.../virt/kvm/x86/amd-memory-encryption.rst | 28 +++++++++ arch/x86/include/uapi/asm/kvm.h | 9 +++ arch/x86/kvm/svm/sev.c | 63 +++++++++++++++++++ drivers/crypto/ccp/sev-dev.c | 1 + include/linux/psp-sev.h | 31 +++++++++ 5 files changed, 132 insertions(+)
Add support for retrieving the SEV-SNP attestation report via the
SNP_HV_REPORT_REQ firmware command and expose it through a new KVM
ioctl for SNP guests.
Signed-off-by: Thomas Courrege <thomas.courrege@thorondor.fr>
---
.../virt/kvm/x86/amd-memory-encryption.rst | 28 +++++++++
arch/x86/include/uapi/asm/kvm.h | 9 +++
arch/x86/kvm/svm/sev.c | 63 +++++++++++++++++++
drivers/crypto/ccp/sev-dev.c | 1 +
include/linux/psp-sev.h | 31 +++++++++
5 files changed, 132 insertions(+)
diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
index 1ddb6a86ce7f..78b59c91f21c 100644
--- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst
+++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
@@ -572,6 +572,34 @@ Returns: 0 on success, -negative on error
See SNP_LAUNCH_FINISH in the SEV-SNP specification [snp-fw-abi]_ for further
details on the input parameters in ``struct kvm_sev_snp_launch_finish``.
+21. KVM_SEV_SNP_HV_REPORT_REQ
+-----------------------------
+
+The KVM_SEV_SNP_HV_REPORT_REQ command requests the hypervisor-generated
+SNP attestation report. This report is produced by the PSP using the
+HV-SIGNED key selected by the caller.
+
+The ``key_sel`` field indicates which key the platform will use to sign the
+report:
+ * ``0``: If VLEK is installed, sign with VLEK. Otherwise, sign with VCEK.
+ * ``1``: Sign with VCEK.
+ * ``2``: Sign with VLEK.
+ * Other values are reserved.
+
+Parameters (in): struct kvm_sev_snp_hv_report_req
+
+Returns: 0 on success, -negative on error
+
+::
+ struct kvm_sev_snp_hv_report_req {
+ __u64 report_uaddr;
+ __u64 report_len;
+ __u8 key_sel;
+ __u8 pad0[7];
+ __u64 pad1[4];
+ };
+
+
Device attribute API
====================
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index 7ceff6583652..464146bed784 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -743,6 +743,7 @@ enum sev_cmd_id {
KVM_SEV_SNP_LAUNCH_START = 100,
KVM_SEV_SNP_LAUNCH_UPDATE,
KVM_SEV_SNP_LAUNCH_FINISH,
+ KVM_SEV_SNP_HV_REPORT_REQ,
KVM_SEV_NR_MAX,
};
@@ -871,6 +872,14 @@ struct kvm_sev_receive_update_data {
__u32 pad2;
};
+struct kvm_sev_snp_hv_report_req {
+ __u64 report_uaddr;
+ __u64 report_len;
+ __u8 key_sel;
+ __u8 pad0[7];
+ __u64 pad1[4];
+};
+
struct kvm_sev_snp_launch_start {
__u64 policy;
__u8 gosvw[16];
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index f59c65abe3cf..63026d254ab1 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2261,6 +2261,66 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
return rc;
}
+static int sev_snp_hv_report_request(struct kvm *kvm, struct kvm_sev_cmd *argp)
+{
+ struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
+ struct sev_data_snp_msg_report_rsp *report_rsp;
+ struct kvm_sev_snp_hv_report_req params;
+ struct sev_data_snp_hv_report_req data;
+ size_t rsp_size = sizeof(*report_rsp);
+ void __user *u_report;
+ void __user *u_params;
+ int ret;
+
+ if (!sev_snp_guest(kvm))
+ return -ENOTTY;
+
+ u_params = u64_to_user_ptr(argp->data);
+ if (copy_from_user(¶ms, u_params, sizeof(params)))
+ return -EFAULT;
+
+ if (params.report_len < rsp_size)
+ return -ENOSPC;
+
+ u_report = u64_to_user_ptr(params.report_uaddr);
+ if (!u_report)
