psp-sev.h source code [linux/include/linux/psp-sev.h]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* AMD Secure Encrypted Virtualization (SEV) driver interface
4	*
5	* Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
6	*
7	* Author: Brijesh Singh <brijesh.singh@amd.com>
8	*
9	* SEV API spec is available at https://developer.amd.com/sev
10	*/
11
12	#ifndef __PSP_SEV_H__
13	#define __PSP_SEV_H__
14
15	#include <uapi/linux/psp-sev.h>
16
17	#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */
18
19	/**
20	* SEV platform state
21	*/
22	enum sev_state {
23	SEV_STATE_UNINIT = `0x0`,
24	SEV_STATE_INIT = `0x1`,
25	SEV_STATE_WORKING = `0x2`,
26
27	SEV_STATE_MAX
28	};
29
30	/**
31	* SEV platform and guest management commands
32	*/
33	enum sev_cmd {
34	/ platform commands /
35	SEV_CMD_INIT = `0x001`,
36	SEV_CMD_SHUTDOWN = `0x002`,
37	SEV_CMD_FACTORY_RESET = `0x003`,
38	SEV_CMD_PLATFORM_STATUS = `0x004`,
39	SEV_CMD_PEK_GEN = `0x005`,
40	SEV_CMD_PEK_CSR = `0x006`,
41	SEV_CMD_PEK_CERT_IMPORT = `0x007`,
42	SEV_CMD_PDH_CERT_EXPORT = `0x008`,
43	SEV_CMD_PDH_GEN = `0x009`,
44	SEV_CMD_DF_FLUSH = `0x00A`,
45	SEV_CMD_DOWNLOAD_FIRMWARE = `0x00B`,
46	SEV_CMD_GET_ID = `0x00C`,
47	SEV_CMD_INIT_EX = `0x00D`,
48
49	/ Guest commands /
50	SEV_CMD_DECOMMISSION = `0x020`,
51	SEV_CMD_ACTIVATE = `0x021`,
52	SEV_CMD_DEACTIVATE = `0x022`,
53	SEV_CMD_GUEST_STATUS = `0x023`,
54
55	/ Guest launch commands /
56	SEV_CMD_LAUNCH_START = `0x030`,
57	SEV_CMD_LAUNCH_UPDATE_DATA = `0x031`,
58	SEV_CMD_LAUNCH_UPDATE_VMSA = `0x032`,
59	SEV_CMD_LAUNCH_MEASURE = `0x033`,
60	SEV_CMD_LAUNCH_UPDATE_SECRET = `0x034`,
61	SEV_CMD_LAUNCH_FINISH = `0x035`,
62	SEV_CMD_ATTESTATION_REPORT = `0x036`,
63
64	/ Guest migration commands (outgoing) /
65	SEV_CMD_SEND_START = `0x040`,
66	SEV_CMD_SEND_UPDATE_DATA = `0x041`,
67	SEV_CMD_SEND_UPDATE_VMSA = `0x042`,
68	SEV_CMD_SEND_FINISH = `0x043`,
69	SEV_CMD_SEND_CANCEL = `0x044`,
70
71	/ Guest migration commands (incoming) /
72	SEV_CMD_RECEIVE_START = `0x050`,
73	SEV_CMD_RECEIVE_UPDATE_DATA = `0x051`,
74	SEV_CMD_RECEIVE_UPDATE_VMSA = `0x052`,
75	SEV_CMD_RECEIVE_FINISH = `0x053`,
76
77	/ Guest debug commands /
78	SEV_CMD_DBG_DECRYPT = `0x060`,
79	SEV_CMD_DBG_ENCRYPT = `0x061`,
80
81	/ SNP specific commands /
82	SEV_CMD_SNP_INIT = `0x081`,
83	SEV_CMD_SNP_SHUTDOWN = `0x082`,
84	SEV_CMD_SNP_PLATFORM_STATUS = `0x083`,
85	SEV_CMD_SNP_DF_FLUSH = `0x084`,
86	SEV_CMD_SNP_INIT_EX = `0x085`,
87	SEV_CMD_SNP_SHUTDOWN_EX = `0x086`,
88	SEV_CMD_SNP_DECOMMISSION = `0x090`,
89	SEV_CMD_SNP_ACTIVATE = `0x091`,
90	SEV_CMD_SNP_GUEST_STATUS = `0x092`,
91	SEV_CMD_SNP_GCTX_CREATE = `0x093`,
92	SEV_CMD_SNP_GUEST_REQUEST = `0x094`,
93	SEV_CMD_SNP_ACTIVATE_EX = `0x095`,
94	SEV_CMD_SNP_LAUNCH_START = `0x0A0`,
95	SEV_CMD_SNP_LAUNCH_UPDATE = `0x0A1`,
96	SEV_CMD_SNP_LAUNCH_FINISH = `0x0A2`,
97	SEV_CMD_SNP_DBG_DECRYPT = `0x0B0`,
98	SEV_CMD_SNP_DBG_ENCRYPT = `0x0B1`,
99	SEV_CMD_SNP_PAGE_SWAP_OUT = `0x0C0`,
100	SEV_CMD_SNP_PAGE_SWAP_IN = `0x0C1`,
101	SEV_CMD_SNP_PAGE_MOVE = `0x0C2`,
102	SEV_CMD_SNP_PAGE_MD_INIT = `0x0C3`,
103	SEV_CMD_SNP_PAGE_SET_STATE = `0x0C6`,
104	SEV_CMD_SNP_PAGE_RECLAIM = `0x0C7`,
105	SEV_CMD_SNP_PAGE_UNSMASH = `0x0C8`,
106	SEV_CMD_SNP_CONFIG = `0x0C9`,
107	SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX = `0x0CA`,
108	SEV_CMD_SNP_COMMIT = `0x0CB`,
109	SEV_CMD_SNP_VLEK_LOAD = `0x0CD`,
110
111	SEV_CMD_MAX,
112	};
113
114	/**
115	* struct sev_data_init - INIT command parameters
116	*
117	* @flags: processing flags
118	* @tmr_address: system physical address used for SEV-ES
119	* @tmr_len: len of tmr_address
120	*/
121	struct sev_data_init {
122	u32 flags; / In /
123	u32 reserved; / In /
124	u64 tmr_address; / In /
125	u32 tmr_len; / In /
126	} __packed;
127
128	/**
129	* struct sev_data_init_ex - INIT_EX command parameters
130	*
131	* @length: len of the command buffer read by the PSP
132	* @flags: processing flags
133	* @tmr_address: system physical address used for SEV-ES
134	* @tmr_len: len of tmr_address
135	* @nv_address: system physical address used for PSP NV storage
136	* @nv_len: len of nv_address
137	*/
138	struct sev_data_init_ex {
139	u32 length; / In /
140	u32 flags; / In /
141	u64 tmr_address; / In /
142	u32 tmr_len; / In /
143	u32 reserved; / In /
144	u64 nv_address; / In/Out /
145	u32 nv_len; / In /
146	} __packed;
147
148	#define SEV_INIT_FLAGS_SEV_ES 0x01
149
150	/**
151	* struct sev_data_pek_csr - PEK_CSR command parameters
152	*
153	* @address: PEK certificate chain
154	* @len: len of certificate
155	*/
156	struct sev_data_pek_csr {
157	u64 address; / In /
158	u32 len; / In/Out /
159	} __packed;
160
161	/**
162	* struct sev_data_cert_import - PEK_CERT_IMPORT command parameters
163	*
164	* @pek_address: PEK certificate chain
165	* @pek_len: len of PEK certificate
166	* @oca_address: OCA certificate chain
167	* @oca_len: len of OCA certificate
168	*/
169	struct sev_data_pek_cert_import {
170	u64 pek_cert_address; / In /
171	u32 pek_cert_len; / In /
172	u32 reserved; / In /
173	u64 oca_cert_address; / In /
174	u32 oca_cert_len; / In /
175	} __packed;
176
177	/**
178	* struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters
179	*
180	* @address: physical address of firmware image
181	* @len: len of the firmware image
182	*/
183	struct sev_data_download_firmware {
184	u64 address; / In /
185	u32 len; / In /
186	} __packed;
187
188	/**
189	* struct sev_data_get_id - GET_ID command parameters
190	*
191	* @address: physical address of region to place unique CPU ID(s)
192	* @len: len of the region
193	*/
194	struct sev_data_get_id {
195	u64 address; / In /
196	u32 len; / In/Out /
197	} __packed;
198	/**
199	* struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
200	*
201	* @pdh_address: PDH certificate address
202	* @pdh_len: len of PDH certificate
203	* @cert_chain_address: PDH certificate chain
204	* @cert_chain_len: len of PDH certificate chain
205	*/
206	struct sev_data_pdh_cert_export {
207	u64 pdh_cert_address; / In /
208	u32 pdh_cert_len; / In/Out /
209	u32 reserved; / In /
210	u64 cert_chain_address; / In /
211	u32 cert_chain_len; / In/Out /
212	} __packed;
213
214	/**
215	* struct sev_data_decommission - DECOMMISSION command parameters
216	*
217	* @handle: handle of the VM to decommission
218	*/
219	struct sev_data_decommission {
220	u32 handle; / In /
221	} __packed;
222
223	/**
224	* struct sev_data_activate - ACTIVATE command parameters
225	*
226	* @handle: handle of the VM to activate
227	* @asid: asid assigned to the VM
228	*/
229	struct sev_data_activate {
230	u32 handle; / In /
231	u32 asid; / In /
232	} __packed;
233
234	/**
235	* struct sev_data_deactivate - DEACTIVATE command parameters
236	*
237	* @handle: handle of the VM to deactivate
238	*/
239	struct sev_data_deactivate {
240	u32 handle; / In /
241	} __packed;
242
243	/**
244	* struct sev_data_guest_status - SEV GUEST_STATUS command parameters
245	*
246	* @handle: handle of the VM to retrieve status
247	* @policy: policy information for the VM
248	* @asid: current ASID of the VM
