On 7/1/25 15:15, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@xxxxxxx>
>
> Implement a new API interface that indicates both the support for the
> SEV-SNP Ciphertext Hiding feature by the SEV firmware and whether this
> feature is enabled in the platform BIOS.
The API is a single result about support, so how about something like:
Implement an API that checks overall feature support for SEV-SNP
ciphertext hiding.
The API verifies both the SEV firmware's support for the feature and
its enablement in the platform's BIOS.
Thanks,
Tom
>
> Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
> ---
> drivers/crypto/ccp/sev-dev.c | 21 +++++++++++++++++++++
> include/linux/psp-sev.h | 5 +++++
> 2 files changed, 26 insertions(+)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index d1517a91a27d..3f2bbba93617 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -1074,6 +1074,27 @@ static void snp_set_hsave_pa(void *arg)
> wrmsrq(MSR_VM_HSAVE_PA, 0);
> }
>
> +bool sev_is_snp_ciphertext_hiding_supported(void)
> +{
> + struct psp_device *psp = psp_master;
> + struct sev_device *sev;
> +
> + if (!psp || !psp->sev_data)
> + return false;
> +
> + sev = psp->sev_data;
> +
> + /*
> + * Feature information indicates if CipherTextHiding feature is
> + * supported by the SEV firmware and additionally platform status
> + * indicates if CipherTextHiding feature is enabled in the
> + * Platform BIOS.
> + */
> + return ((sev->snp_feat_info_0.ecx & SNP_CIPHER_TEXT_HIDING_SUPPORTED) &&
> + sev->snp_plat_status.ciphertext_hiding_cap);
> +}
> +EXPORT_SYMBOL_GPL(sev_is_snp_ciphertext_hiding_supported);
> +
> static int snp_get_platform_data(struct sev_device *sev, int *error)
> {
> struct sev_data_snp_feature_info snp_feat_info;
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index 935547c26985..ca19fddfcd4d 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -843,6 +843,8 @@ struct snp_feature_info {
> u32 edx;
> } __packed;
>
> +#define SNP_CIPHER_TEXT_HIDING_SUPPORTED BIT(3)
> +
> #ifdef CONFIG_CRYPTO_DEV_SP_PSP
>
> /**
> @@ -986,6 +988,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len);
> void *snp_alloc_firmware_page(gfp_t mask);
> void snp_free_firmware_page(void *addr);
> void sev_platform_shutdown(void);
> +bool sev_is_snp_ciphertext_hiding_supported(void);
>
> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */
>
> @@ -1022,6 +1025,8 @@ static inline void snp_free_firmware_page(void *addr) { }
>
> static inline void sev_platform_shutdown(void) { }
>
> +static inline bool sev_is_snp_ciphertext_hiding_supported(void) { return false; }
> +
> #endif /* CONFIG_CRYPTO_DEV_SP_PSP */
>
> #endif /* __PSP_SEV_H__ */
