From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../powerpc/{platforms/pseries
format is expected to be the same, so there shouldn't be any
functional differences between objects retrieved from powernv and
pseries.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
v4: Pass format buffer size (stefanb, npiggin)
---
.../integrity
ff-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index 796ed5544ee5..96a026a37285 100644
--- a/arch/powerpc/plat
lit patch, extend to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_get_usedspace() (ajd)
dling and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Fix error code handling in plpks_confirm_object_flushed() (ruscur)
Pass plpks_var stru
s worth of write buffer at a time, and the
hypervisor does not expose an interface for partial writes.)
Co-developed-by: