• Harald Freudenberger's avatar
    s390/pkey: Add function to enforce pkey handler modules load · 177b621b
    Harald Freudenberger authored
    There is a use case during early boot with an secure key encrypted
    root file system where the paes cipher may try to derive a protected
    key from secure key while the AP bus is still in the process of
    scanning the bus and building up the zcrypt device drivers. As the
    detection of CEX cards also triggers the modprobe of the pkey handler
    modules, these modules may come into existence too late.
    
    Yet another use case happening during early boot is for use of an
    protected key encrypted swap file(system). There is an ephemeral
    protected key read via sysfs to set up the swap file. But this only
    works when the pkey_pckmo module is already in - which may happen at a
    later time as the load is triggered via CPU feature.
    
    This patch introduces a new function pkey_handler_request_modules()
    and invokes it which unconditional tries to load in the pkey handler
    modules. This function is called for the in-kernel API to derive a
    protected key from whatever and in the sysfs API when the first
    attempt to simple invoke the handler function failed.
    Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
    Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    177b621b
pkey_base.c 8 KB