首頁 探索 說明
註冊 登入
FangSoftSoft
/
qemu
镜像来自 https://github.com/utmapp/qemu.git
2
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: b21bdbb51a
分支列表 標籤列表
qemu
/
linux-headers
/
linux
/
psp-sev.h

psp-sev.h 4.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
    2. 

  2. /*
    3. 

  3.  * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
    4. 

  4.  * platform management commands.
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
    7. 

  7.  *
    8. 

  8.  * Author: Brijesh Singh <brijesh.singh@amd.com>
    9. 

  9.  *
    10. 

  10.  * SEV API specification is available at: https://developer.amd.com/sev/
    11. 

  11.  */
    12. 

  12. 

  13. #ifndef __PSP_SEV_USER_H__
    14. 

  14. #define __PSP_SEV_USER_H__
    15. 

  15. 

  16. #include <linux/types.h>
    17. 

  17. 

  18. /**
    19. 

  19.  * SEV platform commands
    20. 

  20.  */
    21. 

  21. enum {
    22. 

  22. 	SEV_FACTORY_RESET = 0,
    23. 

  23. 	SEV_PLATFORM_STATUS,
    24. 

  24. 	SEV_PEK_GEN,
    25. 

  25. 	SEV_PEK_CSR,
    26. 

  26. 	SEV_PDH_GEN,
    27. 

  27. 	SEV_PDH_CERT_EXPORT,
    28. 

  28. 	SEV_PEK_CERT_IMPORT,
    29. 

  29. 	SEV_GET_ID,	/* This command is deprecated, use SEV_GET_ID2 */
    30. 

  30. 	SEV_GET_ID2,
    31. 

  31. 

  32. 	SEV_MAX,
    33. 

  33. };
    34. 

  34. 

  35. /**
    36. 

  36.  * SEV Firmware status code
    37. 

  37.  */
    38. 

  38. typedef enum {
    39. 

  39. 	/*
    40. 

  40. 	 * This error code is not in the SEV spec. Its purpose is to convey that
    41. 

  41. 	 * there was an error that prevented the SEV firmware from being called.
    42. 

  42. 	 * The SEV API error codes are 16 bits, so the -1 value will not overlap
    43. 

  43. 	 * with possible values from the specification.
    44. 

  44. 	 */
    45. 

  45. 	SEV_RET_NO_FW_CALL = -1,
    46. 

  46. 	SEV_RET_SUCCESS = 0,
    47. 

  47. 	SEV_RET_INVALID_PLATFORM_STATE,
    48. 

  48. 	SEV_RET_INVALID_GUEST_STATE,
    49. 

  49. 	SEV_RET_INAVLID_CONFIG,
    50. 

  50. 	SEV_RET_INVALID_LEN,
    51. 

  51. 	SEV_RET_ALREADY_OWNED,
    52. 

  52. 	SEV_RET_INVALID_CERTIFICATE,
    53. 

  53. 	SEV_RET_POLICY_FAILURE,
    54. 

  54. 	SEV_RET_INACTIVE,
    55. 

  55. 	SEV_RET_INVALID_ADDRESS,
    56. 

  56. 	SEV_RET_BAD_SIGNATURE,
    57. 

  57. 	SEV_RET_BAD_MEASUREMENT,
    58. 

  58. 	SEV_RET_ASID_OWNED,
    59. 

  59. 	SEV_RET_INVALID_ASID,
    60. 

  60. 	SEV_RET_WBINVD_REQUIRED,
    61. 

  61. 	SEV_RET_DFFLUSH_REQUIRED,
    62. 

  62. 	SEV_RET_INVALID_GUEST,
    63. 

  63. 	SEV_RET_INVALID_COMMAND,
    64. 

  64. 	SEV_RET_ACTIVE,
    65. 

  65. 	SEV_RET_HWSEV_RET_PLATFORM,
    66. 

  66. 	SEV_RET_HWSEV_RET_UNSAFE,
    67. 

  67. 	SEV_RET_UNSUPPORTED,
    68. 

  68. 	SEV_RET_INVALID_PARAM,
    69. 

  69. 	SEV_RET_RESOURCE_LIMIT,
    70. 

  70. 	SEV_RET_SECURE_DATA_INVALID,
    71. 

  71. 	SEV_RET_MAX,
    72. 

  72. } sev_ret_code;
    73. 

  73. 

  74. /**
    75. 

  75.  * struct sev_user_data_status - PLATFORM_STATUS command parameters
    76. 

  76.  *
    77. 

  77.  * @major: major API version
    78. 

  78.  * @minor: minor API version
    79. 

  79.  * @state: platform state
    80. 

  80.  * @flags: platform config flags
    81. 

