| Message ID | 20220816193209.4057566-1-jackyli@google.com |
|---|---|
| Headers | show |
| Series | Improve error handling during INIT_EX file initialization | expand |
On Tue, 16 Aug 2022, Jacky Li wrote: > Currently the OS fails the PSP initialization when the file specified at > 'init_ex_path' does not exist or has invalid content. However the SEV > spec just requires users to allocate 32KB of 0xFF in the file, which can > be taken care of by the OS easily. > > To improve the robustness during the PSP init, leverage the retry > mechanism and continue the init process: > > Before the first INIT_EX call, if the content is invalid or missing, > continue the process by feeding those contents into PSP instead of > aborting. PSP will then override it with 32KB 0xFF and return > SEV_RET_SECURE_DATA_INVALID status code. In the second INIT_EX call, > this 32KB 0xFF content will then be fed and PSP will write the valid > data to the file. > > In order to do this, sev_read_init_ex_file should only be called once > for the first INIT_EX call. Calling it again for the second INIT_EX call > will cause the invalid file content overwriting the valid 32KB 0xFF data > provided by PSP in the first INIT_EX call. > > Co-developed-by: Peter Gonda <pgonda@google.com> > Signed-off-by: Peter Gonda <pgonda@google.com> > Signed-off-by: Jacky Li <jackyli@google.com> > Reported-by: Alper Gun <alpergun@google.com> Acked-by: David Rientjes <rientjes@google.com>
Currently the PSP initialization fails when the INIT_EX file is missing or invalid, while the initialization continues when the OS fails to write the INIT_EX file. This series handles both cases in a more robust way by resolving the file read error as well as throwing the write error to the caller. --- Changelog since v1: - refactor around __sev_init_ex_locked() and fix format. Jacky Li (2): crypto: ccp - Initialize PSP when reading psp data file failed crypto: ccp - Fail the PSP initialization when writing psp data file failed .../virt/kvm/x86/amd-memory-encryption.rst | 5 +- drivers/crypto/ccp/sev-dev.c | 62 +++++++++++-------- 2 files changed, 39 insertions(+), 28 deletions(-)