Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Confidential Computing Platform Capability checks
4 *
5 * Copyright (C) 2021 Advanced Micro Devices, Inc.
6 *
7 * Author: Tom Lendacky <thomas.lendacky@amd.com>
8 */
9
10#include <linux/export.h>
11#include <linux/cc_platform.h>
12
13#include <asm/coco.h>
14#include <asm/processor.h>
15
16static enum cc_vendor vendor __ro_after_init;
17static u64 cc_mask __ro_after_init;
18
19static bool intel_cc_platform_has(enum cc_attr attr)
20{
21 switch (attr) {
22 case CC_ATTR_GUEST_UNROLL_STRING_IO:
23 case CC_ATTR_HOTPLUG_DISABLED:
24 case CC_ATTR_GUEST_MEM_ENCRYPT:
25 case CC_ATTR_MEM_ENCRYPT:
26 return true;
27 default:
28 return false;
29 }
30}
31
32/*
33 * SME and SEV are very similar but they are not the same, so there are
34 * times that the kernel will need to distinguish between SME and SEV. The
35 * cc_platform_has() function is used for this. When a distinction isn't
36 * needed, the CC_ATTR_MEM_ENCRYPT attribute can be used.
37 *
38 * The trampoline code is a good example for this requirement. Before
39 * paging is activated, SME will access all memory as decrypted, but SEV
40 * will access all memory as encrypted. So, when APs are being brought
41 * up under SME the trampoline area cannot be encrypted, whereas under SEV
42 * the trampoline area must be encrypted.
43 */
44static bool amd_cc_platform_has(enum cc_attr attr)
45{
46#ifdef CONFIG_AMD_MEM_ENCRYPT
47 switch (attr) {
48 case CC_ATTR_MEM_ENCRYPT:
49 return sme_me_mask;
50
51 case CC_ATTR_HOST_MEM_ENCRYPT:
52 return sme_me_mask && !(sev_status & MSR_AMD64_SEV_ENABLED);
53
54 case CC_ATTR_GUEST_MEM_ENCRYPT:
55 return sev_status & MSR_AMD64_SEV_ENABLED;
56
57 case CC_ATTR_GUEST_STATE_ENCRYPT:
58 return sev_status & MSR_AMD64_SEV_ES_ENABLED;
59
60 /*
61 * With SEV, the rep string I/O instructions need to be unrolled
62 * but SEV-ES supports them through the #VC handler.
63 */
64 case CC_ATTR_GUEST_UNROLL_STRING_IO:
65 return (sev_status & MSR_AMD64_SEV_ENABLED) &&
66 !(sev_status & MSR_AMD64_SEV_ES_ENABLED);
67
68 case CC_ATTR_GUEST_SEV_SNP:
69 return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
70
71 default:
72 return false;
73 }
74#else
75 return false;
76#endif
77}
78
79static bool hyperv_cc_platform_has(enum cc_attr attr)
80{
81 return attr == CC_ATTR_GUEST_MEM_ENCRYPT;
82}
83
84bool cc_platform_has(enum cc_attr attr)
85{
86 switch (vendor) {
87 case CC_VENDOR_AMD:
88 return amd_cc_platform_has(attr);
89 case CC_VENDOR_INTEL:
90 return intel_cc_platform_has(attr);
91 case CC_VENDOR_HYPERV:
92 return hyperv_cc_platform_has(attr);
93 default:
94 return false;
95 }
96}
97EXPORT_SYMBOL_GPL(cc_platform_has);
98
99u64 cc_mkenc(u64 val)
100{
101 /*
102 * Both AMD and Intel use a bit in the page table to indicate
103 * encryption status of the page.
104 *
105 * - for AMD, bit *set* means the page is encrypted
106 * - for Intel *clear* means encrypted.
107 */
108 switch (vendor) {
109 case CC_VENDOR_AMD:
110 return val | cc_mask;
111 case CC_VENDOR_INTEL:
112 return val & ~cc_mask;
113 default:
114 return val;
115 }
116}
117
118u64 cc_mkdec(u64 val)
119{
120 /* See comment in cc_mkenc() */
121 switch (vendor) {
122 case CC_VENDOR_AMD:
123 return val & ~cc_mask;
124 case CC_VENDOR_INTEL:
125 return val | cc_mask;
126 default:
127 return val;
128 }
129}
130EXPORT_SYMBOL_GPL(cc_mkdec);
131
132__init void cc_set_vendor(enum cc_vendor v)
133{
134 vendor = v;
135}
136
137__init void cc_set_mask(u64 mask)
138{
139 cc_mask = mask;
140}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Confidential Computing Platform Capability checks
4 *
5 * Copyright (C) 2021 Advanced Micro Devices, Inc.
6 * Copyright (C) 2024 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
7 *
8 * Author: Tom Lendacky <thomas.lendacky@amd.com>
9 */
10
11#include <linux/export.h>
12#include <linux/cc_platform.h>
13#include <linux/string.h>
14#include <linux/random.h>
15
16#include <asm/archrandom.h>
17#include <asm/coco.h>
18#include <asm/processor.h>
19
20enum cc_vendor cc_vendor __ro_after_init = CC_VENDOR_NONE;
21u64 cc_mask __ro_after_init;
22
23static struct cc_attr_flags {
24 __u64 host_sev_snp : 1,
25 __resv : 63;
26} cc_flags;
27
28static bool noinstr intel_cc_platform_has(enum cc_attr attr)
29{
30 switch (attr) {
31 case CC_ATTR_GUEST_UNROLL_STRING_IO:
32 case CC_ATTR_GUEST_MEM_ENCRYPT:
33 case CC_ATTR_MEM_ENCRYPT:
34 return true;
35 default:
36 return false;
37 }
38}
39
40/*
41 * Handle the SEV-SNP vTOM case where sme_me_mask is zero, and
42 * the other levels of SME/SEV functionality, including C-bit
43 * based SEV-SNP, are not enabled.
44 */
45static __maybe_unused __always_inline bool amd_cc_platform_vtom(enum cc_attr attr)
46{
47 switch (attr) {
48 case CC_ATTR_GUEST_MEM_ENCRYPT:
49 case CC_ATTR_MEM_ENCRYPT:
50 return true;
51 default:
52 return false;
53 }
54}
55
56/*
57 * SME and SEV are very similar but they are not the same, so there are
58 * times that the kernel will need to distinguish between SME and SEV. The
59 * cc_platform_has() function is used for this. When a distinction isn't
60 * needed, the CC_ATTR_MEM_ENCRYPT attribute can be used.
61 *
62 * The trampoline code is a good example for this requirement. Before
63 * paging is activated, SME will access all memory as decrypted, but SEV
64 * will access all memory as encrypted. So, when APs are being brought
65 * up under SME the trampoline area cannot be encrypted, whereas under SEV
66 * the trampoline area must be encrypted.
67 */
68
69static bool noinstr amd_cc_platform_has(enum cc_attr attr)
70{
71#ifdef CONFIG_AMD_MEM_ENCRYPT
72
73 if (sev_status & MSR_AMD64_SNP_VTOM)
74 return amd_cc_platform_vtom(attr);
75
76 switch (attr) {
77 case CC_ATTR_MEM_ENCRYPT:
78 return sme_me_mask;
79
80 case CC_ATTR_HOST_MEM_ENCRYPT:
81 return sme_me_mask && !(sev_status & MSR_AMD64_SEV_ENABLED);
82
83 case CC_ATTR_GUEST_MEM_ENCRYPT:
84 return sev_status & MSR_AMD64_SEV_ENABLED;
85
86 case CC_ATTR_GUEST_STATE_ENCRYPT:
87 return sev_status & MSR_AMD64_SEV_ES_ENABLED;
88
89 /*
90 * With SEV, the rep string I/O instructions need to be unrolled
91 * but SEV-ES supports them through the #VC handler.
