Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

[Brijesh Singh]

On 10/26/2017 03:13 PM, Borislav Petkov wrote:
> On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote:
> > SHUTDOWN command unconditionally transitions a platform to uninitialized
> > state. The command does not care how many processes are actively using the
> > PSP. We don't want to shutdown the firmware while other process is still
> > using it.
>
> So why do you have to init and shutdown the PSP each time you execute a
> command? Why isn't the PSP initialized, *exactly* *once* at driver init
> and shut down, also exactly once at driver exit?

Wish we could do that but the following reasons makes things complicated:

1) The commands must be issued from the PSP master devices, at PSP 
initialization time we do not know the PSP 'master' device. Hence we 
will not able to invoke sev_platform_init() during the PSP 
initialization time.

2) some commands require the platform to be in UNINIT state -- e.g 
FACTORY_RESET. So, if we do the INIT at the PSP initialization time then 
we still need to perform the SHUTDOWN outside the normal code flow to 
handle these commands.

we can workaround #1 by adding some hooks in sp_pci_init() to invoke the 
PSP initialization routines after pci_register_driver() is done but #2 
can get painful because it will require us calling the SHUTDOWN outside 
the sp_pci_exit() code flow.


-Brijesh