Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp2145714rdb; Mon, 9 Oct 2023 14:22:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGE3fW1rEfdLOUl6tYNG27WLPMbPxinQe1PAVCbL5/34af7J5MdSEN2IadBQmXWbH3QUnr7 X-Received: by 2002:a05:6830:1050:b0:6c0:7bab:3457 with SMTP id b16-20020a056830105000b006c07bab3457mr16287642otp.20.1696886563695; Mon, 09 Oct 2023 14:22:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696886563; cv=none; d=google.com; s=arc-20160816; b=eEWAW7j5JQ7Ri2Yw+8uwgPl7Tss4MG9CC9pnzHGibMcZJHDIFAU5qrAnP8p6FD93r4 ob+YUx+iX9V7Q4hAYZHBrxyk7KTVlAVLeGir0KKhaHXgrmeiaKkpX3UX/zeguSepKUUl DUDg/t4mmw0af/csygLYJV6EDqlrkGpvS/0g/nHcZxFwwTuzDfV605TTcBOsl79E88vf tx7SPqqXPpdzkywbj4L5ISS/IRp8kqpQH5pSLVbTOFfROB43fxw2m0QA1zUWSVbFO9Ix GPh8Pw+lKim/epBJzmzP6M7n8QteU6Ma13VHieStx6oGMToDb+wUNSyQCsmiadVZ3tPU Ixng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Z8585nc3M3phCESzSv++FBQLoJuagdeKBNwW1jecD54=; fh=iwznOUZNjeblFs72UDQ2eaNAKH0eArYTS2u6jcyRogU=; b=trUfAC7WGa3U5kiqpnUygQUsb1QTfHV2rGe/fAXIRJiZdiRGY754M0UV3YsP3f9t0J jQtIy8+8opxmdqLvToT0C4BdC7Sb2N89P6WYg3+Djrr4WvDM67no/vxcSvCuEC4AR0EL 9ZhNpABjx0w5VR0/f/PnWsVVO/EakaPohUA3lotpi3KHJT4WsUvZWEzLd5dxBEPcbfKG rZfWxUGPu2oHfWxIkC+Q2+SHnDeuBzpSehooSCioSeNz4ZLI0KBRHKfEXveWKFcef11M cMskm9cp2XxejY04qrEvFUuxxyAGpZjW98c0tTC1iwrD9jB9I49IhJjuClNOk28BVYkn 1dwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=OXzwWONq; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id l186-20020a6388c3000000b0056fad9586d2si10199586pgd.429.2023.10.09.14.22.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 14:22:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=OXzwWONq; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 887A980BC503; Mon, 9 Oct 2023 14:22:31 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234685AbjJIVW2 (ORCPT + 99 others); Mon, 9 Oct 2023 17:22:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378870AbjJIVWI (ORCPT ); Mon, 9 Oct 2023 17:22:08 -0400 Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3DB2E170C; Mon, 9 Oct 2023 14:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1696886474; x=1728422474; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=Z8585nc3M3phCESzSv++FBQLoJuagdeKBNwW1jecD54=; b=OXzwWONqJyOXPl7NZ2jnV/w6hL7ViSzmSfuZtQzWLedxApeLI9+CfWCV X0lFpk/WBpMOS9W+T4xBmfzp3F1B4qjYapk7kOuzrPLgADHHJrp9AAk+u Tm2fc4T7styhoHDAIH8PeW7iRgFL82GeqbgjjubOSv00VJvKVE/mK8G8R M=; X-IronPort-AV: E=Sophos;i="6.03,211,1694736000"; d="scan'208";a="368774903" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-d8e96288.us-east-1.amazon.com) ([10.25.36.214]) by smtp-border-fw-9102.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2023 21:21:06 +0000 Received: from EX19MTAUWB001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-iad-1d-m6i4x-d8e96288.us-east-1.amazon.com (Postfix) with ESMTPS id 0458184B9F; Mon, 9 Oct 2023 21:21:02 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Mon, 9 Oct 2023 21:20:57 +0000 Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Mon, 9 Oct 2023 21:20:55 +0000 From: Alexander Graf To: CC: , Arnd Bergmann , "Greg Kroah-Hartman" , Herbert Xu , Olivia Mackall , "Petre Eftime" , Erdem Meydanlli , Benjamin Herrenschmidt , David Woodhouse , "Michael S . Tsirkin" , Jason Wang , Xuan Zhuo , Kyunghwan Kwon Subject: [PATCH v4 0/2] Add Nitro Secure Module support Date: Mon, 9 Oct 2023 21:20:51 +0000 Message-ID: <20231009212053.2007-1-graf@amazon.