| Message ID | 20220329164117.1449-5-mario.limonciello@amd.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Export PSP security attributes | expand |
On 3/29/22 11:41, Mario Limonciello wrote: > CC_ATTR_HOST_MEM_ENCRYPT is used to relay that memory encryption has been > activated by the kernel. > > As it's technically possible to enable both SME and TSME at the same time, > detect this scenario and notify the user that enabling TSME and SME at the > same time is unnecessary. > > Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > --- > v1->v2: > * Reword notice about TSME/SME > * Use cc_platform_has instead > --- > drivers/crypto/ccp/psp-dev.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index 3f47b2d81e3c..38cffc1de4ab 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -74,6 +74,13 @@ static unsigned int psp_get_capability(struct psp_device *psp) > } > psp->capability = val; > > + Extra blank line. > + /* Detect TSME / SME both enabled */ "Detect if TSME and SME are both enabled" Thanks, Tom > + if (psp->capability & PSP_CAPABILITY_PSP_SECURITY_REPORTING && > + psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET) && > + cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) > + dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); > + > return 0; > } >
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 3f47b2d81e3c..38cffc1de4ab 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -74,6 +74,13 @@ static unsigned int psp_get_capability(struct psp_device *psp) } psp->capability = val; + + /* Detect TSME / SME both enabled */ + if (psp->capability & PSP_CAPABILITY_PSP_SECURITY_REPORTING && + psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET) && + cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) + dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n"); + return 0; }
CC_ATTR_HOST_MEM_ENCRYPT is used to relay that memory encryption has been activated by the kernel. As it's technically possible to enable both SME and TSME at the same time, detect this scenario and notify the user that enabling TSME and SME at the same time is unnecessary. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> --- v1->v2: * Reword notice about TSME/SME * Use cc_platform_has instead --- drivers/crypto/ccp/psp-dev.c | 7 +++++++ 1 file changed, 7 insertions(+)