PowerVM provides an isolated Platform KeyStore(PKS)[1] storage allocation for each partition(LPAR) with individually managed access controls to store sensitive information securely. The Linux Kernel can access this storage by interfacing with the hypervisor using a new set of hypervisor calls.
This storage can be used for multiple purposes. The current two usecases are: 1. Guest Secure Boot on PowerVM[2] 2. Self Encrypting Drives(SED) on PowerVM[3] Initially, the PowerVM LPAR Platform KeyStore(PLPKS) driver was defined as part of RFC patches which included the user interface design for guest secure boot[2]. While this interface is still in progress, the same driver is also required for Self Encrypting Drives(SED) support. For this reason, the driver is being split from the patchset[1] and is now separately posted with SED arch-specific code. This patchset provides driver for PowerVM LPAR Platform KeyStore and also arch-specific code for SED to make use of it. The dependency patch from patch series[3] is moved to this patchset. This patchset now builds completely of its own. [1]https://community.ibm.com/community/user/power/blogs/chris-engel1/2020/11/20/powervm-introduces-the-platform-keystore [2]https://lore.kernel.org/linuxppc-dev/20220622215648.96723-1-na...@linux.ibm.com/ [3]https://lore.kernel.org/keyrings/20220718210156.1535955-1-gjo...@linux.vnet.ibm.com/T/#m8e7b2cbbd26ee1de711bd70967fd0124c85c479f Changelog: v2: * Include feedback from Gregory Joyce, Eric Richter and Murilo Opsfelder Araújo. * Include suggestions from Michael Ellerman. * Moved a dependency from generic SED code to this patchset. This patchset now builds of its own. Greg Joyce (2): lib: define generic accessor functions for arch specific keystore powerpc/pseries: Override lib/arch_vars.c with PowerPC architecture specific version Nayna Jain (1): powerpc/pseries: define driver for Platform KeyStore arch/powerpc/include/asm/hvcall.h | 11 + arch/powerpc/platforms/pseries/Kconfig | 13 + arch/powerpc/platforms/pseries/Makefile | 2 + arch/powerpc/platforms/pseries/plpks.c | 460 ++++++++++++++++++ arch/powerpc/platforms/pseries/plpks.h | 71 +++ .../platforms/pseries/plpks_arch_ops.c | 166 +++++++ include/linux/arch_vars.h | 23 + lib/Makefile | 2 +- lib/arch_vars.c | 25 + 9 files changed, 772 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/platforms/pseries/plpks.c create mode 100644 arch/powerpc/platforms/pseries/plpks.h create mode 100644 arch/powerpc/platforms/pseries/plpks_arch_ops.c create mode 100644 include/linux/arch_vars.h create mode 100644 lib/arch_vars.c -- 2.27.0
