/* SPDX-License-Identifier: GPL-2.0 */ /* * AMD Encrypted Register State Support * * Author: Joerg Roedel <[email protected]> */ #ifndef __ASM_ENCRYPTED_STATE_H #define __ASM_ENCRYPTED_STATE_H #include <linux/types.h> #include <linux/sev-guest.h> #include <asm/insn.h> #include <asm/sev-common.h> #include <asm/coco.h> #define GHCB_PROTOCOL_MIN … #define GHCB_PROTOCOL_MAX … #define GHCB_DEFAULT_USAGE … #define VMGEXIT() … struct boot_params; enum es_result { … }; struct es_fault_info { … }; struct pt_regs; /* ES instruction emulation context */ struct es_em_ctxt { … }; /* * AMD SEV Confidential computing blob structure. The structure is * defined in OVMF UEFI firmware header: * https://github.com/tianocore/edk2/blob/master/OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h */ #define CC_BLOB_SEV_HDR_MAGIC … struct cc_blob_sev_info { … } __packed; void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code); static inline u64 lower_bits(u64 val, unsigned int bits) { … } struct real_mode_header; enum stack_type; /* Early IDT entry points for #VC handler */ extern void vc_no_ghcb(void); extern void vc_boot_ghcb(void); extern bool handle_vc_boot_ghcb(struct pt_regs *regs); /* PVALIDATE return codes */ #define PVALIDATE_FAIL_SIZEMISMATCH … /* Software defined (when rFlags.CF = 1) */ #define PVALIDATE_FAIL_NOUPDATE … /* RMUPDATE detected 4K page and 2MB page overlap. */ #define RMPUPDATE_FAIL_OVERLAP … /* PSMASH failed due to concurrent access by another CPU */ #define PSMASH_FAIL_INUSE … /* RMP page size */ #define RMP_PG_SIZE_4K … #define RMP_PG_SIZE_2M … #define RMP_TO_PG_LEVEL(level) … #define PG_LEVEL_TO_RMP(level) … struct rmp_state { … } __packed; #define RMPADJUST_VMSA_PAGE_BIT … /* SNP Guest message request */ struct snp_req_data { … }; #define MAX_AUTHTAG_LEN … /* See SNP spec SNP_GUEST_REQUEST section for the structure */ enum msg_type { … }; enum aead_algo { … }; struct snp_guest_msg_hdr { … } __packed; struct snp_guest_msg { … } __packed; struct sev_guest_platform_data { … }; /* * The secrets page contains 96-bytes of reserved field that can be used by * the guest OS. The guest OS uses the area to save the message sequence * number for each VMPCK. * * See the GHCB spec section Secret page layout for the format for this area. */ struct secrets_os_area { … } __packed; #define VMPCK_KEY_LEN … /* See the SNP spec version 0.9 for secrets page format */ struct snp_secrets_page { … } __packed; /* * The SVSM Calling Area (CA) related structures. */ struct svsm_ca { … }; #define SVSM_SUCCESS … #define SVSM_ERR_INCOMPLETE … #define SVSM_ERR_UNSUPPORTED_PROTOCOL … #define SVSM_ERR_UNSUPPORTED_CALL … #define SVSM_ERR_INVALID_ADDRESS … #define SVSM_ERR_INVALID_FORMAT … #define SVSM_ERR_INVALID_PARAMETER … #define SVSM_ERR_INVALID_REQUEST … #define SVSM_ERR_BUSY … #define SVSM_PVALIDATE_FAIL_SIZEMISMATCH … /* * The SVSM PVALIDATE related structures */ struct svsm_pvalidate_entry { … }; struct svsm_pvalidate_call { … }; #define SVSM_PVALIDATE_MAX_COUNT … /* * The SVSM Attestation related structures */ struct svsm_loc_entry { … }; struct svsm_attest_call { … }; /* * SVSM protocol structure */ struct svsm_call { … }; #define SVSM_CORE_CALL(x) … #define SVSM_CORE_REMAP_CA … #define SVSM_CORE_PVALIDATE … #define SVSM_CORE_CREATE_VCPU … #define SVSM_CORE_DELETE_VCPU … #define SVSM_ATTEST_CALL(x) … #define SVSM_ATTEST_SERVICES … #define SVSM_ATTEST_SINGLE_SERVICE … #ifdef CONFIG_AMD_MEM_ENCRYPT extern u8 snp_vmpl; extern void __sev_es_ist_enter(struct pt_regs *regs); extern void __sev_es_ist_exit(void); static __always_inline void sev_es_ist_enter(struct pt_regs *regs) { … } static __always_inline void sev_es_ist_exit(void) { … } extern int sev_es_setup_ap_jump_table(struct real_mode_header *rmh); extern void __sev_es_nmi_complete(void); static __always_inline void sev_es_nmi_complete(void) { … } extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd); extern void sev_enable(struct boot_params *bp); /* * RMPADJUST modifies the RMP permissions of a page of a lesser- * privileged (numerically higher) VMPL. * * If the guest is running at a higher-privilege than the privilege * level the instruction is targeting, the instruction will succeed, * otherwise, it will fail. */ static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { … } static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { … } struct snp_guest_request_ioctl; void setup_ghcb(void); void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages); void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); void snp_dmi_setup(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); void snp_update_svsm_ca(void); #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define snp_vmpl … static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } static inline int sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { return 0; } static inline void sev_es_nmi_complete(void) { } static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; } static inline void sev_enable(struct boot_params *bp) { } static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) { return 0; } static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs) { return 0; } static inline void setup_ghcb(void) { } static inline void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline void snp_dmi_setup(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; } static inline int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input) { return -ENOTTY; } static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ #ifdef CONFIG_KVM_AMD_SEV bool snp_probe_rmptable_info(void); int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); void snp_leak_pages(u64 pfn, unsigned int npages); void kdump_sev_callback(void); void snp_fixup_e820_tables(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } static inline void snp_dump_hva_rmpentry(unsigned long address) {} static inline int psmash(u64 pfn) { return -ENODEV; } static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable) { return -ENODEV; } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} static inline void kdump_sev_callback(void) { } static inline void snp_fixup_e820_tables(void) {} #endif #endif
Codebase Browser
linux