Documentation ¶
Overview ¶
Package linuxabi describes the /dev/sev-guest ioctl command ABI.
Index ¶
Constants ¶
const ( // IocSnpGetReport is the ioctl command for getting an attestation report IocSnpGetReport = iocSnpWithoutNr | (0x0 << iocNrshift) // IocSnpGetDerivedKey is the ioctl command for getting a key derived from measured components and // either the VCEK or VMRK. IocSnpGetDerivedKey = iocSnpWithoutNr | (0x1 << iocNrshift) // IocSnpGetReport is the ioctl command for getting an extended attestation report that includes // certificate information. IocSnpGetExtendedReport = iocSnpWithoutNr | (0x2 << iocNrshift) SnpReportRespReportSize = snpResportRespSize - msgReportReqHeaderSize )
ioctl bits for x86-64
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BinaryConversion ¶ added in v0.2.2
type BinaryConversion interface { Pointer() unsafe.Pointer Finish(BinaryConvertible) error }
BinaryConversion is an interface that abstracts a "stand-in" object that passes through an ABI boundary and can finalize changes to the original object.
type BinaryConvertible ¶ added in v0.2.2
type BinaryConvertible interface {
ABI() BinaryConversion
}
BinaryConvertible is an interface for an object that can produce a partner BinaryConversion object to allow its representation to pass the ABI boundary.
type EsResult ¶
type EsResult int
EsResult is the status code type for Linux's GHCB communication results.
const ( // EsOk denotes success. EsOk EsResult = iota // EsUnsupported denotes that the requested operation is not supported. EsUnsupported // EsVmmError denotes that the virtual machine monitor was in an unexpected state. EsVmmError // EsDecodeFailed denotes that instruction decoding failed. EsDecodeFailed // EsException denotes that the GHCB communication caused an exception. EsException // EsRetry is the code for a retry instruction emulation EsRetry )
type SevEsErr ¶
type SevEsErr struct {
Result EsResult
}
SevEsErr is an error that interprets SEV-ES guest-host communication results.
type SnpDerivedKeyReqABI ¶ added in v0.2.3
type SnpDerivedKeyReqABI struct { // RootKeySelect is all reserved bits except bit 0 for UseVMRK (1) or UseVCEK (0). RootKeySelect uint32 GuestFieldSelect uint64 // Vmpl to mix into the key. Must be greater than or equal to current Vmpl. Vmpl uint32 // GuestSVN to mix into the key. Must be less than or equal to GuestSVN at launch. GuestSVN uint32 // TCBVersion to mix into the key. Must be less than or equal to the CommittedTcb. TCBVersion uint64 // contains filtered or unexported fields }
SnpDerivedKeyReqABI is the ABI representation of a request to the SEV guest device to derive a key from specified information.
func (*SnpDerivedKeyReqABI) ABI ¶ added in v0.2.3
func (r *SnpDerivedKeyReqABI) ABI() BinaryConversion
ABI returns the ABI representation of this object.
func (*SnpDerivedKeyReqABI) Finish ¶ added in v0.2.3
func (r *SnpDerivedKeyReqABI) Finish(BinaryConvertible) error
Finish is a no-op.
func (*SnpDerivedKeyReqABI) Pointer ¶ added in v0.2.3
func (r *SnpDerivedKeyReqABI) Pointer() unsafe.Pointer
Pointer returns a pointer to the object.
type SnpDerivedKeyRespABI ¶ added in v0.2.3
type SnpDerivedKeyRespABI struct { Status uint32 Data [32]byte // contains filtered or unexported fields }
SnpDerivedKeyRespABI represents the response to an SnpDerivedKeyReq.
func (*SnpDerivedKeyRespABI) ABI ¶ added in v0.2.3
func (r *SnpDerivedKeyRespABI) ABI() BinaryConversion
ABI returns the object itself.
func (*SnpDerivedKeyRespABI) Finish ¶ added in v0.2.3
func (r *SnpDerivedKeyRespABI) Finish(BinaryConvertible) error
Finish is a no-op.
func (*SnpDerivedKeyRespABI) Pointer ¶ added in v0.2.3
func (r *SnpDerivedKeyRespABI) Pointer() unsafe.Pointer
Pointer returns a pointer to the object itself.
