virt: sevguest: Add support to derive key
The SNP_GET_DERIVED_KEY ioctl interface can be used by the SNP guest to ask the firmware to provide a key derived from a root key. The derived key may be used by the guest for any purposes it chooses, such as a sealing key or communicating with the external entities. See SEV-SNP firmware spec for more information. [ bp: No need to memset "req" - it will get overwritten. ] Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Link: https://lore.kernel.org/r/20220307213356.2797205-45-brijesh.singh@amd.com
This commit is contained in:
Brijesh Singh
Borislav Petkov
parent
fce96cf044
commit
68de0b2f93
3 changed files with 79 additions and 0 deletions
|
|
@ -30,6 +30,20 @@ struct snp_report_resp {
|
|||
__u8 data[4000];
|
||||
};
|
||||
|
||||
struct snp_derived_key_req {
|
||||
__u32 root_key_select;
|
||||
__u32 rsvd;
|
||||
__u64 guest_field_select;
|
||||
__u32 vmpl;
|
||||
__u32 guest_svn;
|
||||
__u64 tcb_version;
|
||||
};
|
||||
|
||||
struct snp_derived_key_resp {
|
||||
/* response data, see SEV-SNP spec for the format */
|
||||
__u8 data[64];
|
||||
};
|
||||
|
||||
struct snp_guest_request_ioctl {
|
||||
/* message version number (must be non-zero) */
|
||||
__u8 msg_version;
|
||||
|
|
@ -47,4 +61,7 @@ struct snp_guest_request_ioctl {
|
|||
/* Get SNP attestation report */
|
||||
#define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
|
||||
|
||||
/* Get a derived key from the root */
|
||||
#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
|
||||
|
||||
#endif /* __UAPI_LINUX_SEV_GUEST_H_ */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue