Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

From: Brijesh Singh
Date: Thu Oct 26 2017 - 16:59:49 EST




On 10/26/2017 03:13 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote:
SHUTDOWN command unconditionally transitions a platform to uninitialized
state. The command does not care how many processes are actively using the
PSP. We don't want to shutdown the firmware while other process is still
using it.

So why do you have to init and shutdown the PSP each time you execute a
command? Why isn't the PSP initialized, *exactly* *once* at driver init
and shut down, also exactly once at driver exit?

Wish we could do that but the following reasons makes things complicated:

1) The commands must be issued from the PSP master devices, at PSP initialization time we do not know the PSP 'master' device. Hence we will not able to invoke sev_platform_init() during the PSP initialization time.

2) some commands require the platform to be in UNINIT state -- e.g FACTORY_RESET. So, if we do the INIT at the PSP initialization time then we still need to perform the SHUTDOWN outside the normal code flow to handle these commands.

we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP initialization routines after pci_register_driver() is done but #2 can get painful because it will require us calling the SHUTDOWN outside the sp_pci_exit() code flow.


-Brijesh