249	* @state: current state of the VM
250	*/
251	struct sev_data_guest_status {
252	u32 handle; / In /
253	u32 policy; / Out /
254	u32 asid; / Out /
255	u8 state; / Out /
256	} __packed;
257
258	/**
259	* struct sev_data_launch_start - LAUNCH_START command parameters
260	*
261	* @handle: handle assigned to the VM
262	* @policy: guest launch policy
263	* @dh_cert_address: physical address of DH certificate blob
264	* @dh_cert_len: len of DH certificate blob
265	* @session_address: physical address of session parameters
266	* @session_len: len of session parameters
267	*/
268	struct sev_data_launch_start {
269	u32 handle; / In/Out /
270	u32 policy; / In /
271	u64 dh_cert_address; / In /
272	u32 dh_cert_len; / In /
273	u32 reserved; / In /
274	u64 session_address; / In /
275	u32 session_len; / In /
276	} __packed;
277
278	/**
279	* struct sev_data_launch_update_data - LAUNCH_UPDATE_DATA command parameter
280	*
281	* @handle: handle of the VM to update
282	* @len: len of memory to be encrypted
283	* @address: physical address of memory region to encrypt
284	*/
285	struct sev_data_launch_update_data {
286	u32 handle; / In /
287	u32 reserved;
288	u64 address; / In /
289	u32 len; / In /
290	} __packed;
291
292	/**
293	* struct sev_data_launch_update_vmsa - LAUNCH_UPDATE_VMSA command
294	*
295	* @handle: handle of the VM
296	* @address: physical address of memory region to encrypt
297	* @len: len of memory region to encrypt
298	*/
299	struct sev_data_launch_update_vmsa {
300	u32 handle; / In /
301	u32 reserved;
302	u64 address; / In /
303	u32 len; / In /
304	} __packed;
305
306	/**
307	* struct sev_data_launch_measure - LAUNCH_MEASURE command parameters
308	*
309	* @handle: handle of the VM to process
310	* @address: physical address containing the measurement blob
311	* @len: len of measurement blob
312	*/
313	struct sev_data_launch_measure {
314	u32 handle; / In /
315	u32 reserved;
316	u64 address; / In /
317	u32 len; / In/Out /
318	} __packed;
319
320	/**
321	* struct sev_data_launch_secret - LAUNCH_SECRET command parameters
322	*
323	* @handle: handle of the VM to process
324	* @hdr_address: physical address containing the packet header
325	* @hdr_len: len of packet header
326	* @guest_address: system physical address of guest memory region
327	* @guest_len: len of guest_paddr
328	* @trans_address: physical address of transport memory buffer
329	* @trans_len: len of transport memory buffer
330	*/
331	struct sev_data_launch_secret {
332	u32 handle; / In /
333	u32 reserved1;
334	u64 hdr_address; / In /
335	u32 hdr_len; / In /
336	u32 reserved2;
337	u64 guest_address; / In /
338	u32 guest_len; / In /
339	u32 reserved3;
340	u64 trans_address; / In /
341	u32 trans_len; / In /
342	} __packed;
343
344	/**
345	* struct sev_data_launch_finish - LAUNCH_FINISH command parameters
346	*
347	* @handle: handle of the VM to process
348	*/
349	struct sev_data_launch_finish {
350	u32 handle; / In /
351	} __packed;
352
353	/**
354	* struct sev_data_send_start - SEND_START command parameters
355	*
356	* @handle: handle of the VM to process
357	* @policy: policy information for the VM
358	* @pdh_cert_address: physical address containing PDH certificate
359	* @pdh_cert_len: len of PDH certificate
360	* @plat_certs_address: physical address containing platform certificate
361	* @plat_certs_len: len of platform certificate
362	* @amd_certs_address: physical address containing AMD certificate
363	* @amd_certs_len: len of AMD certificate
364	* @session_address: physical address containing Session data
