$ make V=1
or
$ make V=2

These can be used to easily build targets in verbose mode. That can be
helpful for debugging. Currently we support V=1 or V=2 (the biggest is
the most verbose).

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Both functions are used to send SNP_GUEST_REQUEST messages to the PSP, but the
guest_ext_request() includes an extended request to the hypervisor. More
information can be found in the AMD GHCB specification.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Export the VMPCK size to be used in other crates.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Add a generic interface for AES-256 GCM encryption and decryption. They are
both required for requesting an attestation report.

With this interface we should be able to keep the crypto code isolated in
crates and also easily choose which crypto implementation should be
compiled-in.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Add a RustCrypto-based implementation for the SVSM Aes256GCM trait.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

These structures are used in the SNP_GUEST_REQUEST communication between the
guest and the PSP; their implementation follow the AMD SEV-SNP specification,
chapter 7.

The SnpGuestRequestMsg is used to carry a SNP_GUEST_REQUEST command or response
in the payload, which is encrypted using AES-256 GCM. This message can't be
tampered with by the hypervisor because only the PSP and the guest have access
to the key to decrypt the payload.

An extended SNP_GUEST_REQUEST command also requests data from the hypervisor;
in this case, the SnpGuestRequestExtData is also provided. The hypervisor will
use it to store the requested data.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Add a driver to send SNP_GUEST_REQUEST commands to the PSP. The command can be
any of the request or response command types defined in the SEV-SNP spec,
regardless if it's a regular or an extended command.

The send_regular_guest_request() and send_extended_guest_request() functions
can be used to send regular and extended commands, respectively.

guest_request_driver_init() is used to initialize the static driver instance.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

The panic handler is called when the SVSM state is not reliable any more.
Disable the VMPCK0 key to prevent it from being exploited.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>

Add get_regular_report() and get_extended_report(). They both call the
SNP_GUEST_REQUEST driver to request a VMPL0 attestation report, the difference
is that get_extended_report() also requests the SEV-SNP certificates needed to
verify the attestation report.

The get_extended_report() function will return an empty buffer if the SEV-SNP
certificates where not imported yet, but they can be imported from the host
using the github virtee/snphost project:

$ snphost import <PEM-files-directory>

For testing purposes, if you import PEM files that contain some random data,
you should be able to see the same random data when you call
get_extended_report() from the SVSM.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>