Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp969585pxb; Wed, 1 Sep 2021 14:03:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxr56XhWbma/gPdc2qjvJ2vOLjPZByOTJpkjrKgsWpo35MLJZV1l6zGxMg9JFh84QWd8oY/ X-Received: by 2002:a5d:914b:: with SMTP id y11mr1267636ioq.6.1630530238209; Wed, 01 Sep 2021 14:03:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630530238; cv=none; d=google.com; s=arc-20160816; b=0TeJtl1+ltivSPLewVcePVUCf/Jpac3a80ddZ5otjH+N2VFjEV/XaKT8Y4kgT3cOnx txe0TN1JZ3VEJZ7dagOmXpqJwBhaRlprY0K+x1v+YsqwW9jPTAZp15LTWYrr3PrcWa3q cwDqwfFWgY5YjiF0U5IZc826LCVxZxEAZd/At6+SgkXIaHeojbP12wGai1CqCqcxJLIV U7QYfIReu0sEW+UQMfuZC7Gw/aCsoBP/4BrKfERDwz16sx1D6Zkm5SWt5rM5fFUK6hoc hvD20tor8/MInNdNWhsRr2p/okxbb9na8ayCBgYQkAN1frDY7xXkY9JMeyVcqfEZ3mZh SJhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=nBI2ltINoLF2WMdaOQSg8GJs4aIarAV4j3nj9NG4RCY=; b=wpyN1yXIAI6ZBa+GQdJDj/OWte4/9fqfzu9BFmTEHb9LEc48qmG0qpeFwq4cPyjovW CictjtJoWh7ZVq4efwGVIJSEe/eYw2hk2T/pROUZoQ0o/E6zqY7Ngp1EoMs1OOVmCHCP pEWEQTIYbnynF+bvNCeg6IJHc2KXxUawp1dm8N05ei+04A32QfLni3a9R4NRH9PS4nUY WHnCG1JrcPKu7UcyQw1IBd/7VVF8gKKHK7qTESvsFWPT1MNiAiYEAoBi7qsgx996cQHJ d/rki+vJFY7b1qbZNrYIiCErXmpx+I1cGxKr9k/qVy+k7XDPAc1BRXkofaKHbBC+KQWu jx1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HByoika+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i9si631941ilc.6.2021.09.01.14.03.09; Wed, 01 Sep 2021 14:03:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HByoika+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245666AbhIAVDs (ORCPT + 99 others); Wed, 1 Sep 2021 17:03:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:29316 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244854AbhIAVDm (ORCPT ); Wed, 1 Sep 2021 17:03:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630530165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nBI2ltINoLF2WMdaOQSg8GJs4aIarAV4j3nj9NG4RCY=; b=HByoika+oOEO8lw/ZOUcWUwDCrQnHgKm2FQSoPaVxYCEJQoevFTusP7iBADyaSaVAVb+no ESiVyXlLwa1/1pI59YMEiplIeqJW+TxJV9L0pJAiVVXTDatgOzjNEdYnM6gMZslniEZ8AX NHQVsQYHDe6qQgn0MHh1Y+AOxgY4HfQ= Received: from mail-oo1-f69.google.com (mail-oo1-f69.google.com [209.85.161.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-433-Q2fqzhhaMPq_yTLQSsbVAw-1; Wed, 01 Sep 2021 17:02:44 -0400 X-MC-Unique: Q2fqzhhaMPq_yTLQSsbVAw-1 Received: by mail-oo1-f69.google.com with SMTP id f2-20020a4a2202000000b0028c8a8074deso452411ooa.20 for ; Wed, 01 Sep 2021 14:02:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=nBI2ltINoLF2WMdaOQSg8GJs4aIarAV4j3nj9NG4RCY=; b=X0VjO3lDx/cXM7cKeLwY22hLIZz3jEKVq4Gw3EPryDzFKyBK6UhyQ6SJr0sS84QS8C c8/i7UgNu+dWYj4GEku+Ka7SL7trV4Rjjs950zmYS5YJkMSaC4IjcM+5leNsJFGxhIfr DUp2H3ZMUSr5AlQieZ2Kp3UdsjCmFZBQqh1aBpAjxdKSLwSTlvn6caMX8ao3AMeCONI2 N2LucVgqjyzHeAD5FZKkGytdYZKbIyFcUL054dMZNvx26T3LfJ5NOpId29kTqxbXj4Ez w0MwXIyPu5hPcrO3mmvUC3fGiX+tHyImJp2d2g+ifdfIkLwD26MeM6gPlsSW99VuvE74 Ri6Q== X-Gm-Message-State: AOAM533qoJMWKLgS4alATugqQ9aen/+sQHJ2Q9TaTp+SjZoMDWTFjf3G a6CKVI/LKDv5okfQOVhpkK+Tcs3zoUYXdQmfGLZKk5K8scXs9n76QXFUc5E/U10IVnExQStRhQA uQFzxO9Wwcw3vZBY/s0qxy2LM X-Received: by 2002:a9d:2278:: with SMTP id o111mr1184914ota.229.1630530163658; Wed, 01 Sep 2021 14:02:43 -0700 (PDT) X-Received: by 2002:a9d:2278:: with SMTP id o111mr1184892ota.229.1630530163442; Wed, 01 Sep 2021 14:02:43 -0700 (PDT) Received: from [192.168.0.112] (ip68-102-24-81.ks.ok.cox.net. [68.102.24.81]) by smtp.gmail.com with ESMTPSA id q26sm160065otf.39.2021.09.01.14.02.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 Sep 2021 14:02:43 -0700 (PDT) Subject: Re: [PATCH Part2 v5 17/45] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command To: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, tfanelli@redhat.com References: <20210820155918.7518-1-brijesh.singh@amd.com> <20210820155918.7518-18-brijesh.singh@amd.com> From: Connor Kuehl Message-ID: <2b07b160-48af-4682-1a4b-2716cd13fb65@redhat.com> Date: Wed, 1 Sep 2021 16:02:40 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210820155918.7518-18-brijesh.singh@amd.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/20/21 10:58 AM, Brijesh Singh wrote: > +2.4 SNP_SET_EXT_CONFIG > +---------------------- > +:Technology: sev-snp > +:Type: hypervisor ioctl cmd > +:Parameters (in): struct sev_data_snp_ext_config > +:Returns (out): 0 on success, -negative on error > + > +The SNP_SET_EXT_CONFIG is used to set the system-wide configuration such as > +reported TCB version in the attestation report. The command is similar to > +SNP_CONFIG command defined in the SEV-SNP spec. The main difference is the > +command also accepts an additional certificate blob defined in the GHCB > +specification. > + > +If the certs_address is zero, then previous certificate blob will deleted. > +For more information on the certificate blob layout, see the GHCB spec > +(extended guest request message). Hi Brijesh, Just to be clear, is the documentation you're referring to regarding the layout of the certificate blob specified on page 47 of the GHCB spec? More specifically, is it the `struct cert_table` on that page? https://developer.amd.com/wp-content/resources/56421.pdf If so, where is the VCEK certificate layout documented? Connor > +/** > + * struct sev_data_snp_ext_config - system wide configuration value for SNP. > + * > + * @config_address: address of the struct sev_user_data_snp_config or 0 when > + * reported_tcb does not need to be updated. > + * @certs_address: address of extended guest request certificate chain or > + * 0 when previous certificate should be removed on SNP_SET_EXT_CONFIG. > + * @certs_len: length of the certs > + */ > +struct sev_user_data_ext_snp_config { > + __u64 config_address; /* In */ > + __u64 certs_address; /* In */ > + __u32 certs_len; /* In */ > +};