]>
Commit | Line | Data |
---|---|---|
f363d039 | 1 | /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */ |
9d8ad114 BS |
2 | /* |
3 | * Userspace interface for AMD Secure Encrypted Virtualization (SEV) | |
4 | * platform management commands. | |
5 | * | |
6 | * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. | |
7 | * | |
8 | * Author: Brijesh Singh <brijesh.singh@amd.com> | |
9 | * | |
d9cb4336 | 10 | * SEV API specification is available at: https://developer.amd.com/sev/ |
9d8ad114 BS |
11 | */ |
12 | ||
13 | #ifndef __PSP_SEV_USER_H__ | |
14 | #define __PSP_SEV_USER_H__ | |
15 | ||
16 | #include <linux/types.h> | |
17 | ||
18 | /** | |
19 | * SEV platform commands | |
20 | */ | |
21 | enum { | |
22 | SEV_FACTORY_RESET = 0, | |
23 | SEV_PLATFORM_STATUS, | |
24 | SEV_PEK_GEN, | |
25 | SEV_PEK_CSR, | |
26 | SEV_PDH_GEN, | |
27 | SEV_PDH_CERT_EXPORT, | |
28 | SEV_PEK_CERT_IMPORT, | |
d9cb4336 CH |
29 | SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ |
30 | SEV_GET_ID2, | |
9d8ad114 BS |
31 | |
32 | SEV_MAX, | |
33 | }; | |
34 | ||
35 | /** | |
36 | * SEV Firmware status code | |
37 | */ | |
38 | typedef enum { | |
d0bf492f CLG |
39 | /* |
40 | * This error code is not in the SEV spec. Its purpose is to convey that | |
41 | * there was an error that prevented the SEV firmware from being called. | |
42 | * The SEV API error codes are 16 bits, so the -1 value will not overlap | |
43 | * with possible values from the specification. | |
44 | */ | |
45 | SEV_RET_NO_FW_CALL = -1, | |
9d8ad114 BS |
46 | SEV_RET_SUCCESS = 0, |
47 | SEV_RET_INVALID_PLATFORM_STATE, | |
48 | SEV_RET_INVALID_GUEST_STATE, | |
49 | SEV_RET_INAVLID_CONFIG, | |
50 | SEV_RET_INVALID_LEN, | |
51 | SEV_RET_ALREADY_OWNED, | |
52 | SEV_RET_INVALID_CERTIFICATE, | |
53 | SEV_RET_POLICY_FAILURE, | |
54 | SEV_RET_INACTIVE, | |
55 | SEV_RET_INVALID_ADDRESS, | |
56 | SEV_RET_BAD_SIGNATURE, | |
57 | SEV_RET_BAD_MEASUREMENT, | |
58 | SEV_RET_ASID_OWNED, | |
59 | SEV_RET_INVALID_ASID, | |
60 | SEV_RET_WBINVD_REQUIRED, | |
61 | SEV_RET_DFFLUSH_REQUIRED, | |
62 | SEV_RET_INVALID_GUEST, | |
63 | SEV_RET_INVALID_COMMAND, | |
64 | SEV_RET_ACTIVE, | |
65 | SEV_RET_HWSEV_RET_PLATFORM, | |
66 | SEV_RET_HWSEV_RET_UNSAFE, | |
67 | SEV_RET_UNSUPPORTED, | |
2a886794 GK |
68 | SEV_RET_INVALID_PARAM, |
69 | SEV_RET_RESOURCE_LIMIT, | |
70 | SEV_RET_SECURE_DATA_INVALID, | |
efb91426 | 71 | SEV_RET_INVALID_KEY = 0x27, |
9d8ad114 BS |
72 | SEV_RET_MAX, |
73 | } sev_ret_code; | |
74 | ||
75 | /** | |
76 | * struct sev_user_data_status - PLATFORM_STATUS command parameters | |
77 | * | |
78 | * @major: major API version | |
79 | * @minor: minor API version | |
80 | * @state: platform state | |
81 | * @flags: platform config flags | |
82 | * @build: firmware build id for API version | |
83 | * @guest_count: number of active guests | |
84 | */ | |
85 | struct sev_user_data_status { | |
86 | __u8 api_major; /* Out */ | |
87 | __u8 api_minor; /* Out */ | |
88 | __u8 state; /* Out */ | |
89 | __u32 flags; /* Out */ | |
90 | __u8 build; /* Out */ | |
