AMD Secure Processor Support In Linux 4.14

The crypto subsystem updates have been pulled in for the Linux 4.14 kernel and it includes more complete AMD Secure Processor support, among other changes.

The mainline Linux kernel has already supported the AMD Cryptographic Coprocessor (CCP) for encryption, hashing, and other features. With Linux 4.14 the CCP support is still around along with the Platform Security Processor (PSP) device support. This support is still exposed via the CRYPTO_DEV_CCP Kconfig switch and new CRYPTO_DEV_SP_CCP while is now advertised as just "Support for AMD Secure Processor" rather than just "AMD Cryptographic Coprocessor."

Among the uses for the AMD Secure Processor are for use with the AMD Secure Encrypted Virtualization (SEV) for key management and for Trusted Execution Environments (TEE; there's a new TEE subsystem in Linux as of 4.12). Among the CCP crypto additions in Linux 4.14 is support for RSA and then for v5 CCP hardware is allowing RSA, XSTS-AES-128, and XTS-AES-256. Also queued up for Linux 4.14 as well is the AMD Secure Memory Encryption (SME) support as found on EPYC CPUs.

The AMD Secure Processor is built off ARM TrustZone technology with an ARM Cortex-A5 being embedded into recent APUs and CPUs. With the new AMD EPYC 7000 series there is an AES-128 engine support and the SME and SEV support, among other capabilities.

Other crypto work for the Linux 4.14 kernel include a STM32 HASH module, Microchip / Atmel ECC driver, Freescale RNGC hardware random number generator support, and other changes. The updated code is here.