365	* @session_len: len of session data
366	*/
367	struct sev_data_send_start {
368	u32 handle; / In /
369	u32 policy; / Out /
370	u64 pdh_cert_address; / In /
371	u32 pdh_cert_len; / In /
372	u32 reserved1;
373	u64 plat_certs_address; / In /
374	u32 plat_certs_len; / In /
375	u32 reserved2;
376	u64 amd_certs_address; / In /
377	u32 amd_certs_len; / In /
378	u32 reserved3;
379	u64 session_address; / In /
380	u32 session_len; / In/Out /
381	} __packed;
382
383	/**
384	* struct sev_data_send_update - SEND_UPDATE_DATA command
385	*
386	* @handle: handle of the VM to process
387	* @hdr_address: physical address containing packet header
388	* @hdr_len: len of packet header
389	* @guest_address: physical address of guest memory region to send
390	* @guest_len: len of guest memory region to send
391	* @trans_address: physical address of host memory region
392	* @trans_len: len of host memory region
393	*/
394	struct sev_data_send_update_data {
395	u32 handle; / In /
396	u32 reserved1;
397	u64 hdr_address; / In /
398	u32 hdr_len; / In/Out /
399	u32 reserved2;
400	u64 guest_address; / In /
401	u32 guest_len; / In /
402	u32 reserved3;
403	u64 trans_address; / In /
404	u32 trans_len; / In /
405	} __packed;
406
407	/**
408	* struct sev_data_send_update - SEND_UPDATE_VMSA command
409	*
410	* @handle: handle of the VM to process
411	* @hdr_address: physical address containing packet header
412	* @hdr_len: len of packet header
413	* @guest_address: physical address of guest memory region to send
414	* @guest_len: len of guest memory region to send
415	* @trans_address: physical address of host memory region
416	* @trans_len: len of host memory region
417	*/
418	struct sev_data_send_update_vmsa {
419	u32 handle; / In /
420	u64 hdr_address; / In /
421	u32 hdr_len; / In/Out /
422	u32 reserved2;
423	u64 guest_address; / In /
424	u32 guest_len; / In /
425	u32 reserved3;
426	u64 trans_address; / In /
427	u32 trans_len; / In /
428	} __packed;
429
430	/**
431	* struct sev_data_send_finish - SEND_FINISH command parameters
432	*
433	* @handle: handle of the VM to process
434	*/
435	struct sev_data_send_finish {
436	u32 handle; / In /
437	} __packed;
438
439	/**
440	* struct sev_data_send_cancel - SEND_CANCEL command parameters
441	*
442	* @handle: handle of the VM to process
443	*/
444	struct sev_data_send_cancel {
445	u32 handle; / In /
446	} __packed;
447
448	/**
449	* struct sev_data_receive_start - RECEIVE_START command parameters
450	*
451	* @handle: handle of the VM to perform receive operation
452	* @pdh_cert_address: system physical address containing PDH certificate blob
453	* @pdh_cert_len: len of PDH certificate blob
454	* @session_address: system physical address containing session blob
455	* @session_len: len of session blob
456	*/
457	struct sev_data_receive_start {
458	u32 handle; / In/Out /
459	u32 policy; / In /
460	u64 pdh_cert_address; / In /
461	u32 pdh_cert_len; / In /
462	u32 reserved1;
463	u64 session_address; / In /
464	u32 session_len; / In /
465	} __packed;
466
467	/**
468	* struct sev_data_receive_update_data - RECEIVE_UPDATE_DATA command parameters
469	*
470	* @handle: handle of the VM to update
471	* @hdr_address: physical address containing packet header blob
472	* @hdr_len: len of packet header
473	* @guest_address: system physical address of guest memory region
474	* @guest_len: len of guest memory region
475	* @trans_address: system physical address of transport buffer
476	* @trans_len: len of transport buffer
