linux/include/uapi/linux/psp-sev.h
<<
>>
Prefs 
   1/*
   2 * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
   3 * platform management commands.
   4 *
   5 * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
   6 *
   7 * Author: Brijesh Singh <brijesh.singh@amd.com>
   8 *
   9 * SEV spec 0.14 is available at:
  10 * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
  11 *
  12 * This program is free software; you can redistribute it and/or modify
  13 * it under the terms of the GNU General Public License version 2 as
  14 * published by the Free Software Foundation.
  15 */
  16
  17#ifndef __PSP_SEV_USER_H__
  18#define __PSP_SEV_USER_H__
  19
  20#include <linux/types.h>
  21
  22/**
  23 * SEV platform commands
  24 */
  25enum {
  26        SEV_FACTORY_RESET = 0,
  27        SEV_PLATFORM_STATUS,
  28        SEV_PEK_GEN,
  29        SEV_PEK_CSR,
  30        SEV_PDH_GEN,
  31        SEV_PDH_CERT_EXPORT,
  32        SEV_PEK_CERT_IMPORT,
  33
  34        SEV_MAX,
  35};
  36
  37/**
  38 * SEV Firmware status code
  39 */
  40typedef enum {
  41        SEV_RET_SUCCESS = 0,
  42        SEV_RET_INVALID_PLATFORM_STATE,
  43        SEV_RET_INVALID_GUEST_STATE,
  44        SEV_RET_INAVLID_CONFIG,
  45        SEV_RET_INVALID_LEN,
  46        SEV_RET_ALREADY_OWNED,
  47        SEV_RET_INVALID_CERTIFICATE,
  48        SEV_RET_POLICY_FAILURE,
  49        SEV_RET_INACTIVE,
  50        SEV_RET_INVALID_ADDRESS,
  51        SEV_RET_BAD_SIGNATURE,
  52        SEV_RET_BAD_MEASUREMENT,
  53        SEV_RET_ASID_OWNED,
  54        SEV_RET_INVALID_ASID,
  55        SEV_RET_WBINVD_REQUIRED,
  56        SEV_RET_DFFLUSH_REQUIRED,
  57        SEV_RET_INVALID_GUEST,
  58        SEV_RET_INVALID_COMMAND,
  59        SEV_RET_ACTIVE,
  60        SEV_RET_HWSEV_RET_PLATFORM,
  61        SEV_RET_HWSEV_RET_UNSAFE,
  62        SEV_RET_UNSUPPORTED,
  63        SEV_RET_MAX,
  64} sev_ret_code;
  65
  66/**
  67 * struct sev_user_data_status - PLATFORM_STATUS command parameters
  68 *
  69 * @major: major API version
  70 * @minor: minor API version
  71 * @state: platform state
  72 * @flags: platform config flags
  73 * @build: firmware build id for API version
  74 * @guest_count: number of active guests
  75 */
  76struct sev_user_data_status {
  77        __u8 api_major;                         /* Out */
  78        __u8 api_minor;                         /* Out */
  79        __u8 state;                             /* Out */
  80        __u32 flags;                            /* Out */
  81        __u8 build;                             /* Out */
  82        __u32 guest_count;                      /* Out */
  83} __packed;
  84
  85/**
  86 * struct sev_user_data_pek_csr - PEK_CSR command parameters
  87 *
  88 * @address: PEK certificate chain
  89 * @length: length of certificate
  90 */
  91struct sev_user_data_pek_csr {
  92        __u64 address;                          /* In */
  93        __u32 length;                           /* In/Out */
  94} __packed;
  95
  96/**
  97 * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
  98 *
  99 * @pek_address: PEK certificate chain
 100 * @pek_len: length of PEK certificate
 101 * @oca_address: OCA certificate chain
 102 * @oca_len: length of OCA certificate
 103 */
 104struct sev_user_data_pek_cert_import {
 105        __u64 pek_cert_address;                 /* In */
 106        __u32 pek_cert_len;                     /* In */
 107        __u64 oca_cert_address;                 /* In */
 108        __u32 oca_cert_len;                     /* In */
 109} __packed;
 110
 111/**
 112 * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
 113 *
 114 * @pdh_address: PDH certificate address
 115 * @pdh_len: length of PDH certificate
 116 * @cert_chain_address: PDH certificate chain
 117 * @cert_chain_len: length of PDH certificate chain
 118 */
 119struct sev_user_data_pdh_cert_export {
 120        __u64 pdh_cert_address;                 /* In */
 121        __u32 pdh_cert_len;                     /* In/Out */
 122        __u64 cert_chain_address;               /* In */
 123        __u32 cert_chain_len;                   /* In/Out */
 124} __packed;
 125
 126/**
 127 * struct sev_issue_cmd - SEV ioctl parameters
 128 *
 129 * @cmd: SEV commands to execute
 130 * @opaque: pointer to the command structure
 131 * @error: SEV FW return code on failure
 132 */
 133struct sev_issue_cmd {
 134        __u32 cmd;                              /* In */
 135        __u64 data;                             /* In */
 136        __u32 error;                            /* Out */
 137} __packed;
 138
 139#define SEV_IOC_TYPE            'S'
 140#define SEV_ISSUE_CMD   _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
 141
 142#endif /* __PSP_USER_SEV_H */
 143
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.