Commit eb65f96c authored by Tom Lendacky's avatar Tom Lendacky Committed by Borislav Petkov (AMD)

virt: sev-guest: Choose the VMPCK key based on executing VMPL

Currently, the sev-guest driver uses the vmpck-0 key by default. When an
SVSM is present, the kernel is running at a VMPL other than 0 and the
vmpck-0 key is no longer available. If a specific vmpck key has not be
requested by the user via the vmpck_id module parameter, choose the
vmpck key based on the active VMPL level.
Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/b88081c5d88263176849df8ea93e90a404619cab.1717600736.git.thomas.lendacky@amd.com
parent 61564d34
...@@ -204,6 +204,17 @@ has taken care to make use of the SEV-SNP CPUID throughout all stages of boot. ...@@ -204,6 +204,17 @@ has taken care to make use of the SEV-SNP CPUID throughout all stages of boot.
Otherwise, guest owner attestation provides no assurance that the kernel wasn't Otherwise, guest owner attestation provides no assurance that the kernel wasn't
fed incorrect values at some point during boot. fed incorrect values at some point during boot.
4. SEV Guest Driver Communication Key
=====================================
Communication between an SEV guest and the SEV firmware in the AMD Secure
Processor (ASP, aka PSP) is protected by a VM Platform Communication Key
(VMPCK). By default, the sev-guest driver uses the VMPCK associated with the
VM Privilege Level (VMPL) at which the guest is running. Should this key be
wiped by the sev-guest driver (see the driver for reasons why a VMPCK can be
wiped), a different key can be used by reloading the sev-guest driver and
specifying the desired key using the vmpck_id module parameter.
Reference Reference
--------- ---------
......
...@@ -237,6 +237,9 @@ struct svsm_call { ...@@ -237,6 +237,9 @@ struct svsm_call {
#define SVSM_CORE_DELETE_VCPU 3 #define SVSM_CORE_DELETE_VCPU 3
#ifdef CONFIG_AMD_MEM_ENCRYPT #ifdef CONFIG_AMD_MEM_ENCRYPT
extern u8 snp_vmpl;
extern void __sev_es_ist_enter(struct pt_regs *regs); extern void __sev_es_ist_enter(struct pt_regs *regs);
extern void __sev_es_ist_exit(void); extern void __sev_es_ist_exit(void);
static __always_inline void sev_es_ist_enter(struct pt_regs *regs) static __always_inline void sev_es_ist_enter(struct pt_regs *regs)
...@@ -319,7 +322,10 @@ u64 snp_get_unsupported_features(u64 status); ...@@ -319,7 +322,10 @@ u64 snp_get_unsupported_features(u64 status);
u64 sev_get_status(void); u64 sev_get_status(void);
void sev_show_status(void); void sev_show_status(void);
void snp_update_svsm_ca(void); void snp_update_svsm_ca(void);
#else
#else /* !CONFIG_AMD_MEM_ENCRYPT */
#define snp_vmpl 0
static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_enter(struct pt_regs *regs) { }
static inline void sev_es_ist_exit(void) { } static inline void sev_es_ist_exit(void) { }
static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; } static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; }
...@@ -349,7 +355,8 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; } ...@@ -349,7 +355,8 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
static inline u64 sev_get_status(void) { return 0; } static inline u64 sev_get_status(void) { return 0; }
static inline void sev_show_status(void) { } static inline void sev_show_status(void) { }
static inline void snp_update_svsm_ca(void) { } static inline void snp_update_svsm_ca(void) { }
#endif
#endif /* CONFIG_AMD_MEM_ENCRYPT */
#ifdef CONFIG_KVM_AMD_SEV #ifdef CONFIG_KVM_AMD_SEV
bool snp_probe_rmptable_info(void); bool snp_probe_rmptable_info(void);
......
...@@ -36,7 +36,8 @@ ...@@ -36,7 +36,8 @@
* early boot, both with identity mapped virtual addresses and proper kernel * early boot, both with identity mapped virtual addresses and proper kernel
* virtual addresses. * virtual addresses.
*/ */
static u8 snp_vmpl __ro_after_init; u8 snp_vmpl __ro_after_init;
EXPORT_SYMBOL_GPL(snp_vmpl);
static struct svsm_ca *boot_svsm_caa __ro_after_init; static struct svsm_ca *boot_svsm_caa __ro_after_init;
static u64 boot_svsm_caa_pa __ro_after_init; static u64 boot_svsm_caa_pa __ro_after_init;
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
/* /*
* AMD Secure Encrypted Virtualization (SEV) guest driver interface * AMD Secure Encrypted Virtualization (SEV) guest driver interface
* *
* Copyright (C) 2021 Advanced Micro Devices, Inc. * Copyright (C) 2021-2024 Advanced Micro Devices, Inc.
* *
* Author: Brijesh Singh <brijesh.singh@amd.com> * Author: Brijesh Singh <brijesh.singh@amd.com>
*/ */
...@@ -70,8 +70,15 @@ struct snp_guest_dev { ...@@ -70,8 +70,15 @@ struct snp_guest_dev {
u8 *vmpck; u8 *vmpck;
}; };
static u32 vmpck_id; /*
module_param(vmpck_id, uint, 0444); * The VMPCK ID represents the key used by the SNP guest to communicate with the
* SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key
* used will be the key associated with the VMPL at which the guest is running.
* Should the default key be wiped (see snp_disable_vmpck()), this parameter
* allows for using one of the remaining VMPCKs.
*/
static int vmpck_id = -1;
module_param(vmpck_id, int, 0444);
MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.");
/* Mutex to serialize the shared buffer access and command handling. */ /* Mutex to serialize the shared buffer access and command handling. */
...@@ -923,6 +930,10 @@ static int __init sev_guest_probe(struct platform_device *pdev) ...@@ -923,6 +930,10 @@ static int __init sev_guest_probe(struct platform_device *pdev)
if (!snp_dev) if (!snp_dev)
goto e_unmap; goto e_unmap;
/* Adjust the default VMPCK key based on the executing VMPL level */
if (vmpck_id == -1)
vmpck_id = snp_vmpl;
ret = -EINVAL; ret = -EINVAL;
snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno);
if (!snp_dev->vmpck) { if (!snp_dev->vmpck) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment