linux-headers (unknown)
1 /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
2 /*
3 * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
4 * platform management commands.
5 *
6 * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
7 *
8 * Author: Brijesh Singh <brijesh.singh@amd.com>
9 *
10 * SEV API specification is available at: https://developer.amd.com/sev/
11 */
12
13 #ifndef __PSP_SEV_USER_H__
14 #define __PSP_SEV_USER_H__
15
16 #include <linux/types.h>
17
18 /**
19 * SEV platform commands
20 */
21 enum {
22 SEV_FACTORY_RESET = 0,
23 SEV_PLATFORM_STATUS,
24 SEV_PEK_GEN,
25 SEV_PEK_CSR,
26 SEV_PDH_GEN,
27 SEV_PDH_CERT_EXPORT,
28 SEV_PEK_CERT_IMPORT,
29 SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
30 SEV_GET_ID2,
31
32 SEV_MAX,
33 };
34
35 /**
36 * SEV Firmware status code
37 */
38 typedef enum {
39 /*
40 * This error code is not in the SEV spec. Its purpose is to convey that
41 * there was an error that prevented the SEV firmware from being called.
42 * The SEV API error codes are 16 bits, so the -1 value will not overlap
43 * with possible values from the specification.
44 */
45 SEV_RET_NO_FW_CALL = -1,
46 SEV_RET_SUCCESS = 0,
47 SEV_RET_INVALID_PLATFORM_STATE,
48 SEV_RET_INVALID_GUEST_STATE,
49 SEV_RET_INAVLID_CONFIG,
50 SEV_RET_INVALID_LEN,
51 SEV_RET_ALREADY_OWNED,
52 SEV_RET_INVALID_CERTIFICATE,
53 SEV_RET_POLICY_FAILURE,
54 SEV_RET_INACTIVE,
55 SEV_RET_INVALID_ADDRESS,
56 SEV_RET_BAD_SIGNATURE,
57 SEV_RET_BAD_MEASUREMENT,
58 SEV_RET_ASID_OWNED,
59 SEV_RET_INVALID_ASID,
60 SEV_RET_WBINVD_REQUIRED,
61 SEV_RET_DFFLUSH_REQUIRED,
62 SEV_RET_INVALID_GUEST,
63 SEV_RET_INVALID_COMMAND,
64 SEV_RET_ACTIVE,
65 SEV_RET_HWSEV_RET_PLATFORM,
66 SEV_RET_HWSEV_RET_UNSAFE,
67 SEV_RET_UNSUPPORTED,
68 SEV_RET_INVALID_PARAM,
69 SEV_RET_RESOURCE_LIMIT,
70 SEV_RET_SECURE_DATA_INVALID,
71 SEV_RET_MAX,
72 } sev_ret_code;
73
74 /**
75 * struct sev_user_data_status - PLATFORM_STATUS command parameters
76 *
77 * @major: major API version
78 * @minor: minor API version
79 * @state: platform state
80 * @flags: platform config flags
81 * @build: firmware build id for API version
82 * @guest_count: number of active guests
83 */
84 struct sev_user_data_status {
85 __u8 api_major; /* Out */
86 __u8 api_minor; /* Out */
87 __u8 state; /* Out */
88 __u32 flags; /* Out */
89 __u8 build; /* Out */
90 __u32 guest_count; /* Out */
91 } __attribute__((packed));
92
93 #define SEV_STATUS_FLAGS_CONFIG_ES 0x0100
94
95 /**
96 * struct sev_user_data_pek_csr - PEK_CSR command parameters
97 *
98 * @address: PEK certificate chain
99 * @length: length of certificate
100 */
101 struct sev_user_data_pek_csr {
102 __u64 address; /* In */
103 __u32 length; /* In/Out */
104 } __attribute__((packed));
105
106 /**
107 * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
108 *
109 * @pek_address: PEK certificate chain
110 * @pek_len: length of PEK certificate
111 * @oca_address: OCA certificate chain
112 * @oca_len: length of OCA certificate
113 */
114 struct sev_user_data_pek_cert_import {
115 __u64 pek_cert_address; /* In */
116 __u32 pek_cert_len; /* In */
117 __u64 oca_cert_address; /* In */
118 __u32 oca_cert_len; /* In */
119 } __attribute__((packed));
120
121 /**
122 * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
123 *
124 * @pdh_address: PDH certificate address
125 * @pdh_len: length of PDH certificate
126 * @cert_chain_address: PDH certificate chain
127 * @cert_chain_len: length of PDH certificate chain
128 */
129 struct sev_user_data_pdh_cert_export {
130 __u64 pdh_cert_address; /* In */
131 __u32 pdh_cert_len; /* In/Out */
132 __u64 cert_chain_address; /* In */
133 __u32 cert_chain_len; /* In/Out */
134 } __attribute__((packed));
135
136 /**
137 * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
138 *
139 * @socket1: Buffer to pass unique ID of first socket
140 * @socket2: Buffer to pass unique ID of second socket
141 */
142 struct sev_user_data_get_id {
143 __u8 socket1[64]; /* Out */
144 __u8 socket2[64]; /* Out */
145 } __attribute__((packed));
146
147 /**
148 * struct sev_user_data_get_id2 - GET_ID command parameters
149 * @address: Buffer to store unique ID
150 * @length: length of the unique ID
151 */
152 struct sev_user_data_get_id2 {
153 __u64 address; /* In */
154 __u32 length; /* In/Out */
155 } __attribute__((packed));
156
157 /**
158 * struct sev_issue_cmd - SEV ioctl parameters
159 *
160 * @cmd: SEV commands to execute
161 * @opaque: pointer to the command structure
162 * @error: SEV FW return code on failure
163 */
164 struct sev_issue_cmd {
165 __u32 cmd; /* In */
166 __u64 data; /* In */
167 __u32 error; /* Out */
168 } __attribute__((packed));
169
170 #define SEV_IOC_TYPE 'S'
171 #define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
172
173 #endif /* __PSP_USER_SEV_H */
Browse
Usage
Versions