+ return -EINVAL;
+
+ report_rsp = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
+ if (!report_rsp)
+ return -ENOMEM;
+
+ data.len = sizeof(data);
+ data.key_sel = params.key_sel;
+ data.gctx_addr = __psp_pa(sev->snp_context);
+ data.hv_report_paddr = __psp_pa(report_rsp);
+ data.rsvd = 0;
+
+ ret = sev_issue_cmd(kvm, SEV_CMD_SNP_HV_REPORT_REQ, &data,
+ &argp->error);
+ if (ret)
+ goto e_free_rsp;
+
+ if (!report_rsp->status) {
+ if (params.report_len < (rsp_size + report_rsp->report_size))
+ ret = -ENOSPC;
+ else
+ rsp_size += report_rsp->report_size;
+
+ params.report_len = sizeof(*report_rsp) + report_rsp->report_size;
+ }
+
+ if (copy_to_user(u_report, report_rsp, rsp_size))
+ ret = -EFAULT;
+
+ if (copy_to_user(u_params, ¶ms, sizeof(params)))
+ ret = -EFAULT;
+
+e_free_rsp:
+ snp_free_firmware_page(report_rsp);
+ return ret;
+}
+
struct sev_gmem_populate_args {
__u8 type;
int sev_fd;
@@ -2672,6 +2732,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp)
case KVM_SEV_SNP_LAUNCH_FINISH:
r = snp_launch_finish(kvm, &sev_cmd);
break;
+ case KVM_SEV_SNP_HV_REPORT_REQ:
+ r = sev_snp_hv_report_request(kvm, &sev_cmd);
+ break;
default:
r = -EINVAL;
goto out;
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 956ea609d0cc..5dd7c3f0d50d 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -259,6 +259,7 @@ static int sev_cmd_buffer_len(int cmd)
case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit);
case SEV_CMD_SNP_FEATURE_INFO: return sizeof(struct sev_data_snp_feature_info);
case SEV_CMD_SNP_VLEK_LOAD: return sizeof(struct sev_user_data_snp_vlek_load);
+ case SEV_CMD_SNP_HV_REPORT_REQ: return sizeof(struct sev_data_snp_hv_report_req);
default: return sev_tio_cmd_buffer_len(cmd);
}
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 69ffa4b4d1fa..c651a400d124 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -124,6 +124,7 @@ enum sev_cmd {
SEV_CMD_SNP_GCTX_CREATE = 0x093,
SEV_CMD_SNP_GUEST_REQUEST = 0x094,
SEV_CMD_SNP_ACTIVATE_EX = 0x095,
+ SEV_CMD_SNP_HV_REPORT_REQ = 0x096,
SEV_CMD_SNP_LAUNCH_START = 0x0A0,
SEV_CMD_SNP_LAUNCH_UPDATE = 0x0A1,
SEV_CMD_SNP_LAUNCH_FINISH = 0x0A2,
@@ -594,6 +595,36 @@ struct sev_data_attestation_report {
u32 len; /* In/Out */
} __packed;
+/**
+ * struct sev_data_snp_hv_report_req - SNP_HV_REPORT_REQ command params
+ *
+ * @len: length of the command buffer in bytes
+ * @key_sel: Selects which key to use for generating the signature.
+ * @gctx_addr: System physical address of guest context page
+ * @hv_report_paddr: System physical address where MSG_EXPORT_RSP will be written
+ */
+struct sev_data_snp_hv_report_req {
+ u32 len; /* In */
+ u32 key_sel :2, /* In */
+ rsvd :30;
+ u64 gctx_addr; /* In */
+ u64 hv_report_paddr; /* In */
+} __packed;
+
+/**
+ * struct sev_data_snp_msg_export_rsp
+ *
+ * @status: Status : 0h: Success. 16h: Invalid parameters.
+ * @report_size: Size in bytes of the attestation report
+ * @report: attestation report
+ */
+struct sev_data_snp_msg_report_rsp {
+ u32 status; /* Out */
+ u32 report_size; /* Out */
+ u8 rsvd[24];
+ u8 report[];
+} __packed;
+
/**
* struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params
*
base-commit: e89f0e9a0a007e8c3afb8ecd739c0b3255422b00
--
2.52.0On 1/25/26 05:06, Thomas Courrege wrote:
> Add support for retrieving the SEV-SNP attestation report via the
> SNP_HV_REPORT_REQ firmware command and expose it through a new KVM
> ioctl for SNP guests.