477	*/
478	struct sev_data_receive_update_data {
479	u32 handle; / In /
480	u32 reserved1;
481	u64 hdr_address; / In /
482	u32 hdr_len; / In /
483	u32 reserved2;
484	u64 guest_address; / In /
485	u32 guest_len; / In /
486	u32 reserved3;
487	u64 trans_address; / In /
488	u32 trans_len; / In /
489	} __packed;
490
491	/**
492	* struct sev_data_receive_update_vmsa - RECEIVE_UPDATE_VMSA command parameters
493	*
494	* @handle: handle of the VM to update
495	* @hdr_address: physical address containing packet header blob
496	* @hdr_len: len of packet header
497	* @guest_address: system physical address of guest memory region
498	* @guest_len: len of guest memory region
499	* @trans_address: system physical address of transport buffer
500	* @trans_len: len of transport buffer
501	*/
502	struct sev_data_receive_update_vmsa {
503	u32 handle; / In /
504	u32 reserved1;
505	u64 hdr_address; / In /
506	u32 hdr_len; / In /
507	u32 reserved2;
508	u64 guest_address; / In /
509	u32 guest_len; / In /
510	u32 reserved3;
511	u64 trans_address; / In /
512	u32 trans_len; / In /
513	} __packed;
514
515	/**
516	* struct sev_data_receive_finish - RECEIVE_FINISH command parameters
517	*
518	* @handle: handle of the VM to finish
519	*/
520	struct sev_data_receive_finish {
521	u32 handle; / In /
522	} __packed;
523
524	/**
525	* struct sev_data_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters
526	*
527	* @handle: handle of the VM to perform debug operation
528	* @src_addr: source address of data to operate on
529	* @dst_addr: destination address of data to operate on
530	* @len: len of data to operate on
531	*/
532	struct sev_data_dbg {
533	u32 handle; / In /
534	u32 reserved;
535	u64 src_addr; / In /
536	u64 dst_addr; / In /
537	u32 len; / In /
538	} __packed;
539
540	/**
541	* struct sev_data_attestation_report - SEV_ATTESTATION_REPORT command parameters
542	*
543	* @handle: handle of the VM
544	* @mnonce: a random nonce that will be included in the report.
545	* @address: physical address where the report will be copied.
546	* @len: length of the physical buffer.
547	*/
548	struct sev_data_attestation_report {
549	u32 handle; / In /
550	u32 reserved;
551	u64 address; / In /
552	u8 mnonce[`16`]; / In /
553	u32 len; / In/Out /
554	} __packed;
555
556	/**
557	* struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params
558	*
559	* @address: physical address of firmware image
560	* @len: length of the firmware image
561	*/
562	struct sev_data_snp_download_firmware {
563	u64 address; / In /
564	u32 len; / In /
565	} __packed;
566
567	/**
568	* struct sev_data_snp_activate - SNP_ACTIVATE command params
569	*
570	* @gctx_paddr: system physical address guest context page
571	* @asid: ASID to bind to the guest
572	*/
573	struct sev_data_snp_activate {
574	u64 gctx_paddr; / In /
575	u32 asid; / In /
576	} __packed;
577
578	/**
579	* struct sev_data_snp_addr - generic SNP command params
580	*
581	* @address: physical address of generic data param
582	*/
583	struct sev_data_snp_addr {
584	u64 address; / In/Out /
585	} __packed;
586
587	/**
588	* struct sev_data_snp_launch_start - SNP_LAUNCH_START command params
589	*
590	* @gctx_paddr: system physical address of guest context page
591	* @policy: guest policy
592	* @ma_gctx_paddr: system physical address of migration agent
593	* @ma_en: the guest is associated with a migration agent
594	* @imi_en: launch flow is launching an IMI (Incoming Migration Image) for the
595	* purpose of guest-assisted migration.
