1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Confidential Computing Platform Capability checks
4 *
5 * Copyright (C) 2021 Advanced Micro Devices, Inc.
6 *
7 * Author: Tom Lendacky <thomas.lendacky@amd.com>
8 */
9
10#ifndef _LINUX_CC_PLATFORM_H
11#define _LINUX_CC_PLATFORM_H
12
13#include <linux/types.h>
14#include <linux/stddef.h>
15
16/**
17 * enum cc_attr - Confidential computing attributes
18 *
19 * These attributes represent confidential computing features that are
20 * currently active.
21 */
22enum cc_attr {
23 /**
24 * @CC_ATTR_MEM_ENCRYPT: Memory encryption is active
25 *
26 * The platform/OS is running with active memory encryption. This
27 * includes running either as a bare-metal system or a hypervisor
28 * and actively using memory encryption or as a guest/virtual machine
29 * and actively using memory encryption.
30 *
31 * Examples include SME, SEV and SEV-ES.
32 */
33 CC_ATTR_MEM_ENCRYPT,
34
35 /**
36 * @CC_ATTR_HOST_MEM_ENCRYPT: Host memory encryption is active
37 *
38 * The platform/OS is running as a bare-metal system or a hypervisor
39 * and actively using memory encryption.
40 *
41 * Examples include SME.
42 */
43 CC_ATTR_HOST_MEM_ENCRYPT,
44
45 /**
46 * @CC_ATTR_GUEST_MEM_ENCRYPT: Guest memory encryption is active
47 *
48 * The platform/OS is running as a guest/virtual machine and actively
49 * using memory encryption.
50 *
51 * Examples include SEV and SEV-ES.
52 */
53 CC_ATTR_GUEST_MEM_ENCRYPT,
54
55 /**
56 * @CC_ATTR_GUEST_STATE_ENCRYPT: Guest state encryption is active
57 *
58 * The platform/OS is running as a guest/virtual machine and actively
59 * using memory encryption and register state encryption.
60 *
61 * Examples include SEV-ES.
62 */
63 CC_ATTR_GUEST_STATE_ENCRYPT,
64
65 /**
66 * @CC_ATTR_GUEST_UNROLL_STRING_IO: String I/O is implemented with
67 * IN/OUT instructions
68 *
69 * The platform/OS is running as a guest/virtual machine and uses
70 * IN/OUT instructions in place of string I/O.
71 *
72 * Examples include TDX guest & SEV.
73 */
74 CC_ATTR_GUEST_UNROLL_STRING_IO,
75
76 /**
77 * @CC_ATTR_SEV_SNP: Guest SNP is active.
78 *
79 * The platform/OS is running as a guest/virtual machine and actively
80 * using AMD SEV-SNP features.
81 */
82 CC_ATTR_GUEST_SEV_SNP,
83
84 /**
85 * @CC_ATTR_GUEST_SNP_SECURE_TSC: SNP Secure TSC is active.
86 *
87 * The platform/OS is running as a guest/virtual machine and actively
88 * using AMD SEV-SNP Secure TSC feature.
89 */
90 CC_ATTR_GUEST_SNP_SECURE_TSC,
91
92 /**
93 * @CC_ATTR_HOST_SEV_SNP: AMD SNP enabled on the host.
94 *
95 * The host kernel is running with the necessary features
96 * enabled to run SEV-SNP guests.
97 */
98 CC_ATTR_HOST_SEV_SNP,
99
100 /**
101 * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active.
102 *
103 * The host kernel is running with the necessary features enabled
104 * to run SEV-SNP guests with full Secure AVIC capabilities.
105 */
106 CC_ATTR_SNP_SECURE_AVIC,
107};
108
109#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
110
111/**
112 * cc_platform_has() - Checks if the specified cc_attr attribute is active
113 * @attr: Confidential computing attribute to check
114 *
115 * The cc_platform_has() function will return an indicator as to whether the
116 * specified Confidential Computing attribute is currently active.
117 *
118 * Context: Any context
119 * Return:
120 * * TRUE - Specified Confidential Computing attribute is active
121 * * FALSE - Specified Confidential Computing attribute is not active
122 */
123bool cc_platform_has(enum cc_attr attr);
124void cc_platform_set(enum cc_attr attr);
125void cc_platform_clear(enum cc_attr attr);
126
127#else /* !CONFIG_ARCH_HAS_CC_PLATFORM */
128
129static inline bool cc_platform_has(enum cc_attr attr) { return false; }
130static inline void cc_platform_set(enum cc_attr attr) { }
131static inline void cc_platform_clear(enum cc_attr attr) { }
132
133#endif /* CONFIG_ARCH_HAS_CC_PLATFORM */
134
135#endif /* _LINUX_CC_PLATFORM_H */
136