>
> Signed-off-by: Thomas Courrege <thomas.courrege@thorondor.fr>
Code looks good, just some minor doc comments that I should have caught
earlier, sorry. With those changes:
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> .../virt/kvm/x86/amd-memory-encryption.rst | 28 +++++++++
> arch/x86/include/uapi/asm/kvm.h | 9 +++
> arch/x86/kvm/svm/sev.c | 63 +++++++++++++++++++
> drivers/crypto/ccp/sev-dev.c | 1 +
> include/linux/psp-sev.h | 31 +++++++++
> 5 files changed, 132 insertions(+)
>
> diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
> index 1ddb6a86ce7f..78b59c91f21c 100644
> --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst
> +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
> @@ -572,6 +572,34 @@ Returns: 0 on success, -negative on error
> See SNP_LAUNCH_FINISH in the SEV-SNP specification [snp-fw-abi]_ for further
> details on the input parameters in ``struct kvm_sev_snp_launch_finish``.
>
> +21. KVM_SEV_SNP_HV_REPORT_REQ
> +-----------------------------
> +
> +The KVM_SEV_SNP_HV_REPORT_REQ command requests the hypervisor-generated
s/requests the/requests a/
> +SNP attestation report. This report is produced by the PSP using the
s/SNP/SNP guest/
s/the PSP/SEV firmware/
> +HV-SIGNED key selected by the caller.
s/HV-SIGNED//
Thanks,
Tom
> +
> +The ``key_sel`` field indicates which key the platform will use to sign the
> +report:
> + * ``0``: If VLEK is installed, sign with VLEK. Otherwise, sign with VCEK.
> + * ``1``: Sign with VCEK.
> + * ``2``: Sign with VLEK.
> + * Other values are reserved.
> +
> +Parameters (in): struct kvm_sev_snp_hv_report_req
> +
> +Returns: 0 on success, -negative on error
> +
> +::
> + struct kvm_sev_snp_hv_report_req {
> + __u64 report_uaddr;
> + __u64 report_len;
> + __u8 key_sel;
> + __u8 pad0[7];
> + __u64 pad1[4];
> + };
> +
> +
> Device attribute API
> ====================
>
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 7ceff6583652..464146bed784 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -743,6 +743,7 @@ enum sev_cmd_id {
> KVM_SEV_SNP_LAUNCH_START = 100,
> KVM_SEV_SNP_LAUNCH_UPDATE,
> KVM_SEV_SNP_LAUNCH_FINISH,
> + KVM_SEV_SNP_HV_REPORT_REQ,
>
> KVM_SEV_NR_MAX,
> };
> @@ -871,6 +872,14 @@ struct kvm_sev_receive_update_data {
> __u32 pad2;
> };
>
> +struct kvm_sev_snp_hv_report_req {
> + __u64 report_uaddr;
> + __u64 report_len;
> + __u8 key_sel;
> + __u8 pad0[7];
> + __u64 pad1[4];
> +};
> +
> struct kvm_sev_snp_launch_start {
> __u64 policy;
> __u8 gosvw[16];
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index f59c65abe3cf..63026d254ab1 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2261,6 +2261,66 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> return rc;
> }
>
> +static int sev_snp_hv_report_request(struct kvm *kvm, struct kvm_sev_cmd *argp)
> +{
> + struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
> + struct sev_data_snp_msg_report_rsp *report_rsp;
> + struct kvm_sev_snp_hv_report_req params;
> + struct sev_data_snp_hv_report_req data;
> + size_t rsp_size = sizeof(*report_rsp);
> + void __user *u_report;
> + void __user *u_params;
> + int ret;
> +
> + if (!sev_snp_guest(kvm))
> + return -ENOTTY;
> +
> + u_params = u64_to_user_ptr(argp->data);
> + if (copy_from_user(¶ms, u_params, sizeof(params)))
> + return -EFAULT;
> +
> + if (params.report_len < rsp_size)
> + return -ENOSPC;
> +
> + u_report = u64_to_user_ptr(params.report_uaddr);
> + if (!u_report)
> + return -EINVAL;
> +
> + report_rsp = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
> + if (!report_rsp)
> + return -ENOMEM;
> +
> + data.len = sizeof(data);
> + data.key_sel = params.key_sel;
> + data.gctx_addr = __psp_pa(sev->snp_context);
> + data.hv_report_paddr = __psp_pa(report_rsp);
> + data.rsvd = 0;
> +
> + ret = sev_issue_cmd(kvm, SEV_CMD_SNP_HV_REPORT_REQ, &data,
> + &argp->error);
> + if (ret)
> + goto e_free_rsp;
> +
> + if (!report_rsp->status) {
> + if (params.report_len < (rsp_size + report_rsp->report_size))
> + ret = -ENOSPC;
> + else
> + rsp_size += report_rsp->report_size;
> +
> + params.report_len = sizeof(*report_rsp) + report_rsp->report_size;
> + }
> +
> + if (copy_to_user(u_report, report_rsp, rsp_size))
> + ret = -EFAULT;
> +
> + if (copy_to_user(u_params, ¶ms, sizeof(params)))
> + ret = -EFAULT;
> +
> +e_free_rsp:
> + snp_free_firmware_page(report_rsp);
> + return ret;
> +}
> +
> struct sev_gmem_populate_args {
> __u8 type;
> int sev_fd;
> @@ -2672,6 +2732,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp)
> case KVM_SEV_SNP_LAUNCH_FINISH:
> r = snp_launch_finish(kvm, &sev_cmd);
> break;
> + case KVM_SEV_SNP_HV_REPORT_REQ:
> + r = sev_snp_hv_report_request(kvm, &sev_cmd);
> + break;
> default:
> r = -EINVAL;
> goto out;
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 956ea609d0cc..5dd7c3f0d50d 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -259,6 +259,7 @@ static int sev_cmd_buffer_len(int cmd)
> case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit);
> case SEV_CMD_SNP_FEATURE_INFO: return sizeof(struct sev_data_snp_feature_info);
> case SEV_CMD_SNP_VLEK_LOAD: return sizeof(struct sev_user_data_snp_vlek_load);
> + case SEV_CMD_SNP_HV_REPORT_REQ: return sizeof(struct sev_data_snp_hv_report_req);
> default: return sev_tio_cmd_buffer_len(cmd);
> }
>
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index 69ffa4b4d1fa..c651a400d124 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -124,6 +124,7 @@ enum sev_cmd {
> SEV_CMD_SNP_GCTX_CREATE = 0x093,
> SEV_CMD_SNP_GUEST_REQUEST = 0x094,
> SEV_CMD_SNP_ACTIVATE_EX = 0x095,
> + SEV_CMD_SNP_HV_REPORT_REQ = 0x096,
> SEV_CMD_SNP_LAUNCH_START = 0x0A0,
> SEV_CMD_SNP_LAUNCH_UPDATE = 0x0A1,
> SEV_CMD_SNP_LAUNCH_FINISH = 0x0A2,
> @@ -594,6 +595,36 @@ struct sev_data_attestation_report {
> u32 len; /* In/Out */
> } __packed;
>
> +/**
> + * struct sev_data_snp_hv_report_req - SNP_HV_REPORT_REQ command params
> + *
> + * @len: length of the command buffer in bytes
> + * @key_sel: Selects which key to use for generating the signature.
> + * @gctx_addr: System physical address of guest context page
> + * @hv_report_paddr: System physical address where MSG_EXPORT_RSP will be written
> + */
> +struct sev_data_snp_hv_report_req {
> + u32 len; /* In */
> + u32 key_sel :2, /* In */
> + rsvd :30;
> + u64 gctx_addr; /* In */
> + u64 hv_report_paddr; /* In */
> +} __packed;
> +
> +/**
> + * struct sev_data_snp_msg_export_rsp
> + *
> + * @status: Status : 0h: Success. 16h: Invalid parameters.
> + * @report_size: Size in bytes of the attestation report
> + * @report: attestation report
> + */
> +struct sev_data_snp_msg_report_rsp {
> + u32 status; /* Out */
> + u32 report_size; /* Out */
> + u8 rsvd[24];
> + u8 report[];
> +} __packed;
> +
> /**
> * struct sev_data_snp_download_firmware - SNP_DOWNLOAD_FIRMWARE command params
> *
>
> base-commit: e89f0e9a0a007e8c3afb8ecd739c0b3255422b00
© 2016 - 2026 Red Hat, Inc.