mirror of https://gitee.com/openkylin/linux.git
2c07ded064
The SEV FW version >= 0.23 added a new command that can be used to query the attestation report containing the SHA-256 digest of the guest memory encrypted through the KVM_SEV_LAUNCH_UPDATE_{DATA, VMSA} commands and sign the report with the Platform Endorsement Key (PEK). See the SEV FW API spec section 6.8 for more details. Note there already exist a command (KVM_SEV_LAUNCH_MEASURE) that can be used to get the SHA-256 digest. The main difference between the KVM_SEV_LAUNCH_MEASURE and KVM_SEV_ATTESTATION_REPORT is that the latter can be called while the guest is running and the measurement value is signed with PEK. Cc: James Bottomley <jejb@linux.ibm.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Cc: David Rientjes <rientjes@google.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Borislav Petkov <bp@alien8.de> Cc: John Allen <john.allen@amd.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: David Rientjes <rientjes@google.com> Tested-by: James Bottomley <jejb@linux.ibm.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20210104151749.30248-1-brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
ccp-crypto-aes-cmac.c | ||
ccp-crypto-aes-galois.c | ||
ccp-crypto-aes-xts.c | ||
ccp-crypto-aes.c | ||
ccp-crypto-des3.c | ||
ccp-crypto-main.c | ||
ccp-crypto-rsa.c | ||
ccp-crypto-sha.c | ||
ccp-crypto.h | ||
ccp-debugfs.c | ||
ccp-dev-v3.c | ||
ccp-dev-v5.c | ||
ccp-dev.c | ||
ccp-dev.h | ||
ccp-dmaengine.c | ||
ccp-ops.c | ||
psp-dev.c | ||
psp-dev.h | ||
sev-dev.c | ||
sev-dev.h | ||
sp-dev.c | ||
sp-dev.h | ||
sp-pci.c | ||
sp-platform.c | ||
tee-dev.c | ||
tee-dev.h |