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Originating-IP: [10.253.83.51] X-ClientProxiedBy: EX19D035UWB002.ant.amazon.com (10.13.138.97) To EX19D020UWC004.ant.amazon.com (10.13.138.149) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 09 Oct 2023 14:22:31 -0700 (PDT) X-Spam-Level: ** Nitro Enclaves run Linux inside as well as outside the Enclave. Outside the Enclave, we already have the nitro_enclaves driver in upstream Linux which controls a Nitro Enclave's lifecycle. Inside the Enclave, the environment looks like a typical Firecracker microvm. In addition to standard virtio devices, an Enclave also has an additional "Nitro Secure Module" (NSM) virtio device which so far was missing an upstream Linux driver. The NSM provides access to PCRs, an attestation document as well as entropy. To support the NSM communication protocol, Linux needs to learn to generate and parse the Concise Binary Object Representation (CBOR) format. The first patch adds support for a CBOR library. The second adds the actual NSM driver. With these patches in place, upstream Linux has everything that's needed to run inside a Nitro Enclave. Alex v1 -> v2: - Remove boilerplate - Add uapi header v2 -> v3: - Move globals to device struct - Add compat handling - Simplify some naming - Remove debug prints - Use module_virtio_driver - Ensure remove only happens on target device - Drop use of uio.h v3 -> v4: - Add CBOR library - Merge hwrng into the misc driver - Add dependency on CBOR library - Add internal and ioctl logic for all current NSM actions - Use in-struct arrays instead of kvecs - Add sysfs entries for NSM metadata - Use dev_ print and devm_ allocation helpers Alexander Graf (2): Import CBOR library misc: Add Nitro Secure Module driver MAINTAINERS | 17 + drivers/misc/Kconfig | 13 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 1466 ++++++++++++++++++++++++++++++++++ include/linux/cbor/base.h | 94 +++ include/linux/cbor/cbor.h | 22 + include/linux/cbor/decoder.h | 42 + include/linux/cbor/encoder.h | 48 ++ include/linux/cbor/helper.h | 41 + include/linux/cbor/ieee754.h | 52 ++ include/linux/cbor/parser.h | 32 + include/uapi/linux/nsm.h | 188 +++++ lib/Kconfig | 3 + lib/Makefile | 2 + lib/cbor/Makefile | 12 + lib/cbor/common.c | 105 +++ lib/cbor/decoder.c | 170 ++++ lib/cbor/encoder.c | 218 +++++ lib/cbor/helper.c | 175 ++++ lib/cbor/ieee754.c | 205 +++++ lib/cbor/parser.c | 243 ++++++ 21 files changed, 3149 insertions(+) create mode 100644 drivers/misc/nsm.c create mode 100644 include/linux/cbor/base.h create mode 100644 include/linux/cbor/cbor.h create mode 100644 include/linux/cbor/decoder.h create mode 100644 include/linux/cbor/encoder.h create mode 100644 include/linux/cbor/helper.h create mode 100644 include/linux/cbor/ieee754.h create mode 100644 include/linux/cbor/parser.h create mode 100644 include/uapi/linux/nsm.h create mode 100644 lib/cbor/Makefile create mode 100644 lib/cbor/common.c create mode 100644 lib/cbor/decoder.c create mode 100644 lib/cbor/encoder.c create mode 100644 lib/cbor/helper.c create mode 100644 lib/cbor/ieee754.c create mode 100644 lib/cbor/parser.c -- 2.40.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879