www.infradead.org Git - users/hch/configfs.git/commit

author	Michael Roth <michael.roth@amd.com>
	Wed, 1 May 2024 08:52:10 +0000 (03:52 -0500)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Wed, 17 Jul 2024 16:46:26 +0000 (12:46 -0400)
commit	332d2c1d713e232e163386c35a3ba0c1b90df83f
tree	897eee61c4204f1c16fd7d5a4941ebe632ec129b	tree
parent	5d766508fd15d7e8c90574ef270f0c163b750b45	commit \| diff

crypto: ccp: Add the SNP_VLEK_LOAD command

When requesting an attestation report a guest is able to specify whether
it wants SNP firmware to sign the report using either a Versioned Chip
Endorsement Key (VCEK), which is derived from chip-unique secrets, or a
Versioned Loaded Endorsement Key (VLEK) which is obtained from an AMD
Key Derivation Service (KDS) and derived from seeds allocated to
enrolled cloud service providers (CSPs).

For VLEK keys, an SNP_VLEK_LOAD SNP firmware command is used to load
them into the system after obtaining them from the KDS. Add a
corresponding userspace interface so to allow the loading of VLEK keys
into the system.

See SEV-SNP Firmware ABI 1.54, SNP_VLEK_LOAD for more details.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240501085210.2213060-21-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Documentation/virt/coco/sev-guest.rst		diff \| blob \| history
drivers/crypto/ccp/sev-dev.c		diff \| blob \| history
include/uapi/linux/psp-sev.h		diff \| blob \| history