linuxabi

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 22, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package linuxabi describes the /dev/sev-guest ioctl command ABI.

Index

Constants

View Source
const (

	// IocSnpGetReport is the ioctl command for getting an attestation report
	IocSnpGetReport = iocSnpWithoutNr | (0x0 << iocNrshift)

	// IocSnpGetDerivedKey is the ioctl command for getting a key derived from measured components and
	// either the VCEK or VMRK.
	IocSnpGetDerivedKey = iocSnpWithoutNr | (0x1 << iocNrshift)

	// IocSnpGetReport is the ioctl command for getting an extended attestation report that includes
	// certificate information.
	IocSnpGetExtendedReport = iocSnpWithoutNr | (0x2 << iocNrshift)

	SnpReportRespReportSize = snpResportRespSize - msgReportReqHeaderSize
)

ioctl bits for x86-64

Variables

This section is empty.

Functions

This section is empty.

Types

type BinaryConversion added in v0.2.2

type BinaryConversion interface {
	Pointer() unsafe.Pointer
	Finish(BinaryConvertible) error
}

BinaryConversion is an interface that abstracts a "stand-in" object that passes through an ABI boundary and can finalize changes to the original object.

type BinaryConvertible added in v0.2.2

type BinaryConvertible interface {
	ABI() BinaryConversion
}

BinaryConvertible is an interface for an object that can produce a partner BinaryConversion object to allow its representation to pass the ABI boundary.

type EsResult

type EsResult int

EsResult is the status code type for Linux's GHCB communication results.

const (
	// EsOk denotes success.
	EsOk EsResult = iota
	// EsUnsupported denotes that the requested operation is not supported.
	EsUnsupported
	// EsVmmError denotes that the virtual machine monitor was in an unexpected state.
	EsVmmError
	// EsDecodeFailed denotes that instruction decoding failed.
	EsDecodeFailed
	// EsException denotes that the GHCB communication caused an exception.
	EsException
	// EsRetry is the code for a retry instruction emulation
	EsRetry
)

type SevEsErr

type SevEsErr struct {
	Result EsResult
}

SevEsErr is an error that interprets SEV-ES guest-host communication results.

func (*SevEsErr) Error

func (err *SevEsErr) Error() string

type SnpDerivedKeyReqABI added in v0.2.3

type SnpDerivedKeyReqABI struct {
	// RootKeySelect is all reserved bits except bit 0 for UseVMRK (1) or UseVCEK (0).
	RootKeySelect uint32

	GuestFieldSelect uint64
	// Vmpl to mix into the key. Must be greater than or equal to current Vmpl.
	Vmpl uint32
	// GuestSVN to mix into the key. Must be less than or equal to GuestSVN at launch.
	GuestSVN uint32
	// TCBVersion to mix into the key. Must be less than or equal to the CommittedTcb.
	TCBVersion uint64
	// contains filtered or unexported fields
}

SnpDerivedKeyReqABI is the ABI representation of a request to the SEV guest device to derive a key from specified information.

func (*SnpDerivedKeyReqABI) ABI added in v0.2.3

ABI returns the ABI representation of this object.

func (*SnpDerivedKeyReqABI) Finish added in v0.2.3

Finish is a no-op.

func (*SnpDerivedKeyReqABI) Pointer added in v0.2.3

func (r *SnpDerivedKeyReqABI) Pointer() unsafe.Pointer

Pointer returns a pointer to the object.

type SnpDerivedKeyRespABI added in v0.2.3

type SnpDerivedKeyRespABI struct {
	Status uint32

	Data [32]byte
	// contains filtered or unexported fields
}

SnpDerivedKeyRespABI represents the response to an SnpDerivedKeyReq.

func (*SnpDerivedKeyRespABI) ABI added in v0.2.3

ABI returns the object itself.

func (*SnpDerivedKeyRespABI) Finish added in v0.2.3

Finish is a no-op.

func (*SnpDerivedKeyRespABI) Pointer added in v0.2.3

func (r *SnpDerivedKeyRespABI) Pointer() unsafe.Pointer

Pointer returns a pointer to the object itself.

