Commit 119da30d authored by Nayna Jain's avatar Nayna Jain Committed by Michael Ellerman

powerpc/pseries: Expose PLPKS config values, support additional fields

The plpks driver uses the H_PKS_GET_CONFIG hcall to retrieve configuration
and status information about the PKS from the hypervisor.

Update _plpks_get_config() to handle some additional fields. Add getter
functions to allow the PKS configuration information to be accessed from
other files. Validate that the values we're getting comply with the spec.

While we're here, move the config struct in _plpks_get_config() off the
stack - it's getting large and we also need to make sure it doesn't cross
a page boundary.
Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
[ajd: split patch, extend to support additional v3 API fields, minor fixes]
Co-developed-by: default avatarAndrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: default avatarAndrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: default avatarRussell Currey <ruscur@russell.cc>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230210080401.345462-17-ajd@linux.ibm.com
parent 3def7a3e
...@@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var); ...@@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var);
*/ */
int plpks_read_bootloader_var(struct plpks_var *var); int plpks_read_bootloader_var(struct plpks_var *var);
/**
* Returns if PKS is available on this LPAR.
*/
bool plpks_is_available(void);
/**
* Returns version of the Platform KeyStore.
*/
u8 plpks_get_version(void);
/**
* Returns hypervisor storage overhead per object, not including the size of
* the object or label. Only valid for config version >= 2
*/
u16 plpks_get_objoverhead(void);
/**
* Returns maximum password size. Must be >= 32 bytes
*/
u16 plpks_get_maxpwsize(void);
/**
* Returns maximum object size supported by Platform KeyStore.
*/
u16 plpks_get_maxobjectsize(void);
/**
* Returns maximum object label size supported by Platform KeyStore.
*/
u16 plpks_get_maxobjectlabelsize(void);
/**
* Returns total size of the configured Platform KeyStore.
*/
u32 plpks_get_totalsize(void);
/**
* Returns used space from the total size of the Platform KeyStore.
*/
u32 plpks_get_usedspace(void);
/**
* Returns bitmask of policies supported by the hypervisor.
*/
u32 plpks_get_supportedpolicies(void);
/**
* Returns maximum byte size of a single object supported by the hypervisor.
* Only valid for config version >= 3
*/
u32 plpks_get_maxlargeobjectsize(void);
/**
* Returns bitmask of signature algorithms supported for signed updates.
* Only valid for config version >= 3
*/
u64 plpks_get_signedupdatealgorithms(void);
#endif // CONFIG_PSERIES_PLPKS #endif // CONFIG_PSERIES_PLPKS
#endif // _ASM_POWERPC_PLPKS_H #endif // _ASM_POWERPC_PLPKS_H
...@@ -24,8 +24,16 @@ static u8 *ospassword; ...@@ -24,8 +24,16 @@ static u8 *ospassword;
static u16 ospasswordlength; static u16 ospasswordlength;
// Retrieved with H_PKS_GET_CONFIG // Retrieved with H_PKS_GET_CONFIG
static u8 version;
static u16 objoverhead;
static u16 maxpwsize; static u16 maxpwsize;
static u16 maxobjsize; static u16 maxobjsize;
static s16 maxobjlabelsize;
static u32 totalsize;
static u32 usedspace;
static u32 supportedpolicies;
static u32 maxlargeobjectsize;
static u64 signedupdatealgorithms;
struct plpks_auth { struct plpks_auth {
u8 version; u8 version;
...@@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, ...@@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name,
static int _plpks_get_config(void) static int _plpks_get_config(void)
{ {
unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
struct { struct config {
u8 version; u8 version;
u8 flags; u8 flags;
__be32 rsvd0; __be16 rsvd0;
__be16 objoverhead;
__be16 maxpwsize; __be16 maxpwsize;
__be16 maxobjlabelsize; __be16 maxobjlabelsize;
__be16 maxobjsize; __be16 maxobjsize;
__be32 totalsize; __be32 totalsize;
__be32 usedspace; __be32 usedspace;
__be32 supportedpolicies; __be32 supportedpolicies;
__be64 rsvd1; __be32 maxlargeobjectsize;
} __packed config; __be64 signedupdatealgorithms;
u8 rsvd1[476];
} __packed * config;
size_t size; size_t size;
int rc; int rc = 0;
size = sizeof(*config);
// Config struct must not cross a page boundary. So long as the struct
// size is a power of 2, this should be fine as alignment is guaranteed
config = kzalloc(size, GFP_KERNEL);
if (!config) {
rc = -ENOMEM;
goto err;
}
rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size);
if (rc != H_SUCCESS) {
rc = pseries_status_to_err(rc);
goto err;
}
version = config->version;
objoverhead = be16_to_cpu(config->objoverhead);
maxpwsize = be16_to_cpu(config->maxpwsize);
maxobjsize = be16_to_cpu(config->maxobjsize);
maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize);
totalsize = be32_to_cpu(config->totalsize);
usedspace = be32_to_cpu(config->usedspace);
supportedpolicies = be32_to_cpu(config->supportedpolicies);
maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize);
signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms);
// Validate that the numbers we get back match the requirements of the spec
if (maxpwsize < 32) {
pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize);
rc = -EIO;
goto err;
}
if (maxobjlabelsize < 255) {
pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n",
maxobjlabelsize);
rc = -EIO;
goto err;
}
size = sizeof(config); if (totalsize < 4096) {
pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize);
rc = -EIO;
goto err;
}
if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) {
pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize);
rc = -EIO;
goto err;
}
err:
kfree(config);
return rc;
}
u8 plpks_get_version(void)
{
return version;
}
rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(&config), size); u16 plpks_get_objoverhead(void)
{
return objoverhead;
}
if (rc != H_SUCCESS) u16 plpks_get_maxpwsize(void)
return pseries_status_to_err(rc); {
return maxpwsize;
}
maxpwsize = be16_to_cpu(config.maxpwsize); u16 plpks_get_maxobjectsize(void)
maxobjsize = be16_to_cpu(config.maxobjsize); {
return maxobjsize;
}
u16 plpks_get_maxobjectlabelsize(void)
{
return maxobjlabelsize;
}
u32 plpks_get_totalsize(void)
{
return totalsize;
}
u32 plpks_get_usedspace(void)
{
// Unlike other config values, usedspace regularly changes as objects
// are updated, so we need to refresh.
int rc = _plpks_get_config();
if (rc) {
pr_err("Couldn't get config, rc: %d\n", rc);
return 0;
}
return usedspace;
}
u32 plpks_get_supportedpolicies(void)
{
return supportedpolicies;
}
u32 plpks_get_maxlargeobjectsize(void)
{
return maxlargeobjectsize;
}
u64 plpks_get_signedupdatealgorithms(void)
{
return signedupdatealgorithms;
}
bool plpks_is_available(void)
{
int rc;
rc = _plpks_get_config();
if (rc)
return false;
return 0; return true;
} }
static int plpks_confirm_object_flushed(struct label *label, static int plpks_confirm_object_flushed(struct label *label,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment