1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Confidential Computing Platform Capability checks
4 *
5 * Copyright (C) 2021 Advanced Micro Devices, Inc.
6 * Copyright (C) 2024 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
7 *
8 * Author: Tom Lendacky <thomas.lendacky@amd.com>
9 */
10
11 #include <linux/export.h>
12 #include <linux/cc_platform.h>
13 #include <linux/string.h>
14 #include <linux/random.h>
15
16 #include <asm/archrandom.h>
17 #include <asm/coco.h>
18 #include <asm/processor.h>
19
20 enum cc_vendor cc_vendor __ro_after_init = CC_VENDOR_NONE;
21 u64 cc_mask __ro_after_init;
22
intel_cc_platform_has(enum cc_attr attr)23 static bool noinstr intel_cc_platform_has(enum cc_attr attr)
24 {
25 switch (attr) {
26 case CC_ATTR_GUEST_UNROLL_STRING_IO:
27 case CC_ATTR_HOTPLUG_DISABLED:
28 case CC_ATTR_GUEST_MEM_ENCRYPT:
29 case CC_ATTR_MEM_ENCRYPT:
30 return true;
31 default:
32 return false;
33 }
34 }
35
36 /*
37 * Handle the SEV-SNP vTOM case where sme_me_mask is zero, and
38 * the other levels of SME/SEV functionality, including C-bit
39 * based SEV-SNP, are not enabled.
40 */
amd_cc_platform_vtom(enum cc_attr attr)41 static __maybe_unused __always_inline bool amd_cc_platform_vtom(enum cc_attr attr)
42 {
43 switch (attr) {
44 case CC_ATTR_GUEST_MEM_ENCRYPT:
45 case CC_ATTR_MEM_ENCRYPT:
46 return true;
47 default:
48 return false;
49 }
50 }
51
52 /*
53 * SME and SEV are very similar but they are not the same, so there are
54 * times that the kernel will need to distinguish between SME and SEV. The
55 * cc_platform_has() function is used for this. When a distinction isn't
56 * needed, the CC_ATTR_MEM_ENCRYPT attribute can be used.
57 *
58 * The trampoline code is a good example for this requirement. Before
59 * paging is activated, SME will access all memory as decrypted, but SEV
60 * will access all memory as encrypted. So, when APs are being brought
61 * up under SME the trampoline area cannot be encrypted, whereas under SEV
62 * the trampoline area must be encrypted.
63 */
64
amd_cc_platform_has(enum cc_attr attr)65 static bool noinstr amd_cc_platform_has(enum cc_attr attr)
66 {
67 #ifdef CONFIG_AMD_MEM_ENCRYPT
68
69 if (sev_status & MSR_AMD64_SNP_VTOM)
70 return amd_cc_platform_vtom(attr);
71
72 switch (attr) {
73 case CC_ATTR_MEM_ENCRYPT:
74 return sme_me_mask;
75
76 case CC_ATTR_HOST_MEM_ENCRYPT:
77 return sme_me_mask && !(sev_status & MSR_AMD64_SEV_ENABLED);
78
79 case CC_ATTR_GUEST_MEM_ENCRYPT:
80 return sev_status & MSR_AMD64_SEV_ENABLED;
81
82 case CC_ATTR_GUEST_STATE_ENCRYPT:
83 return sev_status & MSR_AMD64_SEV_ES_ENABLED;
84
85 /*
86 * With SEV, the rep string I/O instructions need to be unrolled
87 * but SEV-ES supports them through the #VC handler.
88 */
89 case CC_ATTR_GUEST_UNROLL_STRING_IO:
90 return (sev_status & MSR_AMD64_SEV_ENABLED) &&
91 !(sev_status & MSR_AMD64_SEV_ES_ENABLED);
92
93 case CC_ATTR_GUEST_SEV_SNP:
94 return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
95
96 default:
97 return false;
98 }
99 #else
100 return false;
101 #endif
102 }
103
cc_platform_has(enum cc_attr attr)104 bool noinstr cc_platform_has(enum cc_attr attr)
105 {
106 switch (cc_vendor) {
107 case CC_VENDOR_AMD:
108 return amd_cc_platform_has(attr);
109 case CC_VENDOR_INTEL:
110 return intel_cc_platform_has(attr);
111 default:
112 return false;
113 }
114 }
115 EXPORT_SYMBOL_GPL(cc_platform_has);
116
cc_mkenc(u64 val)117 u64 cc_mkenc(u64 val)
118 {
119 /*
120 * Both AMD and Intel use a bit in the page table to indicate
121 * encryption status of the page.
122 *
123 * - for AMD, bit *set* means the page is encrypted
124 * - for AMD with vTOM and for Intel, *clear* means encrypted
125 */
126 switch (cc_vendor) {
127 case CC_VENDOR_AMD:
128 if (sev_status & MSR_AMD64_SNP_VTOM)
129 return val & ~cc_mask;
130 else
131 return val | cc_mask;
132 case CC_VENDOR_INTEL:
133 return val & ~cc_mask;
134 default:
135 return val;
136 }
137 }
138
cc_mkdec(u64 val)139 u64 cc_mkdec(u64 val)
140 {
141 /* See comment in cc_mkenc() */
142 switch (cc_vendor) {
143 case CC_VENDOR_AMD:
144 if (sev_status & MSR_AMD64_SNP_VTOM)
145 return val | cc_mask;
146 else
147 return val & ~cc_mask;
148 case CC_VENDOR_INTEL:
149 return val | cc_mask;
150 default:
151 return val;
152 }
153 }
154 EXPORT_SYMBOL_GPL(cc_mkdec);
155
cc_random_init(void)156 __init void cc_random_init(void)
157 {
158 /*
159 * The seed is 32 bytes (in units of longs), which is 256 bits, which
160 * is the security level that the RNG is targeting.
161 */
162 unsigned long rng_seed[32 / sizeof(long)];
163 size_t i, longs;
164
165 if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
166 return;
167
168 /*
169 * Since the CoCo threat model includes the host, the only reliable
170 * source of entropy that can be neither observed nor manipulated is
171 * RDRAND. Usually, RDRAND failure is considered tolerable, but since
172 * CoCo guests have no other unobservable source of entropy, it's
173 * important to at least ensure the RNG gets some initial random seeds.
174 */
175 for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) {
176 longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i);
177
178 /*
179 * A zero return value means that the guest doesn't have RDRAND
180 * or the CPU is physically broken, and in both cases that
181 * means most crypto inside of the CoCo instance will be
182 * broken, defeating the purpose of CoCo in the first place. So
183 * just panic here because it's absolutely unsafe to continue
184 * executing.
185 */
186 if (longs == 0)
187 panic("RDRAND is defective.");
188 }
189 add_device_randomness(rng_seed, sizeof(rng_seed));
190 memzero_explicit(rng_seed, sizeof(rng_seed));
191 }
192