mirror of
https://github.com/torvalds/linux.git
synced 2026-05-02 21:42:42 -04:00
f3476bc770
The sev-guest driver encryption code uses the crypto API for SNP guest messaging with the AMD Security processor. In order to enable secure TSC, SEV-SNP guests need to send such a TSC_INFO message before the APs are booted. Details from the TSC_INFO response will then be used to program the VMSA before the APs are brought up. However, the crypto API is not available this early in the boot process. In preparation for moving the encryption code out of sev-guest to support secure TSC and to ease review, switch to using the AES GCM library implementation instead. Drop __enc_payload() and dec_payload() helpers as both are small and can be moved to the respective callers. Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Borislav Petkov (AMD) <bp@alien8.de> Tested-by: Peter Gonda <pgonda@google.com> Link: https://lore.kernel.org/r/20241009092850.197575-2-nikunj@amd.com
15 lines
512 B
Plaintext
15 lines
512 B
Plaintext
config SEV_GUEST
|
|
tristate "AMD SEV Guest driver"
|
|
default m
|
|
depends on AMD_MEM_ENCRYPT
|
|
select CRYPTO_LIB_AESGCM
|
|
select TSM_REPORTS
|
|
help
|
|
SEV-SNP firmware provides the guest a mechanism to communicate with
|
|
the PSP without risk from a malicious hypervisor who wishes to read,
|
|
alter, drop or replay the messages sent. The driver provides
|
|
userspace interface to communicate with the PSP to request the
|
|
attestation report and more.
|
|
|
|
If you choose 'M' here, this module will be called sev-guest.
|