Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4481095pxu;
        Wed, 9 Dec 2020 19:31:18 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzfSO8xzqyN/vsAXxZFmk2TXjOtKUY/Df5EP9MdHU5JbE9uxLV7xjDKOscFuzhDSgebjY5S
X-Received: by 2002:a17:906:5f92:: with SMTP id a18mr4825130eju.126.1607571078082;
        Wed, 09 Dec 2020 19:31:18 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1607571078; cv=pass;
        d=google.com; s=arc-20160816;
        b=DeHYDG/Qfd5D4qQe1nBtBI23ESGHabAgtsuJNRPtQrKQsG17TfO5DzTR/IZvwW2Uur
         7kArqzmXsjjmurwhaZhY2MLLvZtS9QYehsOs/h0rxYOFHa7EzNt8BncdZu+8wCceFS7I
         51A6SvCxf2ZJsBvrNFz+rHn8VdO6DtRORmXcVMjF4vAZ1Fy3hLP6QF9q1VlebrrXtPvo
         JPgy600EhErh863efFE2blwj4sR3bEl5akTvWq04qQqxXPY4kwGpVahI799DHC+5NyYs
         m2iiJCFOwlBB6ckMo9c6SUCAL42XbSX7cZA+numJpWsuCncuZiwY17vzyMGXqEJMMn++
         MjWg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-language
         :content-transfer-encoding:in-reply-to:user-agent:date:message-id
         :from:references:to:subject:cc:dkim-signature;
        bh=dmrJqEP5gyDFlMYM5/3vGIX0DcbVWJ9jw0y4V/ziODI=;
        b=K860XWGho8LOj/VR+A82uK4zLSuTwWn4KaTFf4VGKsAwnBtRXGZArrPToFE7Fwj3JW
         U4L76XXvWfuOLy7RMLIZYMBQaT9WE7+0guETR/uDHuW+3Ihd9+UHR/KWC0gaFV533d3N
         xvJx11r8KtPjaSjaAK0aUOBBD9PknF6WWFQPGGxg3rBFF8GEg6+HbjIbhjZ41l6T+e5A
         vodpOrjy8m6MPhGkCIs5Nr/G1jIlvSo4sJ5kIPHmvrx4eDHoMkqfLb0BwD/JwbHzgXQ0
         6LWH8MC7LBLyXejCEWAoSwHdqNlZntBOIm6qBOX9nQpFspR8Km4nN/UhLie60mJZhOcV
         3V0Q==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b="QEd/IPNA";
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=amd.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id jt2si1866769ejb.552.2020.12.09.19.30.46;
        Wed, 09 Dec 2020 19:31:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b="QEd/IPNA";
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=amd.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729814AbgLJD1y (ORCPT <rfc822;rusydi.hasan@gmail.com>
        + 99 others); Wed, 9 Dec 2020 22:27:54 -0500
Received: from mail-eopbgr750053.outbound.protection.outlook.com ([40.107.75.53]:38046
        "EHLO NAM02-BL2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1729246AbgLJD1y (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 9 Dec 2020 22:27:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=LoJx2TAEfFqUnI3jfEqwrOy49X8OupYP0RklcvV6o7zlQ4PQSDdXhXZoPz8pPGU2M1ZLReKu9BnNe+yYJycJMmcD989hPVOmxGYI3Wygf4PRKxnAIDanMyYXaNdZbVYICe8WKuLwYrBMOAkSdYUgFlSOVKVp2VkyyWYDGNIUBtOTlo5xteq4rFEp/7Ed1PWXzV+QNz7e9mYfDd7Z4FUwk9JAOCIsLvaMpCE8qZTtbqNetjE6HAHhcXvQomEg4JLu8zMt2OyP2iGhFf88RRukL4B2GMzUU+6QdVbdo1OIdr2MG18sHRloqZpvmbS+tB020mMqf23zv1zpH9+P0d39lQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=dmrJqEP5gyDFlMYM5/3vGIX0DcbVWJ9jw0y4V/ziODI=;