596	* @rsvd: reserved
597	* @gosvw: guest OS-visible workarounds, as defined by hypervisor
598	*/
599	struct sev_data_snp_launch_start {
600	u64 gctx_paddr; / In /
601	u64 policy; / In /
602	u64 ma_gctx_paddr; / In /
603	u32 ma_en:`1`; / In /
604	u32 imi_en:`1`; / In /
605	u32 rsvd:`30`;
606	u8 gosvw[`16`]; / In /
607	} __packed;
608
609	/ SNP support page type /
610	enum {
611	SNP_PAGE_TYPE_NORMAL = `0x1`,
612	SNP_PAGE_TYPE_VMSA = `0x2`,
613	SNP_PAGE_TYPE_ZERO = `0x3`,
614	SNP_PAGE_TYPE_UNMEASURED = `0x4`,
615	SNP_PAGE_TYPE_SECRET = `0x5`,
616	SNP_PAGE_TYPE_CPUID = `0x6`,
617
618	SNP_PAGE_TYPE_MAX
619	};
620
621	/**
622	* struct sev_data_snp_launch_update - SNP_LAUNCH_UPDATE command params
623	*
624	* @gctx_paddr: system physical address of guest context page
625	* @page_size: page size 0 indicates 4K and 1 indicates 2MB page
626	* @page_type: encoded page type
627	* @imi_page: indicates that this page is part of the IMI (Incoming Migration
628	* Image) of the guest
629	* @rsvd: reserved
630	* @rsvd2: reserved
631	* @address: system physical address of destination page to encrypt
632	* @rsvd3: reserved
633	* @vmpl1_perms: VMPL permission mask for VMPL1
634	* @vmpl2_perms: VMPL permission mask for VMPL2
635	* @vmpl3_perms: VMPL permission mask for VMPL3
636	* @rsvd4: reserved
637	*/
638	struct sev_data_snp_launch_update {
639	u64 gctx_paddr; / In /
640	u32 page_size:`1`; / In /
641	u32 page_type:`3`; / In /
642	u32 imi_page:`1`; / In /
643	u32 rsvd:`27`;
644	u32 rsvd2;
645	u64 address; / In /
646	u32 rsvd3:`8`;
647	u32 vmpl1_perms:`8`; / In /
648	u32 vmpl2_perms:`8`; / In /
649	u32 vmpl3_perms:`8`; / In /
650	u32 rsvd4;
651	} __packed;
652
653	/**
654	* struct sev_data_snp_launch_finish - SNP_LAUNCH_FINISH command params
655	*
656	* @gctx_paddr: system physical address of guest context page
657	* @id_block_paddr: system physical address of ID block
658	* @id_auth_paddr: system physical address of ID block authentication structure
659	* @id_block_en: indicates whether ID block is present
660	* @auth_key_en: indicates whether author key is present in authentication structure
661	* @rsvd: reserved
662	* @host_data: host-supplied data for guest, not interpreted by firmware
663	*/
664	struct sev_data_snp_launch_finish {
665	u64 gctx_paddr;
666	u64 id_block_paddr;
667	u64 id_auth_paddr;
668	u8 id_block_en:`1`;
669	u8 auth_key_en:`1`;
670	u64 rsvd:`62`;
671	u8 host_data[`32`];
672	} __packed;
673
674	/**
675	* struct sev_data_snp_guest_status - SNP_GUEST_STATUS command params
676	*
677	* @gctx_paddr: system physical address of guest context page
678	* @address: system physical address of guest status page
679	*/
680	struct sev_data_snp_guest_status {
681	u64 gctx_paddr;
682	u64 address;
683	} __packed;
684
685	/**
686	* struct sev_data_snp_page_reclaim - SNP_PAGE_RECLAIM command params
687	*
688	* @paddr: system physical address of page to be claimed. The 0th bit in the
689	* address indicates the page size. 0h indicates 4KB and 1h indicates
690	* 2MB page.
691	*/
692	struct sev_data_snp_page_reclaim {
693	u64 paddr;
694	} __packed;
695
696	/**
697	* struct sev_data_snp_page_unsmash - SNP_PAGE_UNSMASH command params
698	*
699	* @paddr: system physical address of page to be unsmashed. The 0th bit in the
700	* address indicates the page size. 0h indicates 4 KB and 1h indicates
701	* 2 MB page.
702	*/
703	struct sev_data_snp_page_unsmash {
704	u64 paddr;
705	} __packed;
706
707	/**
708	* struct sev_data_snp_dbg - DBG_ENCRYPT/DBG_DECRYPT command parameters
709	*
710	* @gctx_paddr: system physical address of guest context page
711	* @src_addr: source address of data to operate on
712	* @dst_addr: destination address of data to operate on
713	*/
714	struct sev_data_snp_dbg {
715	u64 gctx_paddr; / In /
716	u64 src_addr; / In /
717	u64 dst_addr; / In /
718	} __packed;
719
720	/**
721	* struct sev_data_snp_guest_request - SNP_GUEST_REQUEST command params
722	*
723	* @gctx_paddr: system physical address of guest context page
724	* @req_paddr: system physical address of request page
725	* @res_paddr: system physical address of response page
726	*/
727	struct sev_data_snp_guest_request {
728	u64 gctx_paddr; / In /
729	u64 req_paddr; / In /
730	u64 res_paddr; / In /
731	} __packed;
732
733	/**
734	* struct sev_data_snp_init_ex - SNP_INIT_EX structure
735	*
736	* @init_rmp: indicate that the RMP should be initialized.
