diff mbox series

[v2,2/5] crypto: ccp: Move security attributes to their own file

Message ID 20240528210712.1268-3-mario.limonciello@amd.com
State Accepted
Commit 56e0d883735002c506e73fa1f1197f3959fc7f0c
Headers show
Series Enable PSP security attributes on more SoCs | expand

Commit Message

Mario Limonciello May 28, 2024, 9:07 p.m. UTC
To prepare for other code that will manipulate security attributes
move the handling code out of sp-pci.c. No intended functional changes.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
---
v1->v2:
 * Only add psp_security_attr_group when PSP support enabled
   (Fixes lkp robot reported Kconfig issue)
---
 MAINTAINERS                  |  6 ++++
 drivers/crypto/ccp/Makefile  |  3 +-
 drivers/crypto/ccp/hsti.c    | 68 ++++++++++++++++++++++++++++++++++++
 drivers/crypto/ccp/hsti.h    | 15 ++++++++
 drivers/crypto/ccp/psp-dev.c |  1 +
 drivers/crypto/ccp/sp-pci.c  | 58 ++----------------------------
 6 files changed, 95 insertions(+), 56 deletions(-)
 create mode 100644 drivers/crypto/ccp/hsti.c
 create mode 100644 drivers/crypto/ccp/hsti.h

Comments

Tom Lendacky May 29, 2024, 3:20 p.m. UTC | #1
On 5/28/24 16:07, Mario Limonciello wrote:
> To prepare for other code that will manipulate security attributes
> move the handling code out of sp-pci.c. No intended functional changes.
> 
> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
> ---
> v1->v2:
>   * Only add psp_security_attr_group when PSP support enabled
>     (Fixes lkp robot reported Kconfig issue)

Just verifying that there's no change in behavior in regards to whether 
the attributes are shown. Previously the attributes were not shown if 
CONFIG_CRYPTO_DEV_SP_PSP was "n" because the psp value would be NULL in 
psp_security_is_visible(), right?

Thanks,
Tom

> ---
>   MAINTAINERS                  |  6 ++++
>   drivers/crypto/ccp/Makefile  |  3 +-
>   drivers/crypto/ccp/hsti.c    | 68 ++++++++++++++++++++++++++++++++++++
>   drivers/crypto/ccp/hsti.h    | 15 ++++++++
>   drivers/crypto/ccp/psp-dev.c |  1 +
>   drivers/crypto/ccp/sp-pci.c  | 58 ++----------------------------
>   6 files changed, 95 insertions(+), 56 deletions(-)
>   create mode 100644 drivers/crypto/ccp/hsti.c
>   create mode 100644 drivers/crypto/ccp/hsti.h
>
Mario Limonciello May 29, 2024, 4:22 p.m. UTC | #2
On 5/29/2024 10:20, Tom Lendacky wrote:
> On 5/28/24 16:07, Mario Limonciello wrote:
>> To prepare for other code that will manipulate security attributes
>> move the handling code out of sp-pci.c. No intended functional changes.
>>
>> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
>> ---
>> v1->v2:
>>   * Only add psp_security_attr_group when PSP support enabled
>>     (Fixes lkp robot reported Kconfig issue)
> 
> Just verifying that there's no change in behavior in regards to whether 
> the attributes are shown. Previously the attributes were not shown if 
> CONFIG_CRYPTO_DEV_SP_PSP was "n" because the psp value would be NULL in 
> psp_security_is_visible(), right?

Yes; that's right.
Tom Lendacky May 29, 2024, 4:50 p.m. UTC | #3
On 5/29/24 11:22, Mario Limonciello wrote:
> On 5/29/2024 10:20, Tom Lendacky wrote:
>> On 5/28/24 16:07, Mario Limonciello wrote:
>>> To prepare for other code that will manipulate security attributes
>>> move the handling code out of sp-pci.c. No intended functional changes.
>>>
>>> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
>>> ---
>>> v1->v2:
>>>   * Only add psp_security_attr_group when PSP support enabled
>>>     (Fixes lkp robot reported Kconfig issue)
>>
>> Just verifying that there's no change in behavior in regards to 
>> whether the attributes are shown. Previously the attributes were not 
>> shown if CONFIG_CRYPTO_DEV_SP_PSP was "n" because the psp value would 
>> be NULL in psp_security_is_visible(), right?
> 
> Yes; that's right.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

>
diff mbox series

Patch

diff --git a/MAINTAINERS b/MAINTAINERS
index d6c90161c7bf..883fb3b246b6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -991,6 +991,12 @@  F:	include/uapi/linux/psp-dbc.h
 F:	tools/crypto/ccp/*.c
 F:	tools/crypto/ccp/*.py
 
+AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - HSTI SUPPORT
+M:	Mario Limonciello <mario.limonciello@amd.com>
+L:	linux-crypto@vger.kernel.org
+S:	Supported
+F:	drivers/crypto/ccp/hsti.*
+
 AMD DISPLAY CORE
 M:	Harry Wentland <harry.wentland@amd.com>
 M:	Leo Li <sunpeng.li@amd.com>
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index aa0ba2d17e1e..394484929dae 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -12,7 +12,8 @@  ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o \
                                    sev-dev.o \
                                    tee-dev.o \
                                    platform-access.o \
-                                   dbc.o
+                                   dbc.o \
+                                   hsti.o
 
 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
 ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/hsti.c b/drivers/crypto/ccp/hsti.c
new file mode 100644
index 000000000000..076c1d175b2b
--- /dev/null
+++ b/drivers/crypto/ccp/hsti.c
@@ -0,0 +1,68 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * AMD Secure Processor device driver, security attributes
+ *
+ * Copyright (C) 2023-2024 Advanced Micro Devices, Inc.
+ *
+ * Author: Mario Limonciello <mario.limonciello@amd.com>
+ */
+
+#include <linux/device.h>
+
+#include "psp-dev.h"
+#include "hsti.h"
+
+#define security_attribute_show(name)						\
+static ssize_t name##_show(struct device *d, struct device_attribute *attr,	\
+			   char *buf)						\
+{										\
+	struct sp_device *sp = dev_get_drvdata(d);				\
+	struct psp_device *psp = sp->psp_data;					\
+	return sysfs_emit(buf, "%d\n", psp->capability.name);		\
+}
+
+security_attribute_show(fused_part)
+static DEVICE_ATTR_RO(fused_part);
+security_attribute_show(debug_lock_on)
+static DEVICE_ATTR_RO(debug_lock_on);
+security_attribute_show(tsme_status)
+static DEVICE_ATTR_RO(tsme_status);
+security_attribute_show(anti_rollback_status)
+static DEVICE_ATTR_RO(anti_rollback_status);
+security_attribute_show(rpmc_production_enabled)
+static DEVICE_ATTR_RO(rpmc_production_enabled);
+security_attribute_show(rpmc_spirom_available)
+static DEVICE_ATTR_RO(rpmc_spirom_available);
+security_attribute_show(hsp_tpm_available)
+static DEVICE_ATTR_RO(hsp_tpm_available);
+security_attribute_show(rom_armor_enforced)
+static DEVICE_ATTR_RO(rom_armor_enforced);
+
+static struct attribute *psp_security_attrs[] = {
+	&dev_attr_fused_part.attr,
+	&dev_attr_debug_lock_on.attr,
+	&dev_attr_tsme_status.attr,
+	&dev_attr_anti_rollback_status.attr,
+	&dev_attr_rpmc_production_enabled.attr,
+	&dev_attr_rpmc_spirom_available.attr,
+	&dev_attr_hsp_tpm_available.attr,
+	&dev_attr_rom_armor_enforced.attr,
+	NULL
+};
+
+static umode_t psp_security_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
+{
+	struct device *dev = kobj_to_dev(kobj);
+	struct sp_device *sp = dev_get_drvdata(dev);
+	struct psp_device *psp = sp->psp_data;
+
+	if (psp && psp->capability.security_reporting)
+		return 0444;
+
+	return 0;
+}
+
+struct attribute_group psp_security_attr_group = {
+	.attrs = psp_security_attrs,
+	.is_visible = psp_security_is_visible,
+};
diff --git a/drivers/crypto/ccp/hsti.h b/drivers/crypto/ccp/hsti.h
new file mode 100644
index 000000000000..e5c5ceab9973
--- /dev/null
+++ b/drivers/crypto/ccp/hsti.h
@@ -0,0 +1,15 @@ 
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * AMD Secure Processor device driver, security attributes
+ *
+ * Copyright (C) 2023-2024 Advanced Micro Devices, Inc.
+ *
+ * Author: Mario Limonciello <mario.limonciello@amd.com>
+ */
+
+#ifndef __HSTI_H
+#define __HSTI_H
+
+extern struct attribute_group psp_security_attr_group;
+
+#endif /* __HSTI_H */
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 7d9d2042be35..1a7b991c27f7 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -19,6 +19,7 @@ 
 #include "tee-dev.h"
 #include "platform-access.h"
 #include "dbc.h"
+#include "hsti.h"
 
 struct psp_device *psp_master;
 
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index b57392292af1..dd31e791156d 100644
--- a/drivers/crypto/ccp/sp-pci.c
+++ b/drivers/crypto/ccp/sp-pci.c
@@ -24,6 +24,7 @@ 
 
 #include "ccp-dev.h"
 #include "psp-dev.h"
+#include "hsti.h"
 
 /* used for version string AA.BB.CC.DD */
 #define AA				GENMASK(31, 24)
@@ -39,61 +40,6 @@  struct sp_pci {
 };
 static struct sp_device *sp_dev_master;
 
-#define security_attribute_show(name)						\
-static ssize_t name##_show(struct device *d, struct device_attribute *attr,	\
-			   char *buf)						\
-{										\
-	struct sp_device *sp = dev_get_drvdata(d);				\
-	struct psp_device *psp = sp->psp_data;					\
-	return sysfs_emit(buf, "%d\n", psp->capability.name);			\
-}
-
-security_attribute_show(fused_part)
-static DEVICE_ATTR_RO(fused_part);
-security_attribute_show(debug_lock_on)
-static DEVICE_ATTR_RO(debug_lock_on);
-security_attribute_show(tsme_status)
-static DEVICE_ATTR_RO(tsme_status);
-security_attribute_show(anti_rollback_status)
-static DEVICE_ATTR_RO(anti_rollback_status);
-security_attribute_show(rpmc_production_enabled)
-static DEVICE_ATTR_RO(rpmc_production_enabled);
-security_attribute_show(rpmc_spirom_available)
-static DEVICE_ATTR_RO(rpmc_spirom_available);
-security_attribute_show(hsp_tpm_available)
-static DEVICE_ATTR_RO(hsp_tpm_available);
-security_attribute_show(rom_armor_enforced)
-static DEVICE_ATTR_RO(rom_armor_enforced);
-
-static struct attribute *psp_security_attrs[] = {
-	&dev_attr_fused_part.attr,
-	&dev_attr_debug_lock_on.attr,
-	&dev_attr_tsme_status.attr,
-	&dev_attr_anti_rollback_status.attr,
-	&dev_attr_rpmc_production_enabled.attr,
-	&dev_attr_rpmc_spirom_available.attr,
-	&dev_attr_hsp_tpm_available.attr,
-	&dev_attr_rom_armor_enforced.attr,
-	NULL
-};
-
-static umode_t psp_security_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
-{
-	struct device *dev = kobj_to_dev(kobj);
-	struct sp_device *sp = dev_get_drvdata(dev);
-	struct psp_device *psp = sp->psp_data;
-
-	if (psp && psp->capability.security_reporting)
-		return 0444;
-
-	return 0;
-}
-
-static struct attribute_group psp_security_attr_group = {
-	.attrs = psp_security_attrs,
-	.is_visible = psp_security_is_visible,
-};
-
 #define version_attribute_show(name, _offset)					\
 static ssize_t name##_show(struct device *d, struct device_attribute *attr,	\
 			   char *buf)						\
@@ -150,7 +96,9 @@  static struct attribute_group psp_firmware_attr_group = {
 };
 
 static const struct attribute_group *psp_groups[] = {
+#ifdef CONFIG_CRYPTO_DEV_SP_PSP
 	&psp_security_attr_group,
+#endif
 	&psp_firmware_attr_group,
 	NULL,
 };