 b=eiMt0tGDjKTWqsX/WeIVz9r3auguhcoQ5e5Pdg+uR0EjhSLUVnphPj/6B/ZvTUtWvf7KyrRMRd1ZZ5VvOaTSCyMqUONB7/LJW0U0yjs2po67ZWBb5iv70ROjHuCb/6avKenQT4T27zoy7CrLqweqzYdz1coeAgMbBxVh+qRXMKfCdzUG9K0mZL0N4aNyvMeRKg4vrpkCAQ05Iz30uh9KnfSJ7X4im07BU+6w3zhK8urNqTMU4HpXcX0VTqx5ipJjjl88zvCII7VIbAr60dLgtJPybR5wD1EIXe1xLJJ+BF5JbQWOu95vfJsh5tUbPFNOTeSQh3spCMBWV/5teE1PRw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=dmrJqEP5gyDFlMYM5/3vGIX0DcbVWJ9jw0y4V/ziODI=;
 b=QEd/IPNAzGfkfGTp1LtUM9xTeqXDkqrj+/YNGat19daHFHTnxFC3fM9llPRVhmROpH8vMmqs+auuVtJX5eZmU+bcD8nrTtICEoaCPLkqNadhJ94MeYRLpBc42BaW8eGWSnddHrhiHqjPRZyb8uzCp1ponaNDPMeXXMPe9afcrxU=
Authentication-Results: vger.kernel.org; dkim=none (message not signed)
 header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SN6PR12MB4671.namprd12.prod.outlook.com (2603:10b6:805:e::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Thu, 10 Dec
 2020 03:27:05 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::18a2:699:70b3:2b8a]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::18a2:699:70b3:2b8a%6]) with mapi id 15.20.3654.012; Thu, 10 Dec 2020
 03:27:05 +0000
Cc:     brijesh.singh@amd.com, kvm@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux Doc Mailing List <linux-doc@vger.kernel.org>,
        James Bottomley <jejb@linux.ibm.com>,
        Tom Lendacky <Thomas.Lendacky@amd.com>,
        David Rientjes <rientjes@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Borislav Petkov <bp@alien8.de>,
        John Allen <john.allen@amd.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH] KVM/SVM: add support for SEV attestation command
To:     Ard Biesheuvel <ardb@kernel.org>
References: <20201204212847.13256-1-brijesh.singh@amd.com>
 <CAMj1kXFkyJwZ4BGSU-4UB5VR1etJ6atb7YpWMTzzBuu9FQKagA@mail.gmail.com>
From:   Brijesh Singh <brijesh.singh@amd.com>
Message-ID: <78e18a3d-900b-fac5-19ca-c2defeb8d73a@amd.com>
Date:   Wed, 9 Dec 2020 21:25:29 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.4.0
In-Reply-To: <CAMj1kXFkyJwZ4BGSU-4UB5VR1etJ6atb7YpWMTzzBuu9FQKagA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: [70.112.153.56]
X-ClientProxiedBy: DM6PR13CA0049.namprd13.prod.outlook.com
 (2603:10b6:5:134::26) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by DM6PR13CA0049.namprd13.prod.outlook.com (2603:10b6:5:134::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Thu, 10 Dec 2020 03:27:03 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 571c6060-f063-458e-2a1e-08d89cbb779c
