| Message ID | 20230929213739.68494-1-graf@amazon.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2a8e:b0:403:3b70:6f57 with SMTP id
in14csp114380vqb;
Fri, 29 Sep 2023 17:07:35 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IHHLNHl1jjeZrdssTqvHeHA7yV8uzMmCTl7BzDV5t/BP5DC7JxDZipaBKCaBXKFZOOcuMb0
X-Received: by 2002:a05:6a20:9750:b0:153:353e:5e39 with SMTP id
hs16-20020a056a20975000b00153353e5e39mr5100499pzc.51.1696032454871;
Fri, 29 Sep 2023 17:07:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696032454; cv=none;
d=google.com; s=arc-20160816;
b=KOhvfruiF6EQx+fLs3d2RU7FtCt+zDk8OJfPIhR002IoPZx1H7oA+Ys8DadhK+k5q2
+XVXwP3RZegjtAcKTJJv5X5DsBev+e7EHB4Rp7w4tPIaJxRHQFx40eh92lJ7xkW8ly61
PS48eJCpZxvqrMWoi8KZKsYq4RwlSBzzLXCUq4oR0h4kMJSoRjnc+cdLdWmlRb7akzNg
9ov5luyFNI3dJVocCts9RnHzZ9/vEPex8atxIIun8lPDoHZJPqlqZsRE+Napb7ABV8oY
oSvlxzxYMk26i9yk7NeohXAgWAf7G6T/0ZHxf2ORvAr6gFBjhK5iNTX7IzgAV75admY+
OvVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=bJX4+NvWQ10hWHqKptnLbxIXX7JEo+TcPfEzhgBXIv4=;
fh=w3+VeJ/dzQrByU9Qp0AiGIVRS8FEMkjnVDPVuhTWyz0=;
b=ju9J3HrtqgzcV4v7HHwM0rJqydlR0wifCm/LwOKBhTGATSrcE5yq4pVP6eKGlnmCB1
4z3xmoggiad5elHLGk8inIYmwfK7BrqYEfcAR1yy+SWrqBXXvZiy4foCI7Tk9jekpjI8
U3l/SWgcBeknkxV3Vfgs4p8y8afgPPPfgc2YiLWOgvV94sdumfOetj++tUpD1DL3vqYr
bAl4bUICM7ZAFkoUwJoGFuGqee+zZo2OarGa2WUjeqUgkB0+Xg52w5zoHJrmKi4eyroA
kjbOIfqM9VG5IehDyfKmF8hvOUmAJfUzvnpNCcqSFbWHVF2n3WTr4MhEzwFXeVeWaAr6
6hFA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=kiIcO146;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
by mx.google.com with ESMTPS id
h5-20020a17090ac38500b0027752ac4aefsi2440459pjt.24.2023.09.29.17.07.34
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 29 Sep 2023 17:07:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=kiIcO146;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 030A780BF4DC;
Fri, 29 Sep 2023 14:38:34 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233807AbjI2Vhx (ORCPT <rfc822;pwkd43@gmail.com> + 19 others);
Fri, 29 Sep 2023 17:37:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35338 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229508AbjI2Vhw (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 29 Sep 2023 17:37:52 -0400
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com
[99.78.197.217])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32EBE1AB;
Fri, 29 Sep 2023 14:37:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
t=1696023470; x=1727559470;
h=from:to:cc:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=bJX4+NvWQ10hWHqKptnLbxIXX7JEo+TcPfEzhgBXIv4=;
b=kiIcO146FQGSEckIpvoMzbxYZVyX/igvT5pO6GzGdtkVk9y/JuX6lQUF
AaNO6ySPzwO4R+ZUoq+VcVgI6S3WBPpw65jdpHoJmH0ghDsSg9feSan/4
8XBgW1/6TMw0/cQYYooAiN/lrN5sHUS6Y9voZi0UEaQdUgT8OO1j4v9Dl
w=;
X-IronPort-AV: E=Sophos;i="6.03,188,1694736000";
d="scan'208";a="242028653"
Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO
email-inbound-relay-pdx-2c-m6i4x-d2040ec1.us-west-2.amazon.com)
([10.25.36.214])
by smtp-border-fw-80006.pdx80.corp.amazon.com with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2023 21:37:47 +0000
Received: from EX19MTAUWB002.ant.amazon.com
(pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198])
by email-inbound-relay-pdx-2c-m6i4x-d2040ec1.us-west-2.amazon.com
(Postfix) with ESMTPS id 6089140D91;
Fri, 29 Sep 2023 21:37:47 +0000 (UTC)
Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by
EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.37; Fri, 29 Sep 2023 21:37:42 +0000
Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by
EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.37; Fri, 29 Sep 2023 21:37:40 +0000
From: Alexander Graf <graf@amazon.com>
To: <linux-crypto@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Herbert Xu <herbert@gondor.apana.org.au>,
Olivia Mackall <olivia@selenic.com>,
"Petre Eftime" <petre.eftime@gmail.com>,
Erdem Meydanlli <meydanli@amazon.nl>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
David Woodhouse <dwmw@amazon.co.uk>,
"Michael S . Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Subject: [PATCH v3 0/2] Add Nitro Secure Module support
Date: Fri, 29 Sep 2023 21:37:37 +0000
Message-ID: <20230929213739.68494-1-graf@amazon.com>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
X-Originating-IP: [10.253.83.51]
X-ClientProxiedBy: EX19D043UWA002.ant.amazon.com (10.13.139.53) To
EX19D020UWC004.ant.amazon.com (10.13.138.149)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Fri, 29 Sep 2023 14:38:34 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1778379341465484546
X-GMAIL-MSGID: 1778418927606288851
|
| Series |
Add Nitro Secure Module support
|
|
Message
Alexander Graf
Sept. 29, 2023, 9:37 p.m. UTC
We already have support for the Nitro Enclave kernel module in upstream Linux, which is needed to control a Nitro Enclave's lifecycle. However, users typically want to run Linux inside the Enclave as well. To do that well, they need the ability to communicate to the Nitro Secure Module: A virtio based PV device that provides access to PCRs, an attestation document as well as access to entropy. These patches add driver support for NSM. With them in place, upstream Linux has everything that's needed to run as a Nitro Enclave kernel. Alex v1 -> v2: - Remove boilerplate - Add uapi header v2 -> v3: - Move globals to device struct - Add compat handling - Simplify some naming - Remove debug prints - Use module_virtio_driver - Ensure remove only happens on target device - Drop use of uio.h Alexander Graf (2): misc: Add Nitro Secure Module driver hwrng: Add support for Nitro Secure Module MAINTAINERS | 11 + drivers/char/hw_random/Kconfig | 12 + drivers/char/hw_random/Makefile | 1 + drivers/char/hw_random/nsm-rng.c | 275 ++++++++++++++++++++ drivers/misc/Kconfig | 11 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 423 +++++++++++++++++++++++++++++++ include/linux/nsm.h | 35 +++ include/uapi/linux/nsm.h | 30 +++ 9 files changed, 799 insertions(+) create mode 100644 drivers/char/hw_random/nsm-rng.c create mode 100644 drivers/misc/nsm.c create mode 100644 include/linux/nsm.h create mode 100644 include/uapi/linux/nsm.h