type SnpExtendedReportReq ¶
type SnpExtendedReportReq struct { Data SnpReportReqABI // Certs receives the certificate blob after the extended report request. Certs []byte // CertsLength is the length of the certificate blob. CertsLength uint32 }
SnpExtendedReportReq is close to Linux's sev-guest ioctl abi for sending a GET_EXTENDED_REPORT request, but uses safer types for the Ioctl interface.
func (*SnpExtendedReportReq) ABI ¶ added in v0.2.2
func (r *SnpExtendedReportReq) ABI() BinaryConversion
ABI returns an object that can cross the ABI boundary and copy back changes to the original object.
type SnpExtendedReportReqABI ¶ added in v0.2.2
type SnpExtendedReportReqABI struct { Data SnpReportReqABI // Where to copy the certificate blob. CertsAddress unsafe.Pointer // length of the certificate blob CertsLength uint32 }
SnpExtendedReportReqABI is Linux's sev-guest ioctl abi for sending a GET_EXTENDED_REPORT request.
func (*SnpExtendedReportReqABI) Finish ¶ added in v0.2.2
func (r *SnpExtendedReportReqABI) Finish(b BinaryConvertible) error
Finish writes back the changed CertsLength value.
func (*SnpExtendedReportReqABI) Pointer ¶ added in v0.2.2
func (r *SnpExtendedReportReqABI) Pointer() unsafe.Pointer
Pointer returns a pointer so the object itself.
type SnpReportReqABI ¶ added in v0.2.2
type SnpReportReqABI struct { // ReportData to be included in the report ReportData [64]uint8 // Vmpl is the SEV-SNP VMPL level to be included in the report. // The kernel must have access to the corresponding VMPCK. Vmpl uint32 // contains filtered or unexported fields }
SnpReportReqABI is Linux's sev-guest ioctl abi for sending a GET_REPORT request. See include/uapi/linux/sev-guest.h
func (*SnpReportReqABI) ABI ¶ added in v0.2.2
func (r *SnpReportReqABI) ABI() BinaryConversion
ABI returns the same object since it doesn't need a separate representation across the interface.
func (*SnpReportReqABI) Finish ¶ added in v0.2.2
func (r *SnpReportReqABI) Finish(b BinaryConvertible) error
Finish is a no-op.
func (*SnpReportReqABI) Pointer ¶ added in v0.2.2
func (r *SnpReportReqABI) Pointer() unsafe.Pointer
Pointer returns a pointer to the object itself.
type SnpReportRespABI ¶ added in v0.2.2
type SnpReportRespABI struct { Status uint32 ReportSize uint32 // Data is the response data, see SEV-SNP spec for the format Data [SnpReportRespReportSize]uint8 // contains filtered or unexported fields }
SnpReportRespABI is Linux's sev-guest ioctl abi for receiving a GET_REPORT response. The size is expected to be snpReportRespSize.
func (*SnpReportRespABI) ABI ¶ added in v0.2.2
func (r *SnpReportRespABI) ABI() BinaryConversion
ABI returns the same object since it doesn't need a separate representation across the interface.
func (*SnpReportRespABI) Finish ¶ added in v0.2.2
func (r *SnpReportRespABI) Finish(b BinaryConvertible) error
Finish checks the status of the message and translates it to a Golang error.
func (*SnpReportRespABI) Pointer ¶ added in v0.2.2
func (r *SnpReportRespABI) Pointer() unsafe.Pointer
Pointer returns a pointer to the object itself.
type SnpUserGuestRequest ¶
type SnpUserGuestRequest struct { // Request and response structure address. ReqData BinaryConvertible RespData BinaryConvertible // firmware error code on failure (see psp-sev.h in Linux kernel) FwErr uint64 }
SnpUserGuestRequest is Linux's sev-guest ioctl interface for issuing a guest message. The types here enhance runtime safety when using Ioctl as an interface.
func (*SnpUserGuestRequest) ABI ¶ added in v0.2.2
func (r *SnpUserGuestRequest) ABI() BinaryConversion
ABI returns an object that can cross the ABI boundary and copy back changes to the original object.
type SnpUserGuestRequestABI ¶ added in v0.2.2
type SnpUserGuestRequestABI struct { GuestMsgVersion uint32 // Request and response structure address. ReqData unsafe.Pointer RespData unsafe.Pointer // firmware error code on failure (see psp-sev.h in Linux kernel) FwErr uint64 }
SnpUserGuestRequestABI is Linux's sev-guest ioctl abi for issuing a guest message.