review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Brijesh Singh <brijesh.singh@amd.com>
	Tue, 12 Nov 2019 19:58:34 +0000 (13:58 -0600)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 22 Nov 2019 10:48:35 +0000 (18:48 +0800)
commit	ec310caf13b5505c268cfa526b7b28152a879d1e
tree	30a6956a23af717e9ed06c333e5d97d3414bf201	tree \| snapshot
parent	c433a1a8572eceb7c45dd85d93fec6946b71bb72	commit \| diff

crypto: ccp - add SEV command privilege separation

Currently, there is no privilege separation of the SEV command; you can
run them all or none of them. This is less than ideal because it means
that a compromise of the code which launches VMs could make permanent
change to the SEV certifcate chain which will affect others.

These commands are required to attest the VM environment:
- SEV_PDH_CERT_EXPORT
- SEV_PLATFORM_STATUS
- SEV_GET_{ID,ID2}

These commands manage the SEV certificate chain:
- SEV_PEK_CERR_IMPORT
- SEV_FACTORY_RESET
- SEV_PEK_GEN
- SEV_PEK_CSR
- SEV_PDH_GEN

Lets add the CAP_SYS_ADMIN check for the group of the commands which alters
the SEV certificate chain to provide some level of privilege separation.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Tested-by: David Rientjes <rientjes@google.com>
Co-developed-by: David Rientjes <rientjes@google.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

drivers/crypto/ccp/psp-dev.c		diff \| blob \| history
drivers/crypto/ccp/psp-dev.h		diff \| blob \| history