Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp99212pxw; Fri, 8 Apr 2022 02:10:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuiaivSirBgt1GFECCOMGedGn0cIAMDteTZZQxM+WJRfLj78nv4H76r0X9+wegwnUldgdg X-Received: by 2002:a17:907:2da1:b0:6e8:e9:347a with SMTP id gt33-20020a1709072da100b006e800e9347amr17445694ejc.766.1649409041078; Fri, 08 Apr 2022 02:10:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649409041; cv=none; d=google.com; s=arc-20160816; b=hyBx5CgRbdY/ClpekStunbFOw8p+7ObCQ+IyDd4pzetuoAmMDBzlM8s5psJr+OpkC0 eZltuQL+19vIippy9NCUmcpW86wEHLOfmlYjAQL5udlJu1T5UnwZgPpREN4lUnRhoxdB dnSwy/eHfxxjQA7g7kI9dMMQUCgzgCeRQFUiCVPpWgAQKNUXnteQosNYMEQmHnWy7Tfo vAokItpX+Y4DAJMXvfiEw3So4FxyncIPnl78IdqGUEsaHAI3AQWOSfnXeMcUUi+8tzgd emkuA2TpoajnKxBf1q6Em6zp4Z3mt17Cy8ia46Hne1x6I+2jfXlWIhw6qucr5rmzpkpP Ortg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=xeW5ELlVgEAoPpHVv4x66dMCx2uZrxS+A5cCNPmrd9k=; b=Smtuxk3LlDO4TmwSh9Pv+qioDJ6xqAeEjRpa/CH40plS4EexmDzyLO4UspBlj4nHcb LdN5YlsomlfhFRF95bvssPGIfluSmuCXLu7LCSca/WwTxWe02aNAT5TG74gJ5U0XcOfa F8tGveJKlJJYGY0GGuUR5jgKFgkKjwgqgstxzhMiU2EnQj0xyqc8bOYZ/XqT+Y+1XOxo puaUBN9vu6E5DTf+aJwq/8gOWoDpa0H7Z/1tXLuo9Xey8mpKfY1MovNJoIEtd/lmR5Gu oJT+3JlbxW+lfaWcDm5c0mBRmRpDsvC1GklHcDFm8Lzm6CimrMsir2eSSQCY8GacUzVB Q/ew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x5-20020aa7d385000000b004195738c863si397840edq.462.2022.04.08.02.10.16; Fri, 08 Apr 2022 02:10:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231820AbiDHIeR (ORCPT + 99 others); Fri, 8 Apr 2022 04:34:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231834AbiDHIeQ (ORCPT ); Fri, 8 Apr 2022 04:34:16 -0400 Received: from fornost.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45C74D083C; Fri, 8 Apr 2022 01:32:13 -0700 (PDT) Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7]) by fornost.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1nck2E-000SHh-5E; Fri, 08 Apr 2022 18:32:03 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 08 Apr 2022 16:32:02 +0800 Date: Fri, 8 Apr 2022 16:32:02 +0800 From: Herbert Xu To: Mario Limonciello Cc: Tom Lendacky , John Allen , "David S . Miller" , open list , "open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER" , Kerneis Gabriel , Richard Hughes Subject: Re: [PATCH v3 0/4] Export PSP security attributes Message-ID: References: <20220331211213.2844-1-mario.limonciello@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220331211213.2844-1-mario.limonciello@amd.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Mar 31, 2022 at 04:12:09PM -0500, Mario Limonciello wrote: > Select AMD SOCs include the ability to export capabilities that > have been activated or detected by the platform security processor. > > This information is useful for both system designers as well as system > administrators to ensure that the system has been properly locked down > to their expectations. > > Software such as fwupd will also be modified to use this information > as part of the calculations for a security level score that may be > presented to a user. > > This series also adds the ability to detect that TSME and SME are both > activated simultaneously to notify a user. Previously a user could turn > on TSME and SME at the same time, but the kernel was unable to detect > that TSME was enabled in the OS. > > This information is evaluated "too late" right now in the kernel to stop > the kernel from enabling SME, but if that is desirable at a later time > some of the early code can be modified to read the same information and > make that decision. > > Mario Limonciello (4): > crypto: ccp: cache capability into psp device > crypto: ccp: Export PSP security bits to userspace > crypto: ccp: Allow PSP driver to load without SEV/TEE support > crypto: ccp: When TSME and SME both detected notify user > > Documentation/ABI/testing/sysfs-driver-ccp | 87 ++++++++++++++++++++++ > drivers/crypto/ccp/psp-dev.c | 49 +++++------- > drivers/crypto/ccp/psp-dev.h | 22 ++++++ > drivers/crypto/ccp/sp-pci.c | 62 +++++++++++++++ > 4 files changed, 189 insertions(+), 31 deletions(-) > create mode 100644 Documentation/ABI/testing/sysfs-driver-ccp All applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt