<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/crypto/ccp/sev-dev.c, branch v5.17</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>crypto: ccp - remove unneeded semicolon</title>
<updated>2021-12-31T07:10:55+00:00</updated>
<author>
<name>Yang Li</name>
<email>yang.lee@linux.alibaba.com</email>
</author>
<published>2021-12-21T00:38:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ef4d891499442a156655b0c0df56bdf539897495'/>
<id>ef4d891499442a156655b0c0df56bdf539897495</id>
<content type='text'>
Eliminate the following coccicheck warning:
./drivers/crypto/ccp/sev-dev.c:263:2-3: Unneeded semicolon

Reported-by: Abaci Robot &lt;abaci@linux.alibaba.com&gt;
Signed-off-by: Yang Li &lt;yang.lee@linux.alibaba.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Eliminate the following coccicheck warning:
./drivers/crypto/ccp/sev-dev.c:263:2-3: Unneeded semicolon

Reported-by: Abaci Robot &lt;abaci@linux.alibaba.com&gt;
Signed-off-by: Yang Li &lt;yang.lee@linux.alibaba.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Add SEV_INIT_EX support</title>
<updated>2021-12-17T05:59:47+00:00</updated>
<author>
<name>David Rientjes</name>
<email>rientjes@google.com</email>
</author>
<published>2021-12-07T23:33:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3d725965f836a7acbd1674e33644bec18373de53'/>
<id>3d725965f836a7acbd1674e33644bec18373de53</id>
<content type='text'>
Add new module parameter to allow users to use SEV_INIT_EX instead of
SEV_INIT. This helps users who lock their SPI bus to use the PSP for SEV
functionality. The 'init_ex_path' parameter defaults to NULL which means
the kernel will use SEV_INIT, if a path is specified SEV_INIT_EX will be
used with the data found at the path. On certain PSP commands this
file is written to as the PSP updates the NV memory region. Depending on
file system initialization this file open may fail during module init
but the CCP driver for SEV already has sufficient retries for platform
initialization. During normal operation of PSP system and SEV commands
if the PSP has not been initialized it is at run time. If the file at
'init_ex_path' does not exist the PSP will not be initialized. The user
must create the file prior to use with 32Kb of 0xFFs per spec.

Signed-off-by: David Rientjes &lt;rientjes@google.com&gt;
Co-developed-by: Peter Gonda &lt;pgonda@google.com&gt;
Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Reported-by: kernel test robot &lt;lkp@intel.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add new module parameter to allow users to use SEV_INIT_EX instead of
SEV_INIT. This helps users who lock their SPI bus to use the PSP for SEV
functionality. The 'init_ex_path' parameter defaults to NULL which means
the kernel will use SEV_INIT, if a path is specified SEV_INIT_EX will be
used with the data found at the path. On certain PSP commands this
file is written to as the PSP updates the NV memory region. Depending on
file system initialization this file open may fail during module init
but the CCP driver for SEV already has sufficient retries for platform
initialization. During normal operation of PSP system and SEV commands
if the PSP has not been initialized it is at run time. If the file at
'init_ex_path' does not exist the PSP will not be initialized. The user
must create the file prior to use with 32Kb of 0xFFs per spec.

Signed-off-by: David Rientjes &lt;rientjes@google.com&gt;
Co-developed-by: Peter Gonda &lt;pgonda@google.com&gt;
Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Reported-by: kernel test robot &lt;lkp@intel.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Add psp_init_on_probe module parameter</title>
<updated>2021-12-17T05:59:47+00:00</updated>
<author>
<name>Peter Gonda</name>
<email>pgonda@google.com</email>
</author>
<published>2021-12-07T23:33:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b64fa5fc9f4495e3ff189d9fb31cd53e6ced1cc3'/>
<id>b64fa5fc9f4495e3ff189d9fb31cd53e6ced1cc3</id>
<content type='text'>
Add psp_init_on_probe module parameter that allows for skipping the
PSP's SEV platform initialization during module init. User may decouple
module init from PSP init due to use of the INIT_EX support in upcoming
patch which allows for users to save PSP's internal state to file. The
file may be unavailable at module init.

Also moves the PSP ABI version log message to after successful PSP init
instead of module init in case this new parameter is used.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add psp_init_on_probe module parameter that allows for skipping the
PSP's SEV platform initialization during module init. User may decouple
module init from PSP init due to use of the INIT_EX support in upcoming
patch which allows for users to save PSP's internal state to file. The
file may be unavailable at module init.

Also moves the PSP ABI version log message to after successful PSP init
instead of module init in case this new parameter is used.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Refactor out sev_fw_alloc()</title>
<updated>2021-12-17T05:59:47+00:00</updated>
<author>
<name>Peter Gonda</name>
<email>pgonda@google.com</email>
</author>
<published>2021-12-07T23:33:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=cc17982d58d1e67eab831e7023ede999dda56173'/>
<id>cc17982d58d1e67eab831e7023ede999dda56173</id>
<content type='text'>
Create a helper function sev_fw_alloc() which can be used to allocate
aligned memory regions for use by the PSP firmware. Currently only used
for the SEV-ES TMR region but will be used for the SEV_INIT_EX NV memory
region.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Create a helper function sev_fw_alloc() which can be used to allocate
aligned memory regions for use by the PSP firmware. Currently only used
for the SEV-ES TMR region but will be used for the SEV_INIT_EX NV memory
region.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Move SEV_INIT retry for corrupted data</title>
<updated>2021-12-17T05:59:46+00:00</updated>
<author>
<name>Peter Gonda</name>
<email>pgonda@google.com</email>
</author>
<published>2021-12-07T23:33:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e423b9d75e779d921e6adf5ac3d0b59400d6ba7e'/>
<id>e423b9d75e779d921e6adf5ac3d0b59400d6ba7e</id>
<content type='text'>
Move the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Add SEV_INIT rc error logging on init</title>
<updated>2021-12-17T05:59:46+00:00</updated>
<author>
<name>Peter Gonda</name>
<email>pgonda@google.com</email>
</author>
<published>2021-12-07T23:33:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c8341ac62bed9258746a5c7fb8a76d88809ecd1f'/>
<id>c8341ac62bed9258746a5c7fb8a76d88809ecd1f</id>
<content type='text'>
Currently only the firmware error code is printed. This is incomplete
and also incorrect as error cases exists where the firmware is never
called and therefore does not set an error code.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently only the firmware error code is printed. This is incomplete
and also incorrect as error cases exists where the firmware is never
called and therefore does not set an error code.

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Acked-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Fix whitespace in sev_cmd_buffer_len()</title>
<updated>2021-10-15T10:45:34+00:00</updated>
<author>
<name>Peter Gonda</name>
<email>pgonda@google.com</email>
</author>
<published>2021-10-05T19:51:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b97c2b219b56d30e7f6c482a246c191df016e502'/>
<id>b97c2b219b56d30e7f6c482a246c191df016e502</id>
<content type='text'>
Extra tab in sev_cmd_buffer_len().

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Extra tab in sev_cmd_buffer_len().

Signed-off-by: Peter Gonda &lt;pgonda@google.com&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Cc: Marc Orr &lt;marcorr@google.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Cc: John Allen &lt;john.allen@amd.com&gt;
Cc: "David S. Miller" &lt;davem@davemloft.net&gt;
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Marc Orr &lt;marcorr@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - shutdown SEV firmware on kexec</title>
<updated>2021-08-06T11:45:25+00:00</updated>
<author>
<name>Brijesh Singh</name>
<email>brijesh.singh@amd.com</email>
</author>
<published>2021-07-28T15:15:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5441a07a127f106c9936e4f9fa1a8a93e3f31828'/>
<id>5441a07a127f106c9936e4f9fa1a8a93e3f31828</id>
<content type='text'>
The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
PSP driver") added support to allocate Trusted Memory Region (TMR)
used during the SEV-ES firmware initialization. The TMR gets locked
during the firmware initialization and unlocked during the shutdown.
While the TMR is locked, access to it is disallowed.

Currently, the CCP driver does not shutdown the firmware during the
kexec reboot, leaving the TMR memory locked.

Register a callback to shutdown the SEV firmware on the kexec boot.

Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
Reported-by: Lucas Nussbaum &lt;lucas.nussbaum@inria.fr&gt;
Tested-by: Lucas Nussbaum &lt;lucas.nussbaum@inria.fr&gt;
Cc: &lt;stable@kernel.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Signed-off-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
PSP driver") added support to allocate Trusted Memory Region (TMR)
used during the SEV-ES firmware initialization. The TMR gets locked
during the firmware initialization and unlocked during the shutdown.
While the TMR is locked, access to it is disallowed.

Currently, the CCP driver does not shutdown the firmware during the
kexec reboot, leaving the TMR memory locked.

Register a callback to shutdown the SEV firmware on the kexec boot.

Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
Reported-by: Lucas Nussbaum &lt;lucas.nussbaum@inria.fr&gt;
Tested-by: Lucas Nussbaum &lt;lucas.nussbaum@inria.fr&gt;
Cc: &lt;stable@kernel.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Joerg Roedel &lt;jroedel@suse.de&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Cc: David Rientjes &lt;rientjes@google.com&gt;
Signed-off-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Annotate SEV Firmware file names</title>
<updated>2021-05-14T11:07:55+00:00</updated>
<author>
<name>Joerg Roedel</name>
<email>jroedel@suse.de</email>
</author>
<published>2021-04-26T08:17:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c8671c7dc7d51125ab9f651697866bf4a9132277'/>
<id>c8671c7dc7d51125ab9f651697866bf4a9132277</id>
<content type='text'>
Annotate the firmware files CCP might need using MODULE_FIRMWARE().
This will get them included into an initrd when CCP is also included
there. Otherwise the CCP module will not find its firmware when loaded
before the root-fs is mounted.
This can cause problems when the pre-loaded SEV firmware is too old to
support current SEV and SEV-ES virtualization features.

Fixes: e93720606efd ("crypto: ccp - Allow SEV firmware to be chosen based on Family and Model")
Cc: stable@vger.kernel.org # v4.20+
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Joerg Roedel &lt;jroedel@suse.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Annotate the firmware files CCP might need using MODULE_FIRMWARE().
This will get them included into an initrd when CCP is also included
there. Otherwise the CCP module will not find its firmware when loaded
before the root-fs is mounted.
This can cause problems when the pre-loaded SEV firmware is too old to
support current SEV and SEV-ES virtualization features.

Fixes: e93720606efd ("crypto: ccp - Allow SEV firmware to be chosen based on Family and Model")
Cc: stable@vger.kernel.org # v4.20+
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Joerg Roedel &lt;jroedel@suse.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm</title>
<updated>2021-05-01T17:14:08+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2021-05-01T17:14:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=152d32aa846835987966fd20ee1143b0e05036a0'/>
<id>152d32aa846835987966fd20ee1143b0e05036a0</id>
<content type='text'>
Pull kvm updates from Paolo Bonzini:
 "This is a large update by KVM standards, including AMD PSP (Platform
  Security Processor, aka "AMD Secure Technology") and ARM CoreSight
  (debug and trace) changes.

  ARM:

   - CoreSight: Add support for ETE and TRBE

   - Stage-2 isolation for the host kernel when running in protected
     mode

   - Guest SVE support when running in nVHE mode

   - Force W^X hypervisor mappings in nVHE mode

   - ITS save/restore for guests using direct injection with GICv4.1

   - nVHE panics now produce readable backtraces

   - Guest support for PTP using the ptp_kvm driver

   - Performance improvements in the S2 fault handler

  x86:

   - AMD PSP driver changes

   - Optimizations and cleanup of nested SVM code

   - AMD: Support for virtual SPEC_CTRL

   - Optimizations of the new MMU code: fast invalidation, zap under
     read lock, enable/disably dirty page logging under read lock

   - /dev/kvm API for AMD SEV live migration (guest API coming soon)

   - support SEV virtual machines sharing the same encryption context

   - support SGX in virtual machines

   - add a few more statistics

   - improved directed yield heuristics

   - Lots and lots of cleanups

  Generic:

   - Rework of MMU notifier interface, simplifying and optimizing the
     architecture-specific code

