qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

psp-sev.h (4158B)

      1 /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
      2 /*
      3  * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
      4  * platform management commands.
      5  *
      6  * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
      7  *
      8  * Author: Brijesh Singh <brijesh.singh@amd.com>
      9  *
     10  * SEV API specification is available at: https://developer.amd.com/sev/
     11  */
     12 
     13 #ifndef __PSP_SEV_USER_H__
     14 #define __PSP_SEV_USER_H__
     15 
     16 #include <linux/types.h>
     17 
     18 /**
     19  * SEV platform commands
     20  */
     21 enum {
     22 	SEV_FACTORY_RESET = 0,
     23 	SEV_PLATFORM_STATUS,
     24 	SEV_PEK_GEN,
     25 	SEV_PEK_CSR,
     26 	SEV_PDH_GEN,
     27 	SEV_PDH_CERT_EXPORT,
     28 	SEV_PEK_CERT_IMPORT,
     29 	SEV_GET_ID,	/* This command is deprecated, use SEV_GET_ID2 */
     30 	SEV_GET_ID2,
     31 
     32 	SEV_MAX,
     33 };
     34 
     35 /**
     36  * SEV Firmware status code
     37  */
     38 typedef enum {
     39 	SEV_RET_SUCCESS = 0,
     40 	SEV_RET_INVALID_PLATFORM_STATE,
     41 	SEV_RET_INVALID_GUEST_STATE,
     42 	SEV_RET_INAVLID_CONFIG,
     43 	SEV_RET_INVALID_LEN,
     44 	SEV_RET_ALREADY_OWNED,
     45 	SEV_RET_INVALID_CERTIFICATE,
     46 	SEV_RET_POLICY_FAILURE,
     47 	SEV_RET_INACTIVE,
     48 	SEV_RET_INVALID_ADDRESS,
     49 	SEV_RET_BAD_SIGNATURE,
     50 	SEV_RET_BAD_MEASUREMENT,
     51 	SEV_RET_ASID_OWNED,
     52 	SEV_RET_INVALID_ASID,
     53 	SEV_RET_WBINVD_REQUIRED,
     54 	SEV_RET_DFFLUSH_REQUIRED,
     55 	SEV_RET_INVALID_GUEST,
     56 	SEV_RET_INVALID_COMMAND,
     57 	SEV_RET_ACTIVE,
     58 	SEV_RET_HWSEV_RET_PLATFORM,
     59 	SEV_RET_HWSEV_RET_UNSAFE,
     60 	SEV_RET_UNSUPPORTED,
     61 	SEV_RET_INVALID_PARAM,
     62 	SEV_RET_RESOURCE_LIMIT,
     63 	SEV_RET_SECURE_DATA_INVALID,
     64 	SEV_RET_MAX,
     65 } sev_ret_code;
     66 
     67 /**
     68  * struct sev_user_data_status - PLATFORM_STATUS command parameters
     69  *
     70  * @major: major API version
     71  * @minor: minor API version
     72  * @state: platform state
     73  * @flags: platform config flags
     74  * @build: firmware build id for API version
     75  * @guest_count: number of active guests
     76  */
     77 struct sev_user_data_status {
     78 	__u8 api_major;				/* Out */
     79 	__u8 api_minor;				/* Out */
     80 	__u8 state;				/* Out */
     81 	__u32 flags;				/* Out */
     82 	__u8 build;				/* Out */
     83 	__u32 guest_count;			/* Out */
     84 } __attribute__((packed));
     85 
     86 #define SEV_STATUS_FLAGS_CONFIG_ES	0x0100
     87 
     88 /**
     89  * struct sev_user_data_pek_csr - PEK_CSR command parameters
     90  *
     91  * @address: PEK certificate chain
     92  * @length: length of certificate
     93  */
     94 struct sev_user_data_pek_csr {
     95 	__u64 address;				/* In */
     96 	__u32 length;				/* In/Out */
     97 } __attribute__((packed));
     98 
     99 /**
    100  * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
    101  *
    102  * @pek_address: PEK certificate chain
    103  * @pek_len: length of PEK certificate
    104  * @oca_address: OCA certificate chain
    105  * @oca_len: length of OCA certificate
    106  */
    107 struct sev_user_data_pek_cert_import {
    108 	__u64 pek_cert_address;			/* In */
    109 	__u32 pek_cert_len;			/* In */
    110 	__u64 oca_cert_address;			/* In */
    111 	__u32 oca_cert_len;			/* In */
    112 } __attribute__((packed));
    113 
    114 /**
    115  * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
    116  *
    117  * @pdh_address: PDH certificate address
    118  * @pdh_len: length of PDH certificate
    119  * @cert_chain_address: PDH certificate chain
    120  * @cert_chain_len: length of PDH certificate chain
    121  */
    122 struct sev_user_data_pdh_cert_export {
    123 	__u64 pdh_cert_address;			/* In */
    124 	__u32 pdh_cert_len;			/* In/Out */
    125 	__u64 cert_chain_address;		/* In */
    126 	__u32 cert_chain_len;			/* In/Out */
    127 } __attribute__((packed));
    128 
    129 /**
    130  * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
    131  *
    132  * @socket1: Buffer to pass unique ID of first socket
    133  * @socket2: Buffer to pass unique ID of second socket
    134  */
    135 struct sev_user_data_get_id {
    136 	__u8 socket1[64];			/* Out */
    137 	__u8 socket2[64];			/* Out */
    138 } __attribute__((packed));
    139 
    140 /**
    141  * struct sev_user_data_get_id2 - GET_ID command parameters
    142  * @address: Buffer to store unique ID
    143  * @length: length of the unique ID
    144  */
    145 struct sev_user_data_get_id2 {
    146 	__u64 address;				/* In */
    147 	__u32 length;				/* In/Out */
    148 } __attribute__((packed));
    149 
    150 /**
    151  * struct sev_issue_cmd - SEV ioctl parameters
    152  *
    153  * @cmd: SEV commands to execute
    154  * @opaque: pointer to the command structure
    155  * @error: SEV FW return code on failure
    156  */
    157 struct sev_issue_cmd {
    158 	__u32 cmd;				/* In */
    159 	__u64 data;				/* In */
    160 	__u32 error;				/* Out */
    161 } __attribute__((packed));
    162 
    163 #define SEV_IOC_TYPE		'S'
    164 #define SEV_ISSUE_CMD	_IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
    165 
    166 #endif /* __PSP_USER_SEV_H */