Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
From: Brijesh Singh
Date: Thu Oct 26 2017 - 16:59:49 EST
On 10/26/2017 03:13 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 02:26:15PM -0500, Brijesh Singh wrote:
SHUTDOWN command unconditionally transitions a platform to uninitialized
state. The command does not care how many processes are actively using the
PSP. We don't want to shutdown the firmware while other process is still
using it.
So why do you have to init and shutdown the PSP each time you execute a
command? Why isn't the PSP initialized, *exactly* *once* at driver init
and shut down, also exactly once at driver exit?
Wish we could do that but the following reasons makes things complicated:
1) The commands must be issued from the PSP master devices, at PSP
initialization time we do not know the PSP 'master' device. Hence we
will not able to invoke sev_platform_init() during the PSP
initialization time.
2) some commands require the platform to be in UNINIT state -- e.g
FACTORY_RESET. So, if we do the INIT at the PSP initialization time then
we still need to perform the SHUTDOWN outside the normal code flow to
handle these commands.
we can workaround #1 by adding some hooks in sp_pci_init() to invoke the
PSP initialization routines after pci_register_driver() is done but #2
can get painful because it will require us calling the SHUTDOWN outside
the sp_pci_exit() code flow.
-Brijesh