type SnpExtendedReportReq

type SnpExtendedReportReq struct {
	Data SnpReportReqABI

	// Certs receives the certificate blob after the extended report request.
	Certs []byte

	// CertsLength is the length of the certificate blob.
	CertsLength uint32
}

SnpExtendedReportReq is close to Linux's sev-guest ioctl abi for sending a GET_EXTENDED_REPORT request, but uses safer types for the Ioctl interface.

func (*SnpExtendedReportReq) ABI added in v0.2.2

ABI returns an object that can cross the ABI boundary and copy back changes to the original object.

type SnpExtendedReportReqABI added in v0.2.2

type SnpExtendedReportReqABI struct {
	Data SnpReportReqABI

	// Where to copy the certificate blob.
	CertsAddress unsafe.Pointer

	// length of the certificate blob
	CertsLength uint32
}

SnpExtendedReportReqABI is Linux's sev-guest ioctl abi for sending a GET_EXTENDED_REPORT request.

func (*SnpExtendedReportReqABI) Finish added in v0.2.2

Finish writes back the changed CertsLength value.

func (*SnpExtendedReportReqABI) Pointer added in v0.2.2

func (r *SnpExtendedReportReqABI) Pointer() unsafe.Pointer

Pointer returns a pointer so the object itself.

type SnpReportReqABI added in v0.2.2

type SnpReportReqABI struct {
	// ReportData to be included in the report
	ReportData [64]uint8

	// Vmpl is the SEV-SNP VMPL level to be included in the report.
	// The kernel must have access to the corresponding VMPCK.
	Vmpl uint32
	// contains filtered or unexported fields
}

SnpReportReqABI is Linux's sev-guest ioctl abi for sending a GET_REPORT request. See include/uapi/linux/sev-guest.h

func (*SnpReportReqABI) ABI added in v0.2.2

ABI returns the same object since it doesn't need a separate representation across the interface.

func (*SnpReportReqABI) Finish added in v0.2.2

Finish is a no-op.

func (*SnpReportReqABI) Pointer added in v0.2.2

func (r *SnpReportReqABI) Pointer() unsafe.Pointer

Pointer returns a pointer to the object itself.

type SnpReportRespABI added in v0.2.2

type SnpReportRespABI struct {
	Status     uint32
	ReportSize uint32

	// Data is the response data, see SEV-SNP spec for the format
	Data [SnpReportRespReportSize]uint8
	// contains filtered or unexported fields
}

SnpReportRespABI is Linux's sev-guest ioctl abi for receiving a GET_REPORT response. The size is expected to be snpReportRespSize.

func (*SnpReportRespABI) ABI added in v0.2.2

ABI returns the same object since it doesn't need a separate representation across the interface.

func (*SnpReportRespABI) Finish added in v0.2.2

Finish checks the status of the message and translates it to a Golang error.

func (*SnpReportRespABI) Pointer added in v0.2.2

func (r *SnpReportRespABI) Pointer() unsafe.Pointer

Pointer returns a pointer to the object itself.

type SnpUserGuestRequest

type SnpUserGuestRequest struct {
	// Request and response structure address.
	ReqData  BinaryConvertible
	RespData BinaryConvertible
	// firmware error code on failure (see psp-sev.h in Linux kernel)
	FwErr uint64
}

SnpUserGuestRequest is Linux's sev-guest ioctl interface for issuing a guest message. The types here enhance runtime safety when using Ioctl as an interface.

func (*SnpUserGuestRequest) ABI added in v0.2.2

ABI returns an object that can cross the ABI boundary and copy back changes to the original object.

type SnpUserGuestRequestABI added in v0.2.2

type SnpUserGuestRequestABI struct {
	GuestMsgVersion uint32
	// Request and response structure address.
	ReqData  unsafe.Pointer
	RespData unsafe.Pointer
	// firmware error code on failure (see psp-sev.h in Linux kernel)
	FwErr uint64
}

SnpUserGuestRequestABI is Linux's sev-guest ioctl abi for issuing a guest message.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL