KVM: Define SEV key management command id

Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM spec
0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf)
and Documentation/virtual/kvm/amd-memory-encryption.txt.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Improvements-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>

1 files changed, 80 insertions, 0 deletions

diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index c8c65190907d..571431d3384b 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1369,6 +1369,86 @@ struct kvm_enc_region {
 #define KVM_MEMORY_ENCRYPT_REG_REGION    _IOR(KVMIO, 0xbb, struct kvm_enc_region)
 #define KVM_MEMORY_ENCRYPT_UNREG_REGION  _IOR(KVMIO, 0xbc, struct kvm_enc_region)
 
+/* Secure Encrypted Virtualization command */
+enum sev_cmd_id {
+        /* Guest initialization commands */
+        KVM_SEV_INIT = 0,
+        KVM_SEV_ES_INIT,
+        /* Guest launch commands */
+        KVM_SEV_LAUNCH_START,
+        KVM_SEV_LAUNCH_UPDATE_DATA,
+        KVM_SEV_LAUNCH_UPDATE_VMSA,
+        KVM_SEV_LAUNCH_SECRET,
+        KVM_SEV_LAUNCH_MEASURE,
+        KVM_SEV_LAUNCH_FINISH,
+        /* Guest migration commands (outgoing) */
+        KVM_SEV_SEND_START,
+        KVM_SEV_SEND_UPDATE_DATA,
+        KVM_SEV_SEND_UPDATE_VMSA,
+        KVM_SEV_SEND_FINISH,
+        /* Guest migration commands (incoming) */
+        KVM_SEV_RECEIVE_START,
+        KVM_SEV_RECEIVE_UPDATE_DATA,
+        KVM_SEV_RECEIVE_UPDATE_VMSA,
+        KVM_SEV_RECEIVE_FINISH,
+        /* Guest status and debug commands */
+        KVM_SEV_GUEST_STATUS,
+        KVM_SEV_DBG_DECRYPT,
+        KVM_SEV_DBG_ENCRYPT,
+        /* Guest certificates commands */
+        KVM_SEV_CERT_EXPORT,
+
+        KVM_SEV_NR_MAX,
+};
+
+struct kvm_sev_cmd {
+        __u32 id;
+        __u64 data;
+        __u32 error;
+        __u32 sev_fd;
+};
+
+struct kvm_sev_launch_start {
+        __u32 handle;
+        __u32 policy;
+        __u64 dh_uaddr;
+        __u32 dh_len;
+        __u64 session_uaddr;
+        __u32 session_len;
+};
+
+struct kvm_sev_launch_update_data {
+        __u64 uaddr;
+        __u32 len;
+};
+
+
+struct kvm_sev_launch_secret {
+        __u64 hdr_uaddr;
+        __u32 hdr_len;
+        __u64 guest_uaddr;
+        __u32 guest_len;
+        __u64 trans_uaddr;
+        __u32 trans_len;
+};
+
+struct kvm_sev_launch_measure {
+        __u64 uaddr;
+        __u32 len;
+};
+
+struct kvm_sev_guest_status {
+        __u32 handle;
+        __u32 policy;
+        __u32 state;
+};
+
+struct kvm_sev_dbg {
+        __u64 src_uaddr;
+        __u64 dst_uaddr;
+        __u32 len;
+};
+
 #define KVM_DEV_ASSIGN_ENABLE_IOMMU     (1 << 0)
 #define KVM_DEV_ASSIGN_PCI_2_3          (1 << 1)
 #define KVM_DEV_ASSIGN_MASK_INTX        (1 << 2)