crypto: ccp - Add sysfs attribute for boot integrity

The boot integrity attribute represents that the CPU or APU is used for the
hardware root of trust in the boot process.  This bit only represents the
CPU/APU and some vendors have other hardware root of trust implementations
specific to their designs.

Link: https://github.com/fwupd/fwupd/pull/9825
Reviewed-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/Documentation/ABI/testing/sysfs-driver-ccp b/Documentation/ABI/testing/sysfs-driver-ccp
index ee6b787eee7a0332e6071143bd618feec3d3b4ce..6ec74b9a292a71419b3da1d663c023ffa1f302ee 100644 (file)
--- a/Documentation/ABI/testing/sysfs-driver-ccp
+++ b/Documentation/ABI/testing/sysfs-driver-ccp
@@ -8,6 +8,21 @@ Description:
                0: Not fused
                1: Fused
 
+What:          /sys/bus/pci/devices/<BDF>/boot_integrity
+Date:          April 2026
+KernelVersion: 6.20
+Contact:       mario.limonciello@amd.com
+Description:
+               The /sys/bus/pci/devices/<BDF>/boot_integrity reports
+               whether the AMD CPU or APU is used for a hardware root of trust
+               during the boot process.
+               Possible values:
+               0: Not hardware root of trust.
+               1: Hardware root of trust
+
+               NOTE: Vendors may provide design specific alternative hardware
+               root of trust implementations.
+
 What:          /sys/bus/pci/devices/<BDF>/debug_lock_on
 Date:          June 2022
 KernelVersion: 5.19

diff --git a/drivers/crypto/ccp/hsti.c b/drivers/crypto/ccp/hsti.c
index c29c6a9c0f3f94161a3da845734cee7c57eccc68..4b44729a019ea20a9f09da7fc9aa1c1cfb8f668d 100644 (file)
--- a/drivers/crypto/ccp/hsti.c
+++ b/drivers/crypto/ccp/hsti.c
@@ -30,6 +30,8 @@ static ssize_t name##_show(struct device *d, struct device_attribute *attr,   \
 
 security_attribute_show(fused_part)
 static DEVICE_ATTR_RO(fused_part);
+security_attribute_show(boot_integrity)
+static DEVICE_ATTR_RO(boot_integrity);
 security_attribute_show(debug_lock_on)
 static DEVICE_ATTR_RO(debug_lock_on);
 security_attribute_show(tsme_status)
@@ -47,6 +49,7 @@ static DEVICE_ATTR_RO(rom_armor_enforced);
 
 static struct attribute *psp_security_attrs[] = {
        &dev_attr_fused_part.attr,
+       &dev_attr_boot_integrity.attr,
        &dev_attr_debug_lock_on.attr,
        &dev_attr_tsme_status.attr,
        &dev_attr_anti_rollback_status.attr,

diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h
index 268c83f298cb0d6db57399a59ad6255cc23fd176..4e370e76b6ca5481e8fa4bb83ff7feb5f2a23728 100644 (file)
--- a/drivers/crypto/ccp/psp-dev.h
+++ b/drivers/crypto/ccp/psp-dev.h
@@ -36,7 +36,7 @@ union psp_cap_register {
                             rsvd1                      :3,
                             security_reporting         :1,
                             fused_part                 :1,
-                            rsvd2                      :1,
+                            boot_integrity             :1,
                             debug_lock_on              :1,
                             rsvd3                      :2,
                             tsme_status                :1,