92 */
93 case CC_ATTR_GUEST_UNROLL_STRING_IO:
94 return (sev_status & MSR_AMD64_SEV_ENABLED) &&
95 !(sev_status & MSR_AMD64_SEV_ES_ENABLED);
96
97 case CC_ATTR_GUEST_SEV_SNP:
98 return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
99
100 case CC_ATTR_HOST_SEV_SNP:
101 return cc_flags.host_sev_snp;
102
103 default:
104 return false;
105 }
106#else
107 return false;
108#endif
109}
110
111bool noinstr cc_platform_has(enum cc_attr attr)
112{
113 switch (cc_vendor) {
114 case CC_VENDOR_AMD:
115 return amd_cc_platform_has(attr);
116 case CC_VENDOR_INTEL:
117 return intel_cc_platform_has(attr);
118 default:
119 return false;
120 }
121}
122EXPORT_SYMBOL_GPL(cc_platform_has);
123
124u64 cc_mkenc(u64 val)
125{
126 /*
127 * Both AMD and Intel use a bit in the page table to indicate
128 * encryption status of the page.
129 *
130 * - for AMD, bit *set* means the page is encrypted
131 * - for AMD with vTOM and for Intel, *clear* means encrypted
132 */
133 switch (cc_vendor) {
134 case CC_VENDOR_AMD:
135 if (sev_status & MSR_AMD64_SNP_VTOM)
136 return val & ~cc_mask;
137 else
138 return val | cc_mask;
139 case CC_VENDOR_INTEL:
140 return val & ~cc_mask;
141 default:
142 return val;
143 }
144}
145
146u64 cc_mkdec(u64 val)
147{
148 /* See comment in cc_mkenc() */
149 switch (cc_vendor) {
150 case CC_VENDOR_AMD:
151 if (sev_status & MSR_AMD64_SNP_VTOM)
152 return val | cc_mask;
153 else
154 return val & ~cc_mask;
155 case CC_VENDOR_INTEL:
156 return val | cc_mask;
157 default:
158 return val;
159 }
160}
161EXPORT_SYMBOL_GPL(cc_mkdec);
162
163static void amd_cc_platform_clear(enum cc_attr attr)
164{
165 switch (attr) {
166 case CC_ATTR_HOST_SEV_SNP:
167 cc_flags.host_sev_snp = 0;
168 break;
169 default:
170 break;
171 }
172}
173
174void cc_platform_clear(enum cc_attr attr)
175{
176 switch (cc_vendor) {
177 case CC_VENDOR_AMD:
178 amd_cc_platform_clear(attr);
179 break;
180 default:
181 break;
182 }
183}
184
185static void amd_cc_platform_set(enum cc_attr attr)
186{
187 switch (attr) {
188 case CC_ATTR_HOST_SEV_SNP:
189 cc_flags.host_sev_snp = 1;
190 break;
191 default:
192 break;
193 }
194}
195
196void cc_platform_set(enum cc_attr attr)
197{
198 switch (cc_vendor) {
199 case CC_VENDOR_AMD:
200 amd_cc_platform_set(attr);
201 break;
202 default:
203 break;
204 }
205}
206
207__init void cc_random_init(void)
208{
209 /*
210 * The seed is 32 bytes (in units of longs), which is 256 bits, which
211 * is the security level that the RNG is targeting.
212 */
213 unsigned long rng_seed[32 / sizeof(long)];
214 size_t i, longs;
215
216 if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
217 return;
218
219 /*
220 * Since the CoCo threat model includes the host, the only reliable
221 * source of entropy that can be neither observed nor manipulated is
222 * RDRAND. Usually, RDRAND failure is considered tolerable, but since
223 * CoCo guests have no other unobservable source of entropy, it's
224 * important to at least ensure the RNG gets some initial random seeds.
225 */
226 for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) {
227 longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i);
228
229 /*
230 * A zero return value means that the guest doesn't have RDRAND
231 * or the CPU is physically broken, and in both cases that
232 * means most crypto inside of the CoCo instance will be
233 * broken, defeating the purpose of CoCo in the first place. So
234 * just panic here because it's absolutely unsafe to continue
235 * executing.
236 */
237 if (longs == 0)
238 panic("RDRAND is defective.");
239 }
240 add_device_randomness(rng_seed, sizeof(rng_seed));
241 memzero_explicit(rng_seed, sizeof(rng_seed));
242}