X-MS-TrafficTypeDiagnostic: SN6PR12MB4671:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <SN6PR12MB4671E03B4E0C78D428113C8CE5CB0@SN6PR12MB4671.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:2733;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: cYxeAF6I3GldDbyQnkhgTNNeXRMF7VNApGf6GFwv85JU6pjMRK/DBJBkRQUyd9+8QYdCxYfNWwStQlMlr7ORtsJkbTa/5JYw2Oyt5qM38O5yy9Y3GfDH74XKeFImgLtrvpnjFw/eo/yDck/vs4LM0ksmtTheYQ2o/CyOotis9eRvlO84Jq1G+RuElFfrhTlXL/uE0OTr958krN+lnzCQGDCKmglrXc4p4VdN7E91oz0kjCHHdv7Cfae0HkTIod/dJ/cDC/MF8U28gIUgI9meAeS7Gamg99qk3xaKtaDEVUmnxvBZVabeZAS7PjLbClcpOSiYFAWDs4OOfSU2cvofxLB0bQVrkabnU+sixWIvgYq2vjYAHvyFbI+WkePhKnKe62VeHApvEzfVWqvkqxhmjXbg7CnfIKd2Bg/a0lhqSaTi7Z8CFgF+2znxFmlOzMbh
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(346002)(366004)(26005)(956004)(83380400001)(508600001)(31696002)(34490700003)(4326008)(53546011)(6506007)(8936002)(5660300002)(2616005)(52116002)(86362001)(2906002)(54906003)(16526019)(66556008)(6512007)(36756003)(66946007)(186003)(6666004)(8676002)(6916009)(31686004)(66476007)(7416002)(44832011)(6486002)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?OTdyaDRST2dLWUZTUThPZUFlczY0emQ0cFliSlFuQnVIQjVDTmNEdHRRZENy?=
 =?utf-8?B?bXRENXVmV2pmenB0SWVOR09JYUk1Q0JuM2ZEcEk5ejVUR1ppODBja1VnZG94?=
 =?utf-8?B?Y2w5eXVxT2d0RDVMelBoTERnYUhFQmhiZ0lHdFIwUUFRcHhTWXdsYWE4dTYz?=
 =?utf-8?B?RVhHNTlwQW92YjlweFdJaTU1YndHMi9yMFN3Vkc4cDRxUktYTG9RYXNpeGhn?=
 =?utf-8?B?OS9Fbk15UlQ0UGVVRUJUTG1qaktlYmtZaS96YnJEdFhRdjNwMFZDQ0FlRWt2?=
 =?utf-8?B?MHUzWEFodC9aS0FsUHNHMDZoR3dGQnh5U3ltYW5mQm5YbFpXWEFEMUZwb29X?=
 =?utf-8?B?dUIyUGovMTZDR2d6MHVsbDZGdzIvSjBEVENEaWRKNEsxR1RNKzNFUm1za0dO?=
 =?utf-8?B?TCt5K21yVWJYbk42dTdUNXo3U2F2MWFIalMwVm54b2RPRWd0cDhvV0dFNldu?=
 =?utf-8?B?aTRJK1ovNTB2aWVRQjdTU0M4TENRdjU4enJRemVURXdHOWd3blhhbTM3cWNt?=
 =?utf-8?B?ZXByUmwrRGtTS0N6QnF3L0RQMEtsaHFNc21lTDl5Skk1d1ZReGpzN1k0S0pL?=
 =?utf-8?B?enhtSUo5Z3RkWU9ER2lqUFZsVGtHc3ZFQXJqS295RDNScGlySjJjNjJnQ1hJ?=
 =?utf-8?B?OGlJWi85MEJtNHZGRjlLV212bGtMQjNFd1pPYVdPaFBlOVduYjZUeE5CZHFv?=
 =?utf-8?B?ai85WG9teFp2TCtRQW9HUjhENFp5allUdWtDbGVOQVg1MzVYcGovbkRIOEQz?=
 =?utf-8?B?SkhmNlRrTGx0TDdhQ3dwdGtnSG4vTlZEejFzRE5hS1ZJMkJkeG5mejFPQ0dT?=
 =?utf-8?B?STJkMlpxQ3BkY2R6SVY4SFkxRWpFNmNEVjNJTjNJZGd5cjJGMjFLd29WL3A0?=
 =?utf-8?B?M1MwaWxaci9KSTlSWk9pWTJLbmp2clJhZTlJWTdhZGVZamUxQlc4elBaR0h4?=
 =?utf-8?B?UHVVdUFubkdOVkEzWTJiRGEvcVJYVE5ZYUNsNTB1VEhPMWRIVEtRekxuTWJs?=
 =?utf-8?B?L1FaM0ZJbUtxejF6cUpzNWVpMEl4TDB2enYrU0FkbExSYjZQYkFkSXFWZ1BX?=
 =?utf-8?B?bGp2U3dONGFnMmJHZEV0c24xbHlyT2pVbTRTbXNFcENraHBlR0lDN2hncjh2?=
 =?utf-8?B?QjI2Y24zQnV2TjdQekJlcHpDbEVxRGlWNVhhcEtnQjZidzdkZmFTKzMveFlr?=
 =?utf-8?B?OFdpUmFDR1VIdnhLQVhvcWxEYXZJeWJmRzlTelI2WHdPcWgxTTNZMDhRMWlT?=
 =?utf-8?B?TDFPNXk0WXdlTUNEZ3BLWi9uMkYvYXFRdlhrZGE4UDloYTUzN0E2TWVaV3Vw?=