91 | __u32 guest_count; /* Out */ | |
92 | } __attribute__((packed)); | |
93 | ||
f76b348e CH |
94 | #define SEV_STATUS_FLAGS_CONFIG_ES 0x0100 |
95 | ||
9d8ad114 BS |
96 | /** |
97 | * struct sev_user_data_pek_csr - PEK_CSR command parameters | |
98 | * | |
99 | * @address: PEK certificate chain | |
100 | * @length: length of certificate | |
101 | */ | |
102 | struct sev_user_data_pek_csr { | |
103 | __u64 address; /* In */ | |
104 | __u32 length; /* In/Out */ | |
105 | } __attribute__((packed)); | |
106 | ||
107 | /** | |
108 | * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters | |
109 | * | |
110 | * @pek_address: PEK certificate chain | |
111 | * @pek_len: length of PEK certificate | |
112 | * @oca_address: OCA certificate chain | |
113 | * @oca_len: length of OCA certificate | |
114 | */ | |
115 | struct sev_user_data_pek_cert_import { | |
116 | __u64 pek_cert_address; /* In */ | |
117 | __u32 pek_cert_len; /* In */ | |
118 | __u64 oca_cert_address; /* In */ | |
119 | __u32 oca_cert_len; /* In */ | |
120 | } __attribute__((packed)); | |
121 | ||
122 | /** | |
123 | * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters | |
124 | * | |
125 | * @pdh_address: PDH certificate address | |
126 | * @pdh_len: length of PDH certificate | |
127 | * @cert_chain_address: PDH certificate chain | |
128 | * @cert_chain_len: length of PDH certificate chain | |
129 | */ | |
130 | struct sev_user_data_pdh_cert_export { | |
131 | __u64 pdh_cert_address; /* In */ | |
132 | __u32 pdh_cert_len; /* In/Out */ | |
133 | __u64 cert_chain_address; /* In */ | |
134 | __u32 cert_chain_len; /* In/Out */ | |
135 | } __attribute__((packed)); | |
136 | ||
77d361b1 | 137 | /** |
d9cb4336 | 138 | * struct sev_user_data_get_id - GET_ID command parameters (deprecated) |
77d361b1 EA |
139 | * |
140 | * @socket1: Buffer to pass unique ID of first socket | |
141 | * @socket2: Buffer to pass unique ID of second socket | |
142 | */ | |
143 | struct sev_user_data_get_id { | |
144 | __u8 socket1[64]; /* Out */ | |
145 | __u8 socket2[64]; /* Out */ | |
146 | } __attribute__((packed)); | |
147 | ||
d9cb4336 CH |
148 | /** |
149 | * struct sev_user_data_get_id2 - GET_ID command parameters | |
150 | * @address: Buffer to store unique ID | |
151 | * @length: length of the unique ID | |
152 | */ | |
153 | struct sev_user_data_get_id2 { | |
154 | __u64 address; /* In */ | |
155 | __u32 length; /* In/Out */ | |
156 | } __attribute__((packed)); | |
157 | ||
9d8ad114 BS |
158 | /** |
159 | * struct sev_issue_cmd - SEV ioctl parameters | |
160 | * | |
161 | * @cmd: SEV commands to execute | |
162 | * @opaque: pointer to the command structure | |
163 | * @error: SEV FW return code on failure | |
164 | */ | |
165 | struct sev_issue_cmd { | |
166 | __u32 cmd; /* In */ | |
167 | __u64 data; /* In */ | |
168 | __u32 error; /* Out */ | |
169 | } __attribute__((packed)); | |
170 | ||
171 | #define SEV_IOC_TYPE 'S' | |
172 | #define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd) | |
173 | ||
174 | #endif /* __PSP_USER_SEV_H */ |