Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp4102392rwb; Tue, 16 Aug 2022 14:42:20 -0700 (PDT) X-Google-Smtp-Source: AA6agR4RwCDp/gtGQhLl1mFeeEe2DtfBOoKA2/vX0SqlBo6AVeBaKeiG8Es2vEO8LqOsW0B7niFi X-Received: by 2002:a17:90a:7bc7:b0:1f4:e5a5:3b6b with SMTP id d7-20020a17090a7bc700b001f4e5a53b6bmr562068pjl.93.1660686140503; Tue, 16 Aug 2022 14:42:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660686140; cv=none; d=google.com; s=arc-20160816; b=u5tdnXh3GIYXo7zBfazucz1n4bn8EaLwwMBmuZhE+eGqFqsK5764br2oEYJLbSftcd 7Ya7YFt+h7mjoLs2UyEXUo2hCa3EaDhdFgRAB9TTlWvcYxSSvf1A1D6DFWxLIxl+pa51 +0fx9lbrJ4rHhUM0WPxjmRJ5y0eUravSTTI1w3ENDrJxFReMjsUA6YhXC5YnNl6r62Pa xyNwdQa5DkElv5KfAPzEJLNiZ9qL/JiYqZczWhSybh48NeddYQ+X8iRZY5N0iX/NCqWR Wsi4hhzesjYyB96kzhCerHTEHIo9pC9etfiAgeD6vHgGcQ7+ZEYh+5aiUuw+y6bxNQNP ktJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=8Amng6YoiqozAIVij2nRbBRsRD4os4wIizhXtq1ZhIM=; b=qBt9g6np43xgywgXKwco1uUToxVpVMP8dUlbMKViByvcCvFO4T2/gA6/tbCGS47M+R oa7BK7gbG25mg8Fs0bo3gEEAsfnrTF8WkpCKKONjkvoXduj0kIDF82XbQJ8PDaauw/y7 1ufgQWegHdmdWhQfeX+xggZyM8Yt2Wp2aqOTnMnmTQgIpLqrLU0b+gnkK+cFWYO4p2Hu PJUolQaQfGi7vYgaJ1qWzz11Z8oKzzXUn5OuL6F5SPx5kzKZyrqMeeWnP//zdmPwUcpL u83oJPi1PItAHUTUK3GhSIIO1jfevvOhVKLM+4sCx6JpK09EXU+M++X/zZVVYY29tWuF /tQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=JU5YKOF8; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b5-20020a170902650500b00172883f5a2asi2103252plk.624.2022.08.16.14.42.07; Tue, 16 Aug 2022 14:42:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=JU5YKOF8; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237594AbiHPVZG (ORCPT + 99 others); Tue, 16 Aug 2022 17:25:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237579AbiHPVZF (ORCPT ); Tue, 16 Aug 2022 17:25:05 -0400 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D24C8C031 for ; Tue, 16 Aug 2022 14:25:04 -0700 (PDT) Received: by mail-pf1-x42b.google.com with SMTP id u133so10408313pfc.10 for ; Tue, 16 Aug 2022 14:25:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc; bh=8Amng6YoiqozAIVij2nRbBRsRD4os4wIizhXtq1ZhIM=; b=JU5YKOF8ST+7lmXSaIGl2xmKFlMp4aIjqYnjhq/pm1YVkGHRnofmnfMs6jRIjV91Sg pcA2s1mBlmC6ZnUNIo1HvahT2eZCT3sLTZBEAuRkKpOAeVXQp/a9PgwCB45Ij6cqPlqZ lJvyiZlKJsunotsNYkxpbeBgRcCjvkicAJ2JNwgnjSzso9tH8+TN9qjE/hg24N7i0VlJ TKCoY/Fc4tR+dps8a8jgtxQXk7ps8n0pc/eeOChy94oNJ3XPS2HCnzGw63D/+g32wC4/ 0cOeH7275Eqjvy7LNQ/KDy14DuahLDkjDO30efP0dPl5ftYuzXq33/BQNLSn6rjmyQQf LhYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc; bh=8Amng6YoiqozAIVij2nRbBRsRD4os4wIizhXtq1ZhIM=; b=HYHf7WU4CfrblIjHrQUGTvixv++StQqqzjaKXQ2/wvQ5JUCexrXDWjTijpGsPCTe5a 1fDvfgoLBmmjAWaKBqGUrDZxOGGxLdKyAKMLZkStozyBMbd0zdjufFydV88yos2EeqV+ D+CeexhaFZ62MgZGaPGUh242a51Vymctm0v9gxzr7fx3e7y80qwsaEH8R9YqiGWD+iUr Nd/9VMDwpqt4Gr0u6fc9c4r7r+gR5NxxDnKhztcRuGc6COguGU9LkbtmIZ+WXZYR1uqM xAufCxJA8GmrwJhdi/eLd8u1UvVpvnHswe73EeAbbPBP1Y6mkW78oolmlAWF/Et8Yl1h Q5sw== X-Gm-Message-State: ACgBeo25U9gUF1puvFaCCOEBDn1NZLnwChnfHbr66E0W97vO4xLURgA5 1V0gkeKBMQyOI3r7I9M9u3H2/w== X-Received: by 2002:a05:6a00:ac6:b0:530:3197:48b6 with SMTP id c6-20020a056a000ac600b00530319748b6mr22661088pfl.80.1660685103947; Tue, 16 Aug 2022 14:25:03 -0700 (PDT) Received: from [2620:15c:29:203:9a1b:5709:54ba:ae28] ([2620:15c:29:203:9a1b:5709:54ba:ae28]) by smtp.gmail.com with ESMTPSA id f7-20020a623807000000b0052acb753b8bsm8826938pfa.158.2022.08.16.14.25.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Aug 2022 14:25:03 -0700 (PDT) Date: Tue, 16 Aug 2022 14:25:02 -0700 (PDT) From: David Rientjes To: Jacky Li cc: Brijesh Singh , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Marc Orr , Alper Gun , Peter Gonda , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 1/2] crypto: ccp - Initialize PSP when reading psp data file failed In-Reply-To: <20220816193209.4057566-2-jackyli@google.com> Message-ID: <8feee515-8d60-dc84-4c9f-6723481e8dac@google.com> References: <20220816193209.4057566-1-jackyli@google.com> <20220816193209.4057566-2-jackyli@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 16 Aug 2022, Jacky Li wrote: > Currently the OS fails the PSP initialization when the file specified at > 'init_ex_path' does not exist or has invalid content. However the SEV > spec just requires users to allocate 32KB of 0xFF in the file, which can > be taken care of by the OS easily. > > To improve the robustness during the PSP init, leverage the retry > mechanism and continue the init process: > > Before the first INIT_EX call, if the content is invalid or missing, > continue the process by feeding those contents into PSP instead of > aborting. PSP will then override it with 32KB 0xFF and return > SEV_RET_SECURE_DATA_INVALID status code. In the second INIT_EX call, > this 32KB 0xFF content will then be fed and PSP will write the valid > data to the file. > > In order to do this, sev_read_init_ex_file should only be called once > for the first INIT_EX call. Calling it again for the second INIT_EX call > will cause the invalid file content overwriting the valid 32KB 0xFF data > provided by PSP in the first INIT_EX call. > > Co-developed-by: Peter Gonda > Signed-off-by: Peter Gonda > Signed-off-by: Jacky Li > Reported-by: Alper Gun Acked-by: David Rientjes