www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Nikunj A Dadhania <nikunj@amd.com>
	Wed, 9 Oct 2024 09:28:32 +0000 (14:58 +0530)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Wed, 16 Oct 2024 16:08:17 +0000 (18:08 +0200)
commit	f3476bc77057db0adf90c0a141a3599dd11c56a0
tree	0c4bfa15a21cada4bdd1ee5938990e306dcee0c7	tree
parent	2db67aaca578ec4998b78dc85e2af214bc2e2770	commit \| diff

virt: sev-guest: Use AES GCM crypto library

The sev-guest driver encryption code uses the crypto API for SNP guest
messaging with the AMD Security processor. In order to enable secure TSC,
SEV-SNP guests need to send such a TSC_INFO message before the APs are
booted. Details from the TSC_INFO response will then be used to program the
VMSA before the APs are brought up.

However, the crypto API is not available this early in the boot process.

In preparation for moving the encryption code out of sev-guest to support
secure TSC and to ease review, switch to using the AES GCM library
implementation instead.

Drop __enc_payload() and dec_payload() helpers as both are small and can be
moved to the respective callers.

Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Peter Gonda <pgonda@google.com>
Link: https://lore.kernel.org/r/20241009092850.197575-2-nikunj@amd.com

arch/x86/include/asm/sev.h		diff \| blob \| history
drivers/virt/coco/sev-guest/Kconfig		diff \| blob \| history
drivers/virt/coco/sev-guest/sev-guest.c		diff \| blob \| history