crypto: ccp - Add support for getting security attributes on some older systems

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Older systems will not populate the security attributes in the
capabilities register. The PSP on these systems, however, does have a
command to get the security attributes. Use this command during ccp
startup to populate the attributes if they're missing.

Closes: https://github.com/fwupd/fwupd/issues/5284
Closes: https://github.com/fwupd/fwupd/issues/5675
Closes: https://github.com/fwupd/fwupd/issues/6253
Closes: https://github.com/fwupd/fwupd/issues/7280
Closes: https://github.com/fwupd/fwupd/issues/6323
Closes: https://github.com/fwupd/fwupd/discussions/5433
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Mario Limonciello and committed by

Herbert Xu 2 years ago 82f9327f b4100947

+68 -3

7 changed files

expand all

drivers

crypto

ccp

hsti.c

hsti.h

psp-dev.c

psp-dev.h

sp-dev.h

sp-pci.c

include

linux

psp-platform-access.h

+55

drivers/crypto/ccp/hsti.c

··· 12 12 #include "psp-dev.h" 13 13 #include "hsti.h" 14 14 15 + #define PSP_CAPABILITY_PSP_SECURITY_OFFSET 8 16 + 17 + struct hsti_request { 18 + struct psp_req_buffer_hdr header; 19 + u32 hsti; 20 + } __packed; 21 + 15 22 #define security_attribute_show(name) \ 16 23 static ssize_t name##_show(struct device *d, struct device_attribute *attr, \ 17 24 char *buf) \ ··· 73 66 .attrs = psp_security_attrs, 74 67 .is_visible = psp_security_is_visible, 75 68 }; 69 + 70 + static int psp_poulate_hsti(struct psp_device *psp) 71 + { 72 + struct hsti_request *req; 73 + int ret; 74 + 75 + /* Are the security attributes already reported? */ 76 + if (psp->capability.security_reporting) 77 + return 0; 78 + 79 + /* Allocate command-response buffer */ 80 + req = kzalloc(sizeof(*req), GFP_KERNEL | __GFP_ZERO); 81 + if (!req) 82 + return -ENOMEM; 83 + 84 + req->header.payload_size = sizeof(req); 85 + 86 + ret = psp_send_platform_access_msg(PSP_CMD_HSTI_QUERY, (struct psp_request *)req); 87 + if (ret) 88 + goto out; 89 + 90 + if (req->header.status != 0) { 91 + dev_dbg(psp->dev, "failed to populate HSTI state: %d\n", req->header.status); 92 + ret = -EINVAL; 93 + goto out; 94 + } 95 + 96 + psp->capability.security_reporting = 1; 97 + psp->capability.raw |= req->hsti << PSP_CAPABILITY_PSP_SECURITY_OFFSET; 98 + 99 + out: 100 + kfree(req); 101 + 102 + return ret; 103 + } 104 + 105 + int psp_init_hsti(struct psp_device *psp) 106 + { 107 + int ret; 108 + 109 + if (PSP_FEATURE(psp, HSTI)) { 110 + ret = psp_poulate_hsti(psp); 111 + if (ret) 112 + return ret; 113 + } 114 + 115 + return 0; 116 + }

drivers/crypto/ccp/hsti.h

··· 12 12 13 13 extern struct attribute_group psp_security_attr_group; 14 14 15 + int psp_init_hsti(struct psp_device *psp); 16 + 15 17 #endif /* __HSTI_H */

drivers/crypto/ccp/psp-dev.c

··· 220 220 return ret; 221 221 } 222 222 223 + /* HSTI uses platform access on some systems. */ 224 + ret = psp_init_hsti(psp); 225 + if (ret) 226 + return ret; 227 + 223 228 return 0; 224 229 } 225 230

-2

drivers/crypto/ccp/psp-dev.h

··· 78 78 79 79 struct psp_device *psp_get_master_device(void); 80 80 81 - #define PSP_CAPABILITY_PSP_SECURITY_OFFSET 8 82 - 83 81 /** 84 82 * enum psp_cmd - PSP mailbox commands 85 83 * @PSP_CMD_TEE_RING_INIT: Initialize TEE ring buffer

drivers/crypto/ccp/sp-dev.h

··· 29 29 #define CACHE_WB_NO_ALLOC 0xb7 30 30 31 31 #define PLATFORM_FEATURE_DBC 0x1 32 + #define PLATFORM_FEATURE_HSTI 0x2 32 33 33 34 #define PSP_FEATURE(psp, feat) (psp->vdata && psp->vdata->platform_features & PLATFORM_FEATURE_##feat) 34 35

+4 -1

drivers/crypto/ccp/sp-pci.c

··· 397 397 398 398 static const struct psp_vdata pspv2 = { 399 399 .sev = &sevv2, 400 + .platform_access = &pa_v1, 400 401 .bootloader_info_reg = 0x109ec, /* C2PMSG_59 */ 401 402 .feature_reg = 0x109fc, /* C2PMSG_63 */ 402 403 .inten_reg = 0x10690, /* P2CMSG_INTEN */ 403 404 .intsts_reg = 0x10694, /* P2CMSG_INTSTS */ 405 + .platform_features = PLATFORM_FEATURE_HSTI, 404 406 }; 405 407 406 408 static const struct psp_vdata pspv3 = { ··· 415 413 .feature_reg = 0x109fc, /* C2PMSG_63 */ 416 414 .inten_reg = 0x10690, /* P2CMSG_INTEN */ 417 415 .intsts_reg = 0x10694, /* P2CMSG_INTSTS */ 418 - .platform_features = PLATFORM_FEATURE_DBC, 416 + .platform_features = PLATFORM_FEATURE_DBC | 417 + PLATFORM_FEATURE_HSTI, 419 418 }; 420 419 421 420 static const struct psp_vdata pspv4 = {

include/linux/psp-platform-access.h

··· 7 7 8 8 enum psp_platform_access_msg { 9 9 PSP_CMD_NONE = 0x0, 10 + PSP_CMD_HSTI_QUERY = 0x14, 10 11 PSP_I2C_REQ_BUS_CMD = 0x64, 11 12 PSP_DYNAMIC_BOOST_GET_NONCE, 12 13 PSP_DYNAMIC_BOOST_SET_UID,