18.06.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 18:06:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=csTz4Njf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 211DE821E1B3; Thu, 28 Sep 2023 15:47:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232171AbjI1WrB (ORCPT + 99 others); Thu, 28 Sep 2023 18:47:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229478AbjI1WrA (ORCPT ); Thu, 28 Sep 2023 18:47:00 -0400 Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8663019D; Thu, 28 Sep 2023 15:46:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695941218; x=1727477218; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=NN8BUbBe5IQWldFLhKZkzwvmTBEkE0S0/4uz0sb3TFk=; b=csTz4Njf9MIMGz/QPcbN55uwKARxFo8vfZZxd+ka6/Tg3/tGFFGMgTMU Yi4SXrqyYW8SYBYm2l/4yowE0F8ayx95oe54wZdaGQ7E+yGrxnn6LdaUe RYbOZMDuBDpMI0CYUGNR+qpw68FYUYPO+ROiJsFyimVbg8vsmsDRc87W/ 8=; X-IronPort-AV: E=Sophos;i="6.03,185,1694736000"; d="scan'208";a="32247585" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com) ([10.25.36.210]) by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 22:46:56 +0000 Received: from EX19MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com (Postfix) with ESMTPS id 920A640D8F; Thu, 28 Sep 2023 22:46:55 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Thu, 28 Sep 2023 22:46:49 +0000 Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Thu, 28 Sep 2023 22:46:47 +0000 From: Alexander Graf To: CC: , Greg Kroah-Hartman , Arnd Bergmann , Herbert Xu , Olivia Mackall , "Petre Eftime" , Erdem Meydanlli , Benjamin Herrenschmidt , David Woodhouse , "Michael S . Tsirkin" , Jason Wang , Xuan Zhuo Subject: [PATCH 0/2] Add Nitro Secure Module support Date: Thu, 28 Sep 2023 22:46:43 +0000 Message-ID: <20230928224645.19768-1-graf@amazon.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Originating-IP: [10.253.83.51] X-ClientProxiedBy: EX19D046UWA003.ant.amazon.com (10.13.139.18) To EX19D020UWC004.ant.amazon.com (10.13.138.149) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 28 Sep 2023 15:47:08 -0700 (PDT) We already have support for the Nitro Enclave kernel module in upstream Linux, which is needed to control a Nitro Enclave's lifecycle. However, users typically want to run Linux inside the Enclave as well. To do that well, they need the ability to communicate to the Nitro Secure Module: A virtio based PV device that provides access to PCRs, an attestation document as well as access to entropy. These patches add driver support for NSM. With them in place, upstream Linux has everything that's needed to run as a Nitro Enclave kernel. Alex Alexander Graf (2): misc: Add Nitro Secure Module driver hwrng: Add support for Nitro Secure Module MAINTAINERS | 10 + drivers/char/hw_random/Kconfig | 12 + drivers/char/hw_random/Makefile | 1 + drivers/char/hw_random/nsm-rng.c | 284 +++++++++++++++++++ drivers/misc/Kconfig | 11 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 469 +++++++++++++++++++++++++++++++ include/linux/nsm.h | 42 +++ 8 files changed, 830 insertions(+) create mode 100644 drivers/char/hw_random/nsm-rng.c create mode 100644 drivers/misc/nsm.c create mode 100644 include/linux/nsm.h -- 2.40.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879