 =?utf-8?Q?nymHjbdZmNp/TCujfZYVEyXPYYxuXc2mG4?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2020 03:27:05.1416
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-Network-Message-Id: 571c6060-f063-458e-2a1e-08d89cbb779c
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: /40y7BE2UJUVoZIGKLPmiZcWi0VL+baXS8i9GOl6IeaAtn6VysvUfFgVqR2k60oys0/0fR4K9QzMehKBSeINUw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4671
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org


On 12/9/20 1:51 AM, Ard Biesheuvel wrote:
> On Fri, 4 Dec 2020 at 22:30, Brijesh Singh <brijesh.singh@amd.com> wrote:
>> The SEV FW version >= 0.23 added a new command that can be used to query
>> the attestation report containing the SHA-256 digest of the guest memory
>> encrypted through the KVM_SEV_LAUNCH_UPDATE_{DATA, VMSA} commands and
>> sign the report with the Platform Endorsement Key (PEK).
>>
>> See the SEV FW API spec section 6.8 for more details.
>>
>> Note there already exist a command (KVM_SEV_LAUNCH_MEASURE) that can be
>> used to get the SHA-256 digest. The main difference between the
>> KVM_SEV_LAUNCH_MEASURE and KVM_SEV_ATTESTATION_REPORT is that the later
> latter
>
>> can be called while the guest is running and the measurement value is
>> signed with PEK.
>>
>> Cc: James Bottomley <jejb@linux.ibm.com>
>> Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
>> Cc: David Rientjes <rientjes@google.com>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Sean Christopherson <seanjc@google.com>
>> Cc: Borislav Petkov <bp@alien8.de>
>> Cc: John Allen <john.allen@amd.com>
>> Cc: Herbert Xu <herbert@gondor.apana.org.au>
>> Cc: linux-crypto@vger.kernel.org
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>  .../virt/kvm/amd-memory-encryption.rst        | 21 ++++++
>>  arch/x86/kvm/svm/sev.c                        | 71 +++++++++++++++++++
>>  drivers/crypto/ccp/sev-dev.c                  |  1 +
>>  include/linux/psp-sev.h                       | 17 +++++
>>  include/uapi/linux/kvm.h                      |  8 +++
>>  5 files changed, 118 insertions(+)
>>
>> diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst
>> index 09a8f2a34e39..4c6685d0fddd 100644
>> --- a/Documentation/virt/kvm/amd-memory-encryption.rst
>> +++ b/Documentation/virt/kvm/amd-memory-encryption.rst
>> @@ -263,6 +263,27 @@ Returns: 0 on success, -negative on error
>>                  __u32 trans_len;
>>          };
>>
>> +10. KVM_SEV_GET_ATTESATION_REPORT
> KVM_SEV_GET_ATTESTATION_REPORT
>
>> +---------------------------------
>> +
>> +The KVM_SEV_GET_ATTESATION_REPORT command can be used by the hypervisor to query the attestation
> KVM_SEV_GET_ATTESTATION_REPORT


Noted, I will send v2 with these fixed.