  81.  * @build: firmware build id for API version
    82. 

  82.  * @guest_count: number of active guests
    83. 

  83.  */
    84. 

  84. struct sev_user_data_status {
    85. 

  85. 	__u8 api_major;				/* Out */
    86. 

  86. 	__u8 api_minor;				/* Out */
    87. 

  87. 	__u8 state;				/* Out */
    88. 

  88. 	__u32 flags;				/* Out */
    89. 

  89. 	__u8 build;				/* Out */
    90. 

  90. 	__u32 guest_count;			/* Out */
    91. 

  91. } __attribute__((packed));
    92. 

  92. 

  93. #define SEV_STATUS_FLAGS_CONFIG_ES	0x0100
    94. 

  94. 

  95. /**
    96. 

  96.  * struct sev_user_data_pek_csr - PEK_CSR command parameters
    97. 

  97.  *
    98. 

  98.  * @address: PEK certificate chain
    99. 

  99.  * @length: length of certificate
    100. 

  100.  */
    101. 

  101. struct sev_user_data_pek_csr {
    102. 

  102. 	__u64 address;				/* In */
    103. 

  103. 	__u32 length;				/* In/Out */
    104. 

  104. } __attribute__((packed));
    105. 

  105. 

  106. /**
    107. 

  107.  * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
    108. 

  108.  *
    109. 

  109.  * @pek_address: PEK certificate chain
    110. 

  110.  * @pek_len: length of PEK certificate
    111. 

  111.  * @oca_address: OCA certificate chain
    112. 

  112.  * @oca_len: length of OCA certificate
    113. 

  113.  */
    114. 

  114. struct sev_user_data_pek_cert_import {
    115. 

  115. 	__u64 pek_cert_address;			/* In */
    116. 

  116. 	__u32 pek_cert_len;			/* In */
    117. 

  117. 	__u64 oca_cert_address;			/* In */
    118. 

  118. 	__u32 oca_cert_len;			/* In */
    119. 

  119. } __attribute__((packed));
    120. 

  120. 

  121. /**
    122. 

  122.  * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
    123. 

  123.  *
    124. 

  124.  * @pdh_address: PDH certificate address
    125. 

  125.  * @pdh_len: length of PDH certificate
    126. 

  126.  * @cert_chain_address: PDH certificate chain
    127. 

  127.  * @cert_chain_len: length of PDH certificate chain
    128. 

  128.  */
    129. 

  129. struct sev_user_data_pdh_cert_export {
    130. 

  130. 	__u64 pdh_cert_address;			/* In */
    131. 

  131. 	__u32 pdh_cert_len;			/* In/Out */
    132. 

  132. 	__u64 cert_chain_address;		/* In */
    133. 

  133. 	__u32 cert_chain_len;			/* In/Out */
    134. 

  134. } __attribute__((packed));
    135. 

  135. 

  136. /**
    137. 

  137.  * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
    138. 

  138.  *
    139. 

  139.  * @socket1: Buffer to pass unique ID of first socket
    140. 

  140.  * @socket2: Buffer to pass unique ID of second socket
    141. 

  141.  */
    142. 

  142. struct sev_user_data_get_id {
    143. 

  143. 	__u8 socket1[64];			/* Out */
    144. 

  144. 	__u8 socket2[64];			/* Out */
    145. 

  145. } __attribute__((packed));
    146. 

  146. 

  147. /**
    148. 

  148.  * struct sev_user_data_get_id2 - GET_ID command parameters
    149. 

  149.  * @address: Buffer to store unique ID
    150. 

  150.  * @length: length of the unique ID
    151. 

  151.  */
    152. 

  152. struct sev_user_data_get_id2 {
    153. 

  153. 	__u64 address;				/* In */
    154. 

  154. 	__u32 length;				/* In/Out */
    155. 

  155. } __attribute__((packed));
    156. 

  156. 

  157. /**
    158. 

  158.  * struct sev_issue_cmd - SEV ioctl parameters
    159. 

  159.  *
    160. 

  160.  * @cmd: SEV commands to execute
    161. 

  161.  * @opaque: pointer to the command structure
    162. 

  162.  * @error: SEV FW return code on failure
    163. 

  163.  */
    164. 

  164. struct sev_issue_cmd {
    165. 

  165. 	__u32 cmd;				/* In */
    166. 

  166. 	__u64 data;				/* In */
    167. 

  167. 	__u32 error;				/* Out */
    168. 

  168. } __attribute__((packed));
    169. 

  169. 

  170. #define SEV_IOC_TYPE		'S'
    171. 

  171. #define SEV_ISSUE_CMD	_IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
    172. 

  172. 

  173. #endif /* __PSP_USER_SEV_H */
    174.