Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
0002 /*
0003  * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
0004  * platform management commands.
0005  *
0006  * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
0007  *
0008  * Author: Brijesh Singh <brijesh.singh@amd.com>
0009  *
0010  * SEV API specification is available at: https://developer.amd.com/sev/
0011  */
0012 
0013 #ifndef __PSP_SEV_USER_H__
0014 #define __PSP_SEV_USER_H__
0015 
0016 #include <linux/types.h>
0017 
0018 /**
0019  * SEV platform commands
0020  */
0021 enum {
0022     SEV_FACTORY_RESET = 0,
0023     SEV_PLATFORM_STATUS,
0024     SEV_PEK_GEN,
0025     SEV_PEK_CSR,
0026     SEV_PDH_GEN,
0027     SEV_PDH_CERT_EXPORT,
0028     SEV_PEK_CERT_IMPORT,
0029     SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
0030     SEV_GET_ID2,
0031 
0032     SEV_MAX,
0033 };
0034 
0035 /**
0036  * SEV Firmware status code
0037  */
0038 typedef enum {
0039     SEV_RET_SUCCESS = 0,
0040     SEV_RET_INVALID_PLATFORM_STATE,
0041     SEV_RET_INVALID_GUEST_STATE,
0042     SEV_RET_INAVLID_CONFIG,
0043     SEV_RET_INVALID_LEN,
0044     SEV_RET_ALREADY_OWNED,
0045     SEV_RET_INVALID_CERTIFICATE,
0046     SEV_RET_POLICY_FAILURE,
0047     SEV_RET_INACTIVE,
0048     SEV_RET_INVALID_ADDRESS,
0049     SEV_RET_BAD_SIGNATURE,
0050     SEV_RET_BAD_MEASUREMENT,
0051     SEV_RET_ASID_OWNED,
0052     SEV_RET_INVALID_ASID,
0053     SEV_RET_WBINVD_REQUIRED,
0054     SEV_RET_DFFLUSH_REQUIRED,
0055     SEV_RET_INVALID_GUEST,
0056     SEV_RET_INVALID_COMMAND,
0057     SEV_RET_ACTIVE,
0058     SEV_RET_HWSEV_RET_PLATFORM,
0059     SEV_RET_HWSEV_RET_UNSAFE,
0060     SEV_RET_UNSUPPORTED,
0061     SEV_RET_INVALID_PARAM,
0062     SEV_RET_RESOURCE_LIMIT,
0063     SEV_RET_SECURE_DATA_INVALID,
0064     SEV_RET_MAX,
0065 } sev_ret_code;
0066 
0067 /**
0068  * struct sev_user_data_status - PLATFORM_STATUS command parameters
0069  *
0070  * @major: major API version
0071  * @minor: minor API version
0072  * @state: platform state
0073  * @flags: platform config flags
0074  * @build: firmware build id for API version
0075  * @guest_count: number of active guests
0076  */
0077 struct sev_user_data_status {
0078     __u8 api_major;             /* Out */
0079     __u8 api_minor;             /* Out */
0080     __u8 state;             /* Out */
0081     __u32 flags;                /* Out */
0082     __u8 build;             /* Out */
0083     __u32 guest_count;          /* Out */
0084 } __packed;
0085 
0086 #define SEV_STATUS_FLAGS_CONFIG_ES  0x0100
0087 
0088 /**
0089  * struct sev_user_data_pek_csr - PEK_CSR command parameters
0090  *
0091  * @address: PEK certificate chain
0092  * @length: length of certificate
0093  */
0094 struct sev_user_data_pek_csr {
0095     __u64 address;              /* In */
0096     __u32 length;               /* In/Out */
0097 } __packed;
0098 
0099 /**
0100  * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
0101  *
0102  * @pek_address: PEK certificate chain
0103  * @pek_len: length of PEK certificate
0104  * @oca_address: OCA certificate chain
0105  * @oca_len: length of OCA certificate
0106  */
0107 struct sev_user_data_pek_cert_import {
0108     __u64 pek_cert_address;         /* In */
0109     __u32 pek_cert_len;         /* In */
0110     __u64 oca_cert_address;         /* In */
0111     __u32 oca_cert_len;         /* In */
0112 } __packed;
0113 
0114 /**
0115  * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
0116  *
0117  * @pdh_address: PDH certificate address
0118  * @pdh_len: length of PDH certificate
0119  * @cert_chain_address: PDH certificate chain
0120  * @cert_chain_len: length of PDH certificate chain
0121  */
0122 struct sev_user_data_pdh_cert_export {
0123     __u64 pdh_cert_address;         /* In */
0124     __u32 pdh_cert_len;         /* In/Out */
0125     __u64 cert_chain_address;       /* In */
0126     __u32 cert_chain_len;           /* In/Out */
0127 } __packed;
0128 
0129 /**
0130  * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
0131  *
0132  * @socket1: Buffer to pass unique ID of first socket
0133  * @socket2: Buffer to pass unique ID of second socket
0134  */
0135 struct sev_user_data_get_id {
0136     __u8 socket1[64];           /* Out */
0137     __u8 socket2[64];           /* Out */
0138 } __packed;
0139 
0140 /**
0141  * struct sev_user_data_get_id2 - GET_ID command parameters
0142  * @address: Buffer to store unique ID
0143  * @length: length of the unique ID
0144  */
0145 struct sev_user_data_get_id2 {
0146     __u64 address;              /* In */
0147     __u32 length;               /* In/Out */
0148 } __packed;
0149 
0150 /**
0151  * struct sev_issue_cmd - SEV ioctl parameters
0152  *
0153  * @cmd: SEV commands to execute
0154  * @opaque: pointer to the command structure
0155  * @error: SEV FW return code on failure
0156  */
0157 struct sev_issue_cmd {
0158     __u32 cmd;              /* In */
0159     __u64 data;             /* In */
0160     __u32 error;                /* Out */
0161 } __packed;
0162 
0163 #define SEV_IOC_TYPE        'S'
0164 #define SEV_ISSUE_CMD   _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
0165 
0166 #endif /* __PSP_USER_SEV_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!