737	* @list_paddr_en: indicate that list_paddr is valid
738	* @rsvd: reserved
739	* @rsvd1: reserved
740	* @list_paddr: system physical address of range list
741	* @rsvd2: reserved
742	*/
743	struct sev_data_snp_init_ex {
744	u32 init_rmp:`1`;
745	u32 list_paddr_en:`1`;
746	u32 rsvd:`30`;
747	u32 rsvd1;
748	u64 list_paddr;
749	u8 rsvd2[`48`];
750	} __packed;
751
752	/**
753	* struct sev_data_range - RANGE structure
754	*
755	* @base: system physical address of first byte of range
756	* @page_count: number of 4KB pages in this range
757	* @rsvd: reserved
758	*/
759	struct sev_data_range {
760	u64 base;
761	u32 page_count;
762	u32 rsvd;
763	} __packed;
764
765	/**
766	* struct sev_data_range_list - RANGE_LIST structure
767	*
768	* @num_elements: number of elements in RANGE_ARRAY
769	* @rsvd: reserved
770	* @ranges: array of num_elements of type RANGE
771	*/
772	struct sev_data_range_list {
773	u32 num_elements;
774	u32 rsvd;
775	struct sev_data_range ranges[];
776	} __packed;
777
778	/**
779	* struct sev_data_snp_shutdown_ex - SNP_SHUTDOWN_EX structure
780	*
781	* @len: length of the command buffer read by the PSP
782	* @iommu_snp_shutdown: Disable enforcement of SNP in the IOMMU
783	* @rsvd1: reserved
784	*/
785	struct sev_data_snp_shutdown_ex {
786	u32 len;
787	u32 iommu_snp_shutdown:`1`;
788	u32 rsvd1:`31`;
789	} __packed;
790
791	/**
792	* struct sev_platform_init_args
793	*
794	* @error: SEV firmware error code
795	* @probe: True if this is being called as part of CCP module probe, which
796	* will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed
797	* unless psp_init_on_probe module param is set
798	*/
799	struct sev_platform_init_args {
800	int error;
801	bool probe;
802	};
803
804	/**
805	* struct sev_data_snp_commit - SNP_COMMIT structure
806	*
807	* @len: length of the command buffer read by the PSP
808	*/
809	struct sev_data_snp_commit {
810	u32 len;
811	} __packed;
812
813	#ifdef CONFIG_CRYPTO_DEV_SP_PSP
814
815	/**
816	* sev_platform_init - perform SEV INIT command
817	*
818	* @args: struct sev_platform_init_args to pass in arguments
819	*
820	* Returns:
821	* 0 if the SEV successfully processed the command
822	* -%ENODEV if the SEV device is not available
823	* -%ENOTSUPP if the SEV does not support SEV
824	* -%ETIMEDOUT if the SEV command timed out
825	* -%EIO if the SEV returned a non-zero return code
826	*/
827	int sev_platform_init(struct sev_platform_init_args *args);
828
829	/**
830	* sev_platform_status - perform SEV PLATFORM_STATUS command
831	*
832	* @status: sev_user_data_status structure to be processed
833	* @error: SEV command return code
834	*
835	* Returns:
836	* 0 if the SEV successfully processed the command
837	* -%ENODEV if the SEV device is not available
838	* -%ENOTSUPP if the SEV does not support SEV
839	* -%ETIMEDOUT if the SEV command timed out
840	* -%EIO if the SEV returned a non-zero return code
841	*/
842	int sev_platform_status(struct sev_user_data_status status, int* *error);
843
844	/**
845	* sev_issue_cmd_external_user - issue SEV command by other driver with a file
846	* handle.
847	*
848	* This function can be used by other drivers to issue a SEV command on
849	* behalf of userspace. The caller must pass a valid SEV file descriptor
850	* so that we know that it has access to SEV device.
