review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Brijesh Singh <brijesh.singh@amd.com>
	Mon, 7 Mar 2022 21:33:39 +0000 (15:33 -0600)
committer	Borislav Petkov <bp@suse.de>
	Thu, 7 Apr 2022 14:46:33 +0000 (16:46 +0200)
commit	5ea98e01ab524cbc53dad8aebd27b434ebe5d074
tree	e173c4a7f4ee8b5a0720ccde7fd4bcee7f6c91b4	tree \| snapshot
parent	824f37783189a48db914488fb41eba36ec57ebb7	commit \| diff

x86/boot: Add Confidential Computing type to setup_data

While launching encrypted guests, the hypervisor may need to provide
some additional information during the guest boot. When booting under an
EFI-based BIOS, the EFI configuration table contains an entry for the
confidential computing blob that contains the required information.

To support booting encrypted guests on non-EFI VMs, the hypervisor
needs to pass this additional information to the guest kernel using a
different method.

For this purpose, introduce SETUP_CC_BLOB type in setup_data to hold
the physical address of the confidential computing blob location. The
boot loader or hypervisor may choose to use this method instead of an
EFI configuration table. The CC blob location scanning should give
preference to a setup_data blob over an EFI configuration table.

In AMD SEV-SNP, the CC blob contains the address of the secrets and
CPUID pages. The secrets page includes information such as a VM to PSP
communication key and the CPUID page contains PSP-filtered CPUID values.
Define the AMD SEV confidential computing blob structure.

While at it, define the EFI GUID for the confidential computing blob.

[ bp: Massage commit message, mark struct __packed. ]

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20220307213356.2797205-30-brijesh.singh@amd.com

arch/x86/include/asm/sev.h		diff \| blob \| history
arch/x86/include/uapi/asm/bootparam.h		diff \| blob \| history
include/linux/efi.h		diff \| blob \| history