Re: [PATCH 4/5] crypto: ccp: Add support for getting security attributes on some older systems
From: Tom Lendacky
Date: Tue May 28 2024 - 11:28:27 EST
On 5/27/24 10:26, Mario Limonciello wrote:
Older systems will not populate the security attributes in the
capabilities register. The PSP on these systems, however, does have a
command to get the security attributes. Use this command during ccp
startup to populate the attributes if they're missing.
Closes: https://github.com/fwupd/fwupd/issues/5284
Closes: https://github.com/fwupd/fwupd/issues/5675
Closes: https://github.com/fwupd/fwupd/issues/6253
Closes: https://github.com/fwupd/fwupd/issues/7280
Closes: https://github.com/fwupd/fwupd/issues/6323
Closes: https://github.com/fwupd/fwupd/discussions/5433
Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxx>
---
drivers/crypto/ccp/hsti.c | 63 +++++++++++++++++++++++++++++
drivers/crypto/ccp/hsti.h | 2 +
drivers/crypto/ccp/psp-dev.c | 5 +++
drivers/crypto/ccp/psp-dev.h | 2 -
drivers/crypto/ccp/sp-dev.h | 1 +
drivers/crypto/ccp/sp-pci.c | 5 ++-
include/linux/psp-platform-access.h | 1 +
7 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccp/hsti.c b/drivers/crypto/ccp/hsti.c
index 076c1d175b2b..8f583902d786 100644
--- a/drivers/crypto/ccp/hsti.c
+++ b/drivers/crypto/ccp/hsti.c
+int psp_init_hsti(struct psp_device *psp)
+{
+ int ret;
+
+ if (PSP_FEATURE(psp, HSTI)) {
+ ret = psp_poulate_hsti(psp);
+ if (ret)
+ return ret;
+ }
+
+ /*
+ * At this stage, if security information hasn't been populated by
+ * either the PSP or by the driver through the platform command,
+ * then there is nothing more to do.
+ */
+ if (!psp->capability.security_reporting)
+ return 0;
This should really be part of patch #5, since it doesn't make a lot of
sense at this stage.
Thanks,
Tom
+
+ return 0;
+}