851	*
852	* @filep - SEV device file pointer
853	* @cmd - command to issue
854	* @data - command buffer
855	* @error: SEV command return code
856	*
857	* Returns:
858	* 0 if the SEV successfully processed the command
859	* -%ENODEV if the SEV device is not available
860	* -%ENOTSUPP if the SEV does not support SEV
861	* -%ETIMEDOUT if the SEV command timed out
862	* -%EIO if the SEV returned a non-zero return code
863	* -%EINVAL if the SEV file descriptor is not valid
864	*/
865	int sev_issue_cmd_external_user(struct file filep, unsigned* int id,
866	void data, int* *error);
867
868	/**
869	* sev_guest_deactivate - perform SEV DEACTIVATE command
870	*
871	* @deactivate: sev_data_deactivate structure to be processed
872	* @sev_ret: sev command return code
873	*
874	* Returns:
875	* 0 if the sev successfully processed the command
876	* -%ENODEV if the sev device is not available
877	* -%ENOTSUPP if the sev does not support SEV
878	* -%ETIMEDOUT if the sev command timed out
879	* -%EIO if the sev returned a non-zero return code
880	*/
881	int sev_guest_deactivate(struct sev_data_deactivate data, int* *error);
882
883	/**
884	* sev_guest_activate - perform SEV ACTIVATE command
885	*
886	* @activate: sev_data_activate structure to be processed
887	* @sev_ret: sev command return code
888	*
889	* Returns:
890	* 0 if the sev successfully processed the command
891	* -%ENODEV if the sev device is not available
892	* -%ENOTSUPP if the sev does not support SEV
893	* -%ETIMEDOUT if the sev command timed out
894	* -%EIO if the sev returned a non-zero return code
895	*/
896	int sev_guest_activate(struct sev_data_activate data, int* *error);
897
898	/**
899	* sev_guest_df_flush - perform SEV DF_FLUSH command
900	*
901	* @sev_ret: sev command return code
902	*
903	* Returns:
904	* 0 if the sev successfully processed the command
905	* -%ENODEV if the sev device is not available
906	* -%ENOTSUPP if the sev does not support SEV
907	* -%ETIMEDOUT if the sev command timed out
908	* -%EIO if the sev returned a non-zero return code
909	*/
910	int sev_guest_df_flush(int *error);
911
912	/**
913	* sev_guest_decommission - perform SEV DECOMMISSION command
914	*
915	* @decommission: sev_data_decommission structure to be processed
916	* @sev_ret: sev command return code
917	*
918	* Returns:
919	* 0 if the sev successfully processed the command
920	* -%ENODEV if the sev device is not available
921	* -%ENOTSUPP if the sev does not support SEV
922	* -%ETIMEDOUT if the sev command timed out
923	* -%EIO if the sev returned a non-zero return code
924	*/
925	int sev_guest_decommission(struct sev_data_decommission data, int* *error);
926
927	/**
928	* sev_do_cmd - issue an SEV or an SEV-SNP command
929	*
930	* @cmd: SEV or SEV-SNP firmware command to issue
931	* @data: arguments for firmware command
932	* @psp_ret: SEV command return code
933	*
934	* Returns:
935	* 0 if the SEV device successfully processed the command
936	* -%ENODEV if the PSP device is not available
937	* -%ENOTSUPP if PSP device does not support SEV
938	* -%ETIMEDOUT if the SEV command timed out
939	* -%EIO if PSP device returned a non-zero return code
940	*/
941	int sev_do_cmd(int cmd, void data, int* *psp_ret);
942
943	void *psp_copy_user_blob(u64 uaddr, u32 len);
944	void *snp_alloc_firmware_page(gfp_t mask);
945	void snp_free_firmware_page(void *addr);
946
947	#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
948
949	static inline int
950	sev_platform_status(struct sev_user_data_status status, int* error) { return* -ENODEV; }
951
952	static inline int sev_platform_init(struct sev_platform_init_args args) { return* -ENODEV; }
953
954	static inline int
955	sev_guest_deactivate(struct sev_data_deactivate data, int* error) { return* -ENODEV; }
956
957	static inline int
958	sev_guest_decommission(struct sev_data_decommission data, int* error) { return* -ENODEV; }
959
960	static inline int
961	sev_do_cmd(int cmd, void data, int* psp_ret) { return* -ENODEV; }
962
963	static inline int
964	sev_guest_activate(struct sev_data_activate data, int* error) { return* -ENODEV; }
965
966	static inline int sev_guest_df_flush(int error) { return* -ENODEV; }
967
968	static inline int
969	sev_issue_cmd_external_user(struct file filep, unsigned* int id, void data, int* error) { return* -ENODEV; }
970
971	static inline void psp_copy_user_blob(u64 __user uaddr, u32 len) { return* ERR_PTR(-EINVAL); }
972
973	static inline void *snp_alloc_firmware_page(gfp_t mask)
974	{
975	return NULL;
976	}
977
978	static inline void snp_free_firmware_page(void *addr) { }
979
980	#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
981
982	#endif /* __PSP_SEV_H__ */
983

source code of linux/include/linux/psp-sev.h