1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AMD Secure Processor device driver, security attributes
4 *
5 * Copyright (C) 2023-2024 Advanced Micro Devices, Inc.
6 *
7 * Author: Mario Limonciello <mario.limonciello@amd.com>
8 */
9
10#include <linux/device.h>
11
12#include "psp-dev.h"
13#include "hsti.h"
14
15#define PSP_CAPABILITY_PSP_SECURITY_OFFSET 8
16
17struct hsti_request {
18 struct psp_req_buffer_hdr header;
19 u32 hsti;
20} __packed;
21
22#define security_attribute_show(name) \
23static ssize_t name##_show(struct device *d, struct device_attribute *attr, \
24 char *buf) \
25{ \
26 struct sp_device *sp = dev_get_drvdata(d); \
27 struct psp_device *psp = sp->psp_data; \
28 return sysfs_emit(buf, "%d\n", psp->capability.name); \
29}
30
31security_attribute_show(fused_part)
32static DEVICE_ATTR_RO(fused_part);
33security_attribute_show(debug_lock_on)
34static DEVICE_ATTR_RO(debug_lock_on);
35security_attribute_show(tsme_status)
36static DEVICE_ATTR_RO(tsme_status);
37security_attribute_show(anti_rollback_status)
38static DEVICE_ATTR_RO(anti_rollback_status);
39security_attribute_show(rpmc_production_enabled)
40static DEVICE_ATTR_RO(rpmc_production_enabled);
41security_attribute_show(rpmc_spirom_available)
42static DEVICE_ATTR_RO(rpmc_spirom_available);
43security_attribute_show(hsp_tpm_available)
44static DEVICE_ATTR_RO(hsp_tpm_available);
45security_attribute_show(rom_armor_enforced)
46static DEVICE_ATTR_RO(rom_armor_enforced);
47
48static struct attribute *psp_security_attrs[] = {
49 &dev_attr_fused_part.attr,
50 &dev_attr_debug_lock_on.attr,
51 &dev_attr_tsme_status.attr,
52 &dev_attr_anti_rollback_status.attr,
53 &dev_attr_rpmc_production_enabled.attr,
54 &dev_attr_rpmc_spirom_available.attr,
55 &dev_attr_hsp_tpm_available.attr,
56 &dev_attr_rom_armor_enforced.attr,
57 NULL
58};
59
60static umode_t psp_security_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
61{
62 struct device *dev = kobj_to_dev(kobj);
63 struct sp_device *sp = dev_get_drvdata(dev);
64 struct psp_device *psp = sp->psp_data;
65
66 if (psp && psp->capability.security_reporting)
67 return 0444;
68
69 return 0;
70}
71
72struct attribute_group psp_security_attr_group = {
73 .attrs = psp_security_attrs,
74 .is_visible = psp_security_is_visible,
75};
76
77static int psp_populate_hsti(struct psp_device *psp)
78{
79 struct hsti_request *req;
80 int ret;
81
82 /* Are the security attributes already reported? */
83 if (psp->capability.security_reporting)
84 return 0;
85
86 /* Allocate command-response buffer */
87 req = kzalloc(sizeof(*req), GFP_KERNEL);
88 if (!req)
89 return -ENOMEM;
90
91 req->header.payload_size = sizeof(*req);
92
93 ret = psp_send_platform_access_msg(PSP_CMD_HSTI_QUERY, req: (struct psp_request *)req);
94 if (ret)
95 goto out;
96
97 if (req->header.status != 0) {
98 dev_dbg(psp->dev, "failed to populate HSTI state: %d\n", req->header.status);
99 ret = -EINVAL;
100 goto out;
101 }
102
103 psp->capability.security_reporting = 1;
104 psp->capability.raw |= req->hsti << PSP_CAPABILITY_PSP_SECURITY_OFFSET;
105
106out:
107 kfree(objp: req);
108
109 return ret;
110}
111
112int psp_init_hsti(struct psp_device *psp)
113{
114 int ret;
115
116 if (PSP_FEATURE(psp, HSTI)) {
117 ret = psp_populate_hsti(psp);
118 if (ret)
119 return ret;
120 }
121
122 /*
123 * At this stage, if security information hasn't been populated by
124 * either the PSP or by the driver through the platform command,
125 * then there is nothing more to do.
126 */
127 if (!psp->capability.security_reporting)
128 return 0;
129
130 if (psp->capability.tsme_status) {
131 if (cc_platform_has(attr: CC_ATTR_HOST_MEM_ENCRYPT))
132 dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n");
133 else
134 dev_notice(psp->dev, "psp: TSME enabled\n");
135 }
136
137 return 0;
138}
139

source code of linux/drivers/crypto/ccp/hsti.c