xref: /aosp_15_r20/external/kernel-headers/original/uapi/linux/sev-guest.h (revision f80ad8b4341604f5951dab671d41019a6d7087ce) 
1*f80ad8b4SAndroid Build Coastguard Worker /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
2*f80ad8b4SAndroid Build Coastguard Worker /*
3*f80ad8b4SAndroid Build Coastguard Worker  * Userspace interface for AMD SEV and SNP guest driver.
4*f80ad8b4SAndroid Build Coastguard Worker  *
5*f80ad8b4SAndroid Build Coastguard Worker  * Copyright (C) 2021 Advanced Micro Devices, Inc.
6*f80ad8b4SAndroid Build Coastguard Worker  *
7*f80ad8b4SAndroid Build Coastguard Worker  * Author: Brijesh Singh <[email protected]>
8*f80ad8b4SAndroid Build Coastguard Worker  *
9*f80ad8b4SAndroid Build Coastguard Worker  * SEV API specification is available at: https://developer.amd.com/sev/
10*f80ad8b4SAndroid Build Coastguard Worker  */
11*f80ad8b4SAndroid Build Coastguard Worker 
12*f80ad8b4SAndroid Build Coastguard Worker #ifndef __UAPI_LINUX_SEV_GUEST_H_
13*f80ad8b4SAndroid Build Coastguard Worker #define __UAPI_LINUX_SEV_GUEST_H_
14*f80ad8b4SAndroid Build Coastguard Worker 
15*f80ad8b4SAndroid Build Coastguard Worker #include <linux/types.h>
16*f80ad8b4SAndroid Build Coastguard Worker 
17*f80ad8b4SAndroid Build Coastguard Worker #define SNP_REPORT_USER_DATA_SIZE 64
18*f80ad8b4SAndroid Build Coastguard Worker 
19*f80ad8b4SAndroid Build Coastguard Worker struct snp_report_req {
20*f80ad8b4SAndroid Build Coastguard Worker 	/* user data that should be included in the report */
21*f80ad8b4SAndroid Build Coastguard Worker 	__u8 user_data[SNP_REPORT_USER_DATA_SIZE];
22*f80ad8b4SAndroid Build Coastguard Worker 
23*f80ad8b4SAndroid Build Coastguard Worker 	/* The vmpl level to be included in the report */
24*f80ad8b4SAndroid Build Coastguard Worker 	__u32 vmpl;
25*f80ad8b4SAndroid Build Coastguard Worker 
26*f80ad8b4SAndroid Build Coastguard Worker 	/* Must be zero filled */
27*f80ad8b4SAndroid Build Coastguard Worker 	__u8 rsvd[28];
28*f80ad8b4SAndroid Build Coastguard Worker };
29*f80ad8b4SAndroid Build Coastguard Worker 
30*f80ad8b4SAndroid Build Coastguard Worker struct snp_report_resp {
31*f80ad8b4SAndroid Build Coastguard Worker 	/* response data, see SEV-SNP spec for the format */
32*f80ad8b4SAndroid Build Coastguard Worker 	__u8 data[4000];
33*f80ad8b4SAndroid Build Coastguard Worker };
34*f80ad8b4SAndroid Build Coastguard Worker 
35*f80ad8b4SAndroid Build Coastguard Worker struct snp_derived_key_req {
36*f80ad8b4SAndroid Build Coastguard Worker 	__u32 root_key_select;
37*f80ad8b4SAndroid Build Coastguard Worker 	__u32 rsvd;
38*f80ad8b4SAndroid Build Coastguard Worker 	__u64 guest_field_select;
39*f80ad8b4SAndroid Build Coastguard Worker 	__u32 vmpl;
40*f80ad8b4SAndroid Build Coastguard Worker 	__u32 guest_svn;
41*f80ad8b4SAndroid Build Coastguard Worker 	__u64 tcb_version;
42*f80ad8b4SAndroid Build Coastguard Worker };
43*f80ad8b4SAndroid Build Coastguard Worker 
44*f80ad8b4SAndroid Build Coastguard Worker struct snp_derived_key_resp {
45*f80ad8b4SAndroid Build Coastguard Worker 	/* response data, see SEV-SNP spec for the format */
46*f80ad8b4SAndroid Build Coastguard Worker 	__u8 data[64];
47*f80ad8b4SAndroid Build Coastguard Worker };
48*f80ad8b4SAndroid Build Coastguard Worker 
49*f80ad8b4SAndroid Build Coastguard Worker struct snp_guest_request_ioctl {
