drivers/crypto/ccp/hsti.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * AMD Secure Processor device driver, security attributes
   4  *
   5  * Copyright (C) 2023-2024 Advanced Micro Devices, Inc.
   6  *
   7  * Author: Mario Limonciello <mario.limonciello@amd.com>
   8  */
   9
  10 #include <linux/device.h>
  11
  12 #include "psp-dev.h"
  13 #include "hsti.h"
  14
  15 #define PSP_CAPABILITY_PSP_SECURITY_OFFSET      8
  16
  17 struct hsti_request {
  18         struct psp_req_buffer_hdr header;
  19         u32 hsti;
  20 } __packed;
  21
  22 #define security_attribute_show(name)                                           \
  23 static ssize_t name##_show(struct device *d, struct device_attribute *attr,     \
  24                            char *buf)                                           \
  25 {                                                                               \
  26         struct sp_device *sp = dev_get_drvdata(d);                              \
  27         struct psp_device *psp = sp->psp_data;                                  \
  28         return sysfs_emit(buf, "%d\n", psp->capability.name);           \
  29 }
  30
  31 security_attribute_show(fused_part)
  32 static DEVICE_ATTR_RO(fused_part);
  33 security_attribute_show(debug_lock_on)
  34 static DEVICE_ATTR_RO(debug_lock_on);
  35 security_attribute_show(tsme_status)
  36 static DEVICE_ATTR_RO(tsme_status);
  37 security_attribute_show(anti_rollback_status)
  38 static DEVICE_ATTR_RO(anti_rollback_status);
  39 security_attribute_show(rpmc_production_enabled)
  40 static DEVICE_ATTR_RO(rpmc_production_enabled);
  41 security_attribute_show(rpmc_spirom_available)
  42 static DEVICE_ATTR_RO(rpmc_spirom_available);
  43 security_attribute_show(hsp_tpm_available)
  44 static DEVICE_ATTR_RO(hsp_tpm_available);
  45 security_attribute_show(rom_armor_enforced)
  46 static DEVICE_ATTR_RO(rom_armor_enforced);
  47
  48 static struct attribute *psp_security_attrs[] = {
  49         &dev_attr_fused_part.attr,
  50         &dev_attr_debug_lock_on.attr,
  51         &dev_attr_tsme_status.attr,
  52         &dev_attr_anti_rollback_status.attr,
  53         &dev_attr_rpmc_production_enabled.attr,
  54         &dev_attr_rpmc_spirom_available.attr,
  55         &dev_attr_hsp_tpm_available.attr,
  56         &dev_attr_rom_armor_enforced.attr,
  57         NULL
  58 };
  59
  60 static umode_t psp_security_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
  61 {
  62         struct device *dev = kobj_to_dev(kobj);
  63         struct sp_device *sp = dev_get_drvdata(dev);
  64         struct psp_device *psp = sp->psp_data;
  65
  66         if (psp && psp->capability.security_reporting)
  67                 return 0444;
  68
  69         return 0;
  70 }
  71
  72 struct attribute_group psp_security_attr_group = {
  73         .attrs = psp_security_attrs,
  74         .is_visible = psp_security_is_visible,
  75 };
  76
  77 static int psp_poulate_hsti(struct psp_device *psp)
  78 {
  79         struct hsti_request *req;
  80         int ret;
  81
  82         /* Are the security attributes already reported? */
  83         if (psp->capability.security_reporting)
  84                 return 0;
  85
  86         /* Allocate command-response buffer */
  87         req = kzalloc(sizeof(*req), GFP_KERNEL | __GFP_ZERO);
  88         if (!req)
  89                 return -ENOMEM;
  90
  91         req->header.payload_size = sizeof(req);
  92
  93         ret = psp_send_platform_access_msg(PSP_CMD_HSTI_QUERY, (struct psp_request *)req);
  94         if (ret)
  95                 goto out;
  96
  97         if (req->header.status != 0) {
  98                 dev_dbg(psp->dev, "failed to populate HSTI state: %d\n", req->header.status);
  99                 ret = -EINVAL;
 100                 goto out;
 101         }
 102
 103         psp->capability.security_reporting = 1;
 104         psp->capability.raw |= req->hsti << PSP_CAPABILITY_PSP_SECURITY_OFFSET;
 105
 106 out:
 107         kfree(req);
 108
 109         return ret;
 110 }
 111
 112 int psp_init_hsti(struct psp_device *psp)
 113 {
 114         int ret;
 115
 116         if (PSP_FEATURE(psp, HSTI)) {
 117                 ret = psp_poulate_hsti(psp);
 118                 if (ret)
 119                         return ret;
 120         }
 121
 122         /*
 123          * At this stage, if security information hasn't been populated by
 124          * either the PSP or by the driver through the platform command,
 125          * then there is nothing more to do.
 126          */
 127         if (!psp->capability.security_reporting)
 128                 return 0;
 129
 130         if (psp->capability.tsme_status) {
 131                 if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
 132                         dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n");
 133                 else
 134                         dev_notice(psp->dev, "psp: TSME enabled\n");
 135         }
 136
 137         return 0;
 138 }