Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 13209a8f7304a34158f4366e8ea07a1965c05ac7 / . / include / uapi / linux / psp-sev.h
blob: 0549a5c622bf33a9c3c96999d1f2f0a4f0747e87 [file] [log] [blame]
Masahiro Yamadad9c52522019-07-25 16:58:31 +0900[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]2/*
3 * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
4 * platform management commands.
5 *
6 * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
7 *
8 * Author: Brijesh Singh <brijesh.singh@amd.com>
9 *
Singh, Brijeshd6112ea2019-03-28 21:58:52 +0000[diff] [blame]10 * SEV API specification is available at: https://developer.amd.com/sev/
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]11 */
12
13#ifndef __PSP_SEV_USER_H__
14#define __PSP_SEV_USER_H__
15
16#include <linux/types.h>
17
18/**
19 * SEV platform commands
20 */
21enum {
22 SEV_FACTORY_RESET = 0,
23 SEV_PLATFORM_STATUS,
24 SEV_PEK_GEN,
25 SEV_PEK_CSR,
26 SEV_PDH_GEN,
27 SEV_PDH_CERT_EXPORT,
28 SEV_PEK_CERT_IMPORT,
Singh, Brijeshd6112ea2019-03-28 21:58:52 +0000[diff] [blame]29 SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */
30 SEV_GET_ID2,
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]31
32 SEV_MAX,
33};
34
35/**
36 * SEV Firmware status code
37 */
38typedef enum {
39 SEV_RET_SUCCESS = 0,
40 SEV_RET_INVALID_PLATFORM_STATE,
41 SEV_RET_INVALID_GUEST_STATE,
42 SEV_RET_INAVLID_CONFIG,
Brijesh Singh45d0be82018-01-15 07:32:04 -0600[diff] [blame]43 SEV_RET_INVALID_LEN,
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]44 SEV_RET_ALREADY_OWNED,
45 SEV_RET_INVALID_CERTIFICATE,
46 SEV_RET_POLICY_FAILURE,
47 SEV_RET_INACTIVE,
48 SEV_RET_INVALID_ADDRESS,
49 SEV_RET_BAD_SIGNATURE,
50 SEV_RET_BAD_MEASUREMENT,
51 SEV_RET_ASID_OWNED,
52 SEV_RET_INVALID_ASID,
53 SEV_RET_WBINVD_REQUIRED,
54 SEV_RET_DFFLUSH_REQUIRED,
55 SEV_RET_INVALID_GUEST,
56 SEV_RET_INVALID_COMMAND,
57 SEV_RET_ACTIVE,
58 SEV_RET_HWSEV_RET_PLATFORM,
59 SEV_RET_HWSEV_RET_UNSAFE,
60 SEV_RET_UNSUPPORTED,
Ashish Kalra1d55fdc2019-10-17 22:35:11 +0000[diff] [blame]61 SEV_RET_INVALID_PARAM,
62 SEV_RET_RESOURCE_LIMIT,
63 SEV_RET_SECURE_DATA_INVALID,
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]64 SEV_RET_MAX,
65} sev_ret_code;
66
67/**
68 * struct sev_user_data_status - PLATFORM_STATUS command parameters
69 *
70 * @major: major API version
71 * @minor: minor API version
72 * @state: platform state
73 * @flags: platform config flags
74 * @build: firmware build id for API version
75 * @guest_count: number of active guests
76 */
77struct sev_user_data_status {
78 __u8 api_major; /* Out */
79 __u8 api_minor; /* Out */
80 __u8 state; /* Out */
81 __u32 flags; /* Out */
82 __u8 build; /* Out */
83 __u32 guest_count; /* Out */
84} __packed;
85
86/**
87 * struct sev_user_data_pek_csr - PEK_CSR command parameters
88 *
89 * @address: PEK certificate chain
90 * @length: length of certificate
91 */
92struct sev_user_data_pek_csr {
93 __u64 address; /* In */
94 __u32 length; /* In/Out */
95} __packed;
96
97/**
98 * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
99 *
100 * @pek_address: PEK certificate chain
101 * @pek_len: length of PEK certificate
102 * @oca_address: OCA certificate chain
103 * @oca_len: length of OCA certificate
104 */
105struct sev_user_data_pek_cert_import {
106 __u64 pek_cert_address; /* In */
107 __u32 pek_cert_len; /* In */
108 __u64 oca_cert_address; /* In */
109 __u32 oca_cert_len; /* In */
110} __packed;
111
112/**
113 * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
114 *
115 * @pdh_address: PDH certificate address
116 * @pdh_len: length of PDH certificate
117 * @cert_chain_address: PDH certificate chain
118 * @cert_chain_len: length of PDH certificate chain
119 */
120struct sev_user_data_pdh_cert_export {
121 __u64 pdh_cert_address; /* In */
122 __u32 pdh_cert_len; /* In/Out */
123 __u64 cert_chain_address; /* In */
124 __u32 cert_chain_len; /* In/Out */
125} __packed;
126
127/**
Singh, Brijeshd6112ea2019-03-28 21:58:52 +0000[diff] [blame]128 * struct sev_user_data_get_id - GET_ID command parameters (deprecated)
Janakarajan Natarajan0b3a8302018-05-25 15:23:30 -0500[diff] [blame]129 *
130 * @socket1: Buffer to pass unique ID of first socket
131 * @socket2: Buffer to pass unique ID of second socket
132 */
133struct sev_user_data_get_id {
134 __u8 socket1[64]; /* Out */
135 __u8 socket2[64]; /* Out */
136} __packed;
137
138/**
Singh, Brijeshd6112ea2019-03-28 21:58:52 +0000[diff] [blame]139 * struct sev_user_data_get_id2 - GET_ID command parameters
140 * @address: Buffer to store unique ID
141 * @length: length of the unique ID
142 */
143struct sev_user_data_get_id2 {
144 __u64 address; /* In */
145 __u32 length; /* In/Out */
146} __packed;
147
148/**
Brijesh Singh1d57b172017-12-04 10:57:27 -0600[diff] [blame]149 * struct sev_issue_cmd - SEV ioctl parameters
150 *
151 * @cmd: SEV commands to execute
152 * @opaque: pointer to the command structure
153 * @error: SEV FW return code on failure
154 */
155struct sev_issue_cmd {
156 __u32 cmd; /* In */
157 __u64 data; /* In */
158 __u32 error; /* Out */
159} __packed;
160
161#define SEV_IOC_TYPE 'S'
162#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
163
164#endif /* __PSP_USER_SEV_H */