   - a handful of "Get rid of oprofile leftovers" patches

   - Some selftests improvements"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (379 commits)
  KVM: selftests: Speed up set_memory_region_test
  selftests: kvm: Fix the check of return value
  KVM: x86: Take advantage of kvm_arch_dy_has_pending_interrupt()
  KVM: SVM: Skip SEV cache flush if no ASIDs have been used
  KVM: SVM: Remove an unnecessary prototype declaration of sev_flush_asids()
  KVM: SVM: Drop redundant svm_sev_enabled() helper
  KVM: SVM: Move SEV VMCB tracking allocation to sev.c
  KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup()
  KVM: SVM: Unconditionally invoke sev_hardware_teardown()
  KVM: SVM: Enable SEV/SEV-ES functionality by default (when supported)
  KVM: SVM: Condition sev_enabled and sev_es_enabled on CONFIG_KVM_AMD_SEV=y
  KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control variables
  KVM: SEV: Mask CPUID[0x8000001F].eax according to supported features
  KVM: SVM: Move SEV module params/variables to sev.c
  KVM: SVM: Disable SEV/SEV-ES if NPT is disabled
  KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails
  KVM: SVM: Zero out the VMCB array used to track SEV ASID association
  x86/sev: Drop redundant and potentially misleading 'sev_enabled'
  KVM: x86: Move reverse CPUID helpers to separate header file
  KVM: x86: Rename GPR accessors to make mode-aware variants the defaults
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull kvm updates from Paolo Bonzini:
 "This is a large update by KVM standards, including AMD PSP (Platform
  Security Processor, aka "AMD Secure Technology") and ARM CoreSight
  (debug and trace) changes.

  ARM:

   - CoreSight: Add support for ETE and TRBE

   - Stage-2 isolation for the host kernel when running in protected
     mode

   - Guest SVE support when running in nVHE mode

   - Force W^X hypervisor mappings in nVHE mode

   - ITS save/restore for guests using direct injection with GICv4.1

   - nVHE panics now produce readable backtraces

   - Guest support for PTP using the ptp_kvm driver

   - Performance improvements in the S2 fault handler

  x86:

   - AMD PSP driver changes

   - Optimizations and cleanup of nested SVM code

   - AMD: Support for virtual SPEC_CTRL

   - Optimizations of the new MMU code: fast invalidation, zap under
     read lock, enable/disably dirty page logging under read lock

   - /dev/kvm API for AMD SEV live migration (guest API coming soon)

   - support SEV virtual machines sharing the same encryption context

   - support SGX in virtual machines

   - add a few more statistics

   - improved directed yield heuristics

   - Lots and lots of cleanups

  Generic:

   - Rework of MMU notifier interface, simplifying and optimizing the
     architecture-specific code

   - a handful of "Get rid of oprofile leftovers" patches

   - Some selftests improvements"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (379 commits)
  KVM: selftests: Speed up set_memory_region_test
  selftests: kvm: Fix the check of return value
  KVM: x86: Take advantage of kvm_arch_dy_has_pending_interrupt()
  KVM: SVM: Skip SEV cache flush if no ASIDs have been used
  KVM: SVM: Remove an unnecessary prototype declaration of sev_flush_asids()
  KVM: SVM: Drop redundant svm_sev_enabled() helper
  KVM: SVM: Move SEV VMCB tracking allocation to sev.c
  KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup()
  KVM: SVM: Unconditionally invoke sev_hardware_teardown()
  KVM: SVM: Enable SEV/SEV-ES functionality by default (when supported)
  KVM: SVM: Condition sev_enabled and sev_es_enabled on CONFIG_KVM_AMD_SEV=y
  KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control variables
  KVM: SEV: Mask CPUID[0x8000001F].eax according to supported features
  KVM: SVM: Move SEV module params/variables to sev.c
  KVM: SVM: Disable SEV/SEV-ES if NPT is disabled
  KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails
  KVM: SVM: Zero out the VMCB array used to track SEV ASID association
  x86/sev: Drop redundant and potentially misleading 'sev_enabled'
  KVM: x86: Move reverse CPUID helpers to separate header file
  KVM: x86: Rename GPR accessors to make mode-aware variants the defaults
  ...
</pre>
</div>
</content>
</entry>
</feed>
