Re: [Part2 PATCH v4 05/29] crypto: ccp: Add Platform Security Processor (PSP) device support

From: Brijesh Singh
Date: Sat Sep 30 2017 - 11:55:39 EST




On 9/29/17 10:16 AM, Borislav Petkov wrote:
...

> +
>> +config CRYPTO_DEV_SP_PSP
>> + bool "Platform Security Processor (PSP) device"
>> + default y
>> + depends on CRYPTO_DEV_CCP_DD
> So this last symbol CRYPTO_DEV_CCP_DD is default m and it doesn't depend
> on anything. And I'm pretty sure it should depend on CPU_SUP_AMD as this
> is AMD-specific hw. You can add that dependency in a prepatch.


CRYPTO_DEV_CCP_DD is supported on aarch64 and x86. Whereas the PSP
interface I am adding is available on x86 only hence its safe to add add
depend on CPU_SUP_AMD for CRYPTO_DEV_SP_PSP.


> And what happened to adding dependencies on CONFIG_KVM_AMD? Or can you
> use the PSP without virtualization in any sensible way?

Yes its very much possible. The SEV FW provides two sets of commands 1)
platform certificate management and 2) guest management

The platform certificate management commands is used outside the
CONFIG_KVM_AMD.

-Brijesh