50*f80ad8b4SAndroid Build Coastguard Worker 	/* message version number (must be non-zero) */
51*f80ad8b4SAndroid Build Coastguard Worker 	__u8 msg_version;
52*f80ad8b4SAndroid Build Coastguard Worker 
53*f80ad8b4SAndroid Build Coastguard Worker 	/* Request and response structure address */
54*f80ad8b4SAndroid Build Coastguard Worker 	__u64 req_data;
55*f80ad8b4SAndroid Build Coastguard Worker 	__u64 resp_data;
56*f80ad8b4SAndroid Build Coastguard Worker 
57*f80ad8b4SAndroid Build Coastguard Worker 	/* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */
58*f80ad8b4SAndroid Build Coastguard Worker 	union {
59*f80ad8b4SAndroid Build Coastguard Worker 		__u64 exitinfo2;
60*f80ad8b4SAndroid Build Coastguard Worker 		struct {
61*f80ad8b4SAndroid Build Coastguard Worker 			__u32 fw_error;
62*f80ad8b4SAndroid Build Coastguard Worker 			__u32 vmm_error;
63*f80ad8b4SAndroid Build Coastguard Worker 		};
64*f80ad8b4SAndroid Build Coastguard Worker 	};
65*f80ad8b4SAndroid Build Coastguard Worker };
66*f80ad8b4SAndroid Build Coastguard Worker 
67*f80ad8b4SAndroid Build Coastguard Worker struct snp_ext_report_req {
68*f80ad8b4SAndroid Build Coastguard Worker 	struct snp_report_req data;
69*f80ad8b4SAndroid Build Coastguard Worker 
70*f80ad8b4SAndroid Build Coastguard Worker 	/* where to copy the certificate blob */
71*f80ad8b4SAndroid Build Coastguard Worker 	__u64 certs_address;
72*f80ad8b4SAndroid Build Coastguard Worker 
73*f80ad8b4SAndroid Build Coastguard Worker 	/* length of the certificate blob */
74*f80ad8b4SAndroid Build Coastguard Worker 	__u32 certs_len;
75*f80ad8b4SAndroid Build Coastguard Worker };
76*f80ad8b4SAndroid Build Coastguard Worker 
77*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_REQ_IOC_TYPE	'S'
78*f80ad8b4SAndroid Build Coastguard Worker 
79*f80ad8b4SAndroid Build Coastguard Worker /* Get SNP attestation report */
80*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
81*f80ad8b4SAndroid Build Coastguard Worker 
82*f80ad8b4SAndroid Build Coastguard Worker /* Get a derived key from the root */
83*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
84*f80ad8b4SAndroid Build Coastguard Worker 
85*f80ad8b4SAndroid Build Coastguard Worker /* Get SNP extended report as defined in the GHCB specification version 2. */
86*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl)
87*f80ad8b4SAndroid Build Coastguard Worker 
88*f80ad8b4SAndroid Build Coastguard Worker /* Guest message request EXIT_INFO_2 constants */
89*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_FW_ERR_MASK		GENMASK_ULL(31, 0)
90*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_VMM_ERR_SHIFT		32
91*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_VMM_ERR(x)		(((u64)x) << SNP_GUEST_VMM_ERR_SHIFT)
92*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_FW_ERR(x)		((x) & SNP_GUEST_FW_ERR_MASK)
93*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_ERR(vmm_err, fw_err)	(SNP_GUEST_VMM_ERR(vmm_err) | \
94*f80ad8b4SAndroid Build Coastguard Worker 					 SNP_GUEST_FW_ERR(fw_err))
95*f80ad8b4SAndroid Build Coastguard Worker 
96*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_VMM_ERR_INVALID_LEN	1
97*f80ad8b4SAndroid Build Coastguard Worker #define SNP_GUEST_VMM_ERR_BUSY		2
98*f80ad8b4SAndroid Build Coastguard Worker 
99*f80ad8b4SAndroid Build Coastguard Worker #endif /* __UAPI_LINUX_SEV_GUEST_H_ */
100