Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp78353rdb; Fri, 29 Sep 2023 17:41:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFqCIBt7yT1bTtgZUwHkKjeN6C8tIPFAd6/6xjaNivukWcXVH3+VBwY8pF9K+/H84sXnTKi X-Received: by 2002:a17:90b:e89:b0:268:c569:f2af with SMTP id fv9-20020a17090b0e8900b00268c569f2afmr5416542pjb.7.1696034478738; Fri, 29 Sep 2023 17:41:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696034478; cv=none; d=google.com; s=arc-20160816; b=dWIIwJ5ckbkSMjIemIRO3IMaf5uenFk5B5+2XrNktZXLaMiHmyiXwd4eKASYQpSr/O 7qi5cfv/5Z76covKqs45h1JXz/B7CHGtAULy2lO0+mdSXZTXxQAcFYqZFtBB4cp3R5hR /4pF4efp4ztwhaBKZOBODvnTd2SaSBhRJ+j4YrmrHVRN689IIo8efiPqI+0halH7MexA PAAYQE82YOYKDmtTLbZ6fBqsgq2YaGfuCAWj7hieAxl/H0SLYBcyW8UC7yrPVjwM7mQw eJ5aDIoGVOwqV56hO7TVVHzF2x++iD6V+3nMGihmIjGfnkjTm7v2kyJgaS59ff5XIGW9 XXBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=bJX4+NvWQ10hWHqKptnLbxIXX7JEo+TcPfEzhgBXIv4=; fh=w3+VeJ/dzQrByU9Qp0AiGIVRS8FEMkjnVDPVuhTWyz0=; b=ju9J3HrtqgzcV4v7HHwM0rJqydlR0wifCm/LwOKBhTGATSrcE5yq4pVP6eKGlnmCB1 4z3xmoggiad5elHLGk8inIYmwfK7BrqYEfcAR1yy+SWrqBXXvZiy4foCI7Tk9jekpjI8 U3l/SWgcBeknkxV3Vfgs4p8y8afgPPPfgc2YiLWOgvV94sdumfOetj++tUpD1DL3vqYr bAl4bUICM7ZAFkoUwJoGFuGqee+zZo2OarGa2WUjeqUgkB0+Xg52w5zoHJrmKi4eyroA kjbOIfqM9VG5IehDyfKmF8hvOUmAJfUzvnpNCcqSFbWHVF2n3WTr4MhEzwFXeVeWaAr6 6hFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=kiIcO146; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id y24-20020a17090aa41800b0027744a9de69si2501904pjp.126.2023.09.29.17.41.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 17:41:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=kiIcO146; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id EB4EC8292A4D; Fri, 29 Sep 2023 14:38:23 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233742AbjI2Vhx (ORCPT + 99 others); Fri, 29 Sep 2023 17:37:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229508AbjI2Vhw (ORCPT ); Fri, 29 Sep 2023 17:37:52 -0400 Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32EBE1AB; Fri, 29 Sep 2023 14:37:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1696023470; x=1727559470; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=bJX4+NvWQ10hWHqKptnLbxIXX7JEo+TcPfEzhgBXIv4=; b=kiIcO146FQGSEckIpvoMzbxYZVyX/igvT5pO6GzGdtkVk9y/JuX6lQUF AaNO6ySPzwO4R+ZUoq+VcVgI6S3WBPpw65jdpHoJmH0ghDsSg9feSan/4 8XBgW1/6TMw0/cQYYooAiN/lrN5sHUS6Y9voZi0UEaQdUgT8OO1j4v9Dl w=; X-IronPort-AV: E=Sophos;i="6.03,188,1694736000"; d="scan'208";a="242028653" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-pdx-2c-m6i4x-d2040ec1.us-west-2.amazon.com) ([10.25.36.214]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2023 21:37:47 +0000 Received: from EX19MTAUWB002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-pdx-2c-m6i4x-d2040ec1.us-west-2.amazon.com (Postfix) with ESMTPS id 6089140D91; Fri, 29 Sep 2023 21:37:47 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 21:37:42 +0000 Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 21:37:40 +0000 From: Alexander Graf To: CC: , Greg Kroah-Hartman , Arnd Bergmann , Herbert Xu , Olivia Mackall , "Petre Eftime" , Erdem Meydanlli , Benjamin Herrenschmidt , David Woodhouse , "Michael S . Tsirkin" , Jason Wang , Xuan Zhuo Subject: [PATCH v3 0/2] Add Nitro Secure Module support Date: Fri, 29 Sep 2023 21:37:37 +0000 Message-ID: <20230929213739.68494-1-graf@amazon.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Originating-IP: [10.253.83.51] X-ClientProxiedBy: EX19D043UWA002.ant.amazon.com (10.13.139.53) To EX19D020UWC004.ant.amazon.com (10.13.138.149) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 29 Sep 2023 14:38:24 -0700 (PDT) We already have support for the Nitro Enclave kernel module in upstream Linux, which is needed to control a Nitro Enclave's lifecycle. However, users typically want to run Linux inside the Enclave as well. To do that well, they need the ability to communicate to the Nitro Secure Module: A virtio based PV device that provides access to PCRs, an attestation document as well as access to entropy. These patches add driver support for NSM. With them in place, upstream Linux has everything that's needed to run as a Nitro Enclave kernel. Alex v1 -> v2: - Remove boilerplate - Add uapi header v2 -> v3: - Move globals to device struct - Add compat handling - Simplify some naming - Remove debug prints - Use module_virtio_driver - Ensure remove only happens on target device - Drop use of uio.h Alexander Graf (2): misc: Add Nitro Secure Module driver hwrng: Add support for Nitro Secure Module MAINTAINERS | 11 + drivers/char/hw_random/Kconfig | 12 + drivers/char/hw_random/Makefile | 1 + drivers/char/hw_random/nsm-rng.c | 275 ++++++++++++++++++++ drivers/misc/Kconfig | 11 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 423 +++++++++++++++++++++++++++++++ include/linux/nsm.h | 35 +++ include/uapi/linux/nsm.h | 30 +++ 9 files changed, 799 insertions(+) create mode 100644 drivers/char/hw_random/nsm-rng.c create mode 100644 drivers/misc/nsm.c create mode 100644 include/linux/nsm.h create mode 100644 include/uapi/linux/nsm.h -- 2.40.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879