xref: /linux/include/linux/tsm.h (revision 249872f53d64441690927853e9d3af36394802d5) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef __TSM_H
3 #define __TSM_H
4 
5 #include <linux/sizes.h>
6 #include <linux/types.h>
7 #include <linux/uuid.h>
8 #include <linux/device.h>
9 
10 #define TSM_REPORT_INBLOB_MAX 64
11 #define TSM_REPORT_OUTBLOB_MAX SZ_32K
12 
13 /*
14  * Privilege level is a nested permission concept to allow confidential
15  * guests to partition address space, 4-levels are supported.
16  */
17 #define TSM_REPORT_PRIVLEVEL_MAX 3
18 
19 /**
20  * struct tsm_report_desc - option descriptor for generating tsm report blobs
21  * @privlevel: optional privilege level to associate with @outblob
22  * @inblob_len: sizeof @inblob
23  * @inblob: arbitrary input data
24  * @service_provider: optional name of where to obtain the tsm report blob
25  * @service_guid: optional service-provider service guid to attest
26  * @service_manifest_version: optional service-provider service manifest version requested
27  */
28 struct tsm_report_desc {
29 	unsigned int privlevel;
30 	size_t inblob_len;
31 	u8 inblob[TSM_REPORT_INBLOB_MAX];
32 	char *service_provider;
33 	guid_t service_guid;
34 	unsigned int service_manifest_version;
35 };
36 
37 /**
38  * struct tsm_report - track state of report generation relative to options
39  * @desc: input parameters to @report_new()
40  * @outblob_len: sizeof(@outblob)
41  * @outblob: generated evidence to provider to the attestation agent
42  * @auxblob_len: sizeof(@auxblob)
43  * @auxblob: (optional) auxiliary data to the report (e.g. certificate data)
44  * @manifestblob_len: sizeof(@manifestblob)
45  * @manifestblob: (optional) manifest data associated with the report
46  */
47 struct tsm_report {
48 	struct tsm_report_desc desc;
49 	size_t outblob_len;
50 	u8 *outblob;
51 	size_t auxblob_len;
52 	u8 *auxblob;
53 	size_t manifestblob_len;
54 	u8 *manifestblob;
55 };
56 
57 /**
58  * enum tsm_attr_index - index used to reference report attributes
59  * @TSM_REPORT_GENERATION: index of the report generation number attribute
60  * @TSM_REPORT_PROVIDER: index of the provider name attribute
61  * @TSM_REPORT_PRIVLEVEL: index of the desired privilege level attribute
62  * @TSM_REPORT_PRIVLEVEL_FLOOR: index of the minimum allowed privileg level attribute
63  * @TSM_REPORT_SERVICE_PROVIDER: index of the service provider identifier attribute
64  * @TSM_REPORT_SERVICE_GUID: index of the service GUID attribute
65  * @TSM_REPORT_SERVICE_MANIFEST_VER: index of the service manifest version attribute
66  */
67 enum tsm_attr_index {
68 	TSM_REPORT_GENERATION,
69 	TSM_REPORT_PROVIDER,
70 	TSM_REPORT_PRIVLEVEL,
71 	TSM_REPORT_PRIVLEVEL_FLOOR,
72 	TSM_REPORT_SERVICE_PROVIDER,
73 	TSM_REPORT_SERVICE_GUID,
74 	TSM_REPORT_SERVICE_MANIFEST_VER,
75 };
76 
77 /**
78  * enum tsm_bin_attr_index - index used to reference binary report attributes
79  * @TSM_REPORT_INBLOB: index of the binary report input attribute
80  * @TSM_REPORT_OUTBLOB: index of the binary report output attribute
81  * @TSM_REPORT_AUXBLOB: index of the binary auxiliary data attribute
82  * @TSM_REPORT_MANIFESTBLOB: index of the binary manifest data attribute
83  */
84 enum tsm_bin_attr_index {
85 	TSM_REPORT_INBLOB,
86 	TSM_REPORT_OUTBLOB,
87 	TSM_REPORT_AUXBLOB,
88 	TSM_REPORT_MANIFESTBLOB,
89 };
90 
91 /**
92  * struct tsm_report_ops - attributes and operations for tsm_report instances
93  * @name: tsm id reflected in /sys/kernel/config/tsm/report/$report/provider
94  * @privlevel_floor: convey base privlevel for nested scenarios
95  * @report_new: Populate @report with the report blob and auxblob
96  * (optional), return 0 on successful population, or -errno otherwise
97  * @report_attr_visible: show or hide a report attribute entry
98  * @report_bin_attr_visible: show or hide a report binary attribute entry
99  *
100  * Implementation specific ops, only one is expected to be registered at
101  * a time i.e. only one of "sev-guest", "tdx-guest", etc.
102  */
103 struct tsm_report_ops {
104 	const char *name;
105 	unsigned int privlevel_floor;
106 	int (*report_new)(struct tsm_report *report, void *data);
107 	bool (*report_attr_visible)(int n);
108 	bool (*report_bin_attr_visible)(int n);
109 };
110 
111 struct pci_tsm_ops;
112 struct tsm_dev {
113 	struct device dev;
114 	int id;
115 	const struct pci_tsm_ops *pci_ops;
116 };
117 
118 DEFINE_FREE(put_tsm_dev, struct tsm_dev *,
119 	    if (!IS_ERR_OR_NULL(_T)) put_device(&_T->dev))
120 
121 int tsm_report_register(const struct tsm_report_ops *ops, void *priv);
122 int tsm_report_unregister(const struct tsm_report_ops *ops);
123 struct tsm_dev *tsm_register(struct device *parent, struct pci_tsm_ops *ops);
124 void tsm_unregister(struct tsm_dev *tsm_dev);
125 struct tsm_dev *find_tsm_dev(int id);
126 struct pci_ide;
127 int tsm_ide_stream_register(struct pci_ide *ide);
128 void tsm_ide_stream_unregister(struct pci_ide *ide);
129 #endif /* __TSM_H */
130