root/include/uapi/linux/psp-sev.h

INCLUDED FROM

   1 /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
   2 /*
   3  * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
   4  * platform management commands.
   5  *
   6  * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
   7  *
   8  * Author: Brijesh Singh <brijesh.singh@amd.com>
   9  *
  10  * SEV API specification is available at: https://developer.amd.com/sev/
  11  */
  12 
  13 #ifndef __PSP_SEV_USER_H__
  14 #define __PSP_SEV_USER_H__
  15 
  16 #include <linux/types.h>
  17 
  18 /**
  19  * SEV platform commands
  20  */
  21 enum {
  22         SEV_FACTORY_RESET = 0,
  23         SEV_PLATFORM_STATUS,
  24         SEV_PEK_GEN,
  25         SEV_PEK_CSR,
  26         SEV_PDH_GEN,
  27         SEV_PDH_CERT_EXPORT,
  28         SEV_PEK_CERT_IMPORT,
  29         SEV_GET_ID,     /* This command is deprecated, use SEV_GET_ID2 */
  30         SEV_GET_ID2,
  31 
  32         SEV_MAX,
  33 };
  34 
  35 /**
  36  * SEV Firmware status code
  37  */
  38 typedef enum {
  39         SEV_RET_SUCCESS = 0,
  40         SEV_RET_INVALID_PLATFORM_STATE,
  41         SEV_RET_INVALID_GUEST_STATE,
  42         SEV_RET_INAVLID_CONFIG,
  43         SEV_RET_INVALID_LEN,
  44         SEV_RET_ALREADY_OWNED,
  45         SEV_RET_INVALID_CERTIFICATE,
  46         SEV_RET_POLICY_FAILURE,
  47         SEV_RET_INACTIVE,
  48         SEV_RET_INVALID_ADDRESS,
  49         SEV_RET_BAD_SIGNATURE,
  50         SEV_RET_BAD_MEASUREMENT,
  51         SEV_RET_ASID_OWNED,
  52         SEV_RET_INVALID_ASID,
  53         SEV_RET_WBINVD_REQUIRED,
  54         SEV_RET_DFFLUSH_REQUIRED,
  55         SEV_RET_INVALID_GUEST,
  56         SEV_RET_INVALID_COMMAND,
  57         SEV_RET_ACTIVE,
  58         SEV_RET_HWSEV_RET_PLATFORM,
  59         SEV_RET_HWSEV_RET_UNSAFE,
  60         SEV_RET_UNSUPPORTED,
  61         SEV_RET_MAX,
  62 } sev_ret_code;
  63 
  64 /**
  65  * struct sev_user_data_status - PLATFORM_STATUS command parameters
  66  *
  67  * @major: major API version
  68  * @minor: minor API version
  69  * @state: platform state
  70  * @flags: platform config flags
  71  * @build: firmware build id for API version
  72  * @guest_count: number of active guests
  73  */
  74 struct sev_user_data_status {
  75         __u8 api_major;                         /* Out */
  76         __u8 api_minor;                         /* Out */
  77         __u8 state;                             /* Out */
  78         __u32 flags;                            /* Out */
  79         __u8 build;                             /* Out */
  80         __u32 guest_count;                      /* Out */
  81 } __packed;
  82 
  83 /**
  84  * struct sev_user_data_pek_csr - PEK_CSR command parameters
  85  *
  86  * @address: PEK certificate chain
  87  * @length: length of certificate
  88  */
  89 struct sev_user_data_pek_csr {
  90         __u64 address;                          /* In */
  91         __u32 length;                           /* In/Out */
  92 } __packed;
  93 
  94 /**
  95  * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
  96  *
  97  * @pek_address: PEK certificate chain
  98  * @pek_len: length of PEK certificate
  99  * @oca_address: OCA certificate chain
 100  * @oca_len: length of OCA certificate
 101  */
 102 struct sev_user_data_pek_cert_import {
 103         __u64 pek_cert_address;                 /* In */
 104         __u32 pek_cert_len;                     /* In */
 105         __u64 oca_cert_address;                 /* In */
 106         __u32 oca_cert_len;                     /* In */
 107 } __packed;
 108 
 109 /**
 110  * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
 111  *
 112  * @pdh_address: PDH certificate address
 113  * @pdh_len: length of PDH certificate
 114  * @cert_chain_address: PDH certificate chain
 115  * @cert_chain_len: length of PDH certificate chain
 116  */
 117 struct sev_user_data_pdh_cert_export {
 118         __u64 pdh_cert_address;                 /* In */
 119         __u32 pdh_cert_len;                     /* In/Out */
 120         __u64 cert_chain_address;               /* In */
 121         __u32 cert_chain_len;                   /* In/Out */
 122 } __packed;
 123 
 124 /**
 125  * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
 126  *
 127  * @socket1: Buffer to pass unique ID of first socket
 128  * @socket2: Buffer to pass unique ID of second socket
 129  */
 130 struct sev_user_data_get_id {
 131         __u8 socket1[64];                       /* Out */
 132         __u8 socket2[64];                       /* Out */
 133 } __packed;
 134 
 135 /**
 136  * struct sev_user_data_get_id2 - GET_ID command parameters
 137  * @address: Buffer to store unique ID
 138  * @length: length of the unique ID
 139  */
 140 struct sev_user_data_get_id2 {
 141         __u64 address;                          /* In */
 142         __u32 length;                           /* In/Out */
 143 } __packed;
 144 
 145 /**
 146  * struct sev_issue_cmd - SEV ioctl parameters
 147  *
 148  * @cmd: SEV commands to execute
 149  * @opaque: pointer to the command structure
 150  * @error: SEV FW return code on failure
 151  */
 152 struct sev_issue_cmd {
 153         __u32 cmd;                              /* In */
 154         __u64 data;                             /* In */
 155         __u32 error;                            /* Out */
 156 } __packed;
 157 
 158 #define SEV_IOC_TYPE            'S'
 159 #define SEV_ISSUE_CMD   _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
 160 
 161 #endif /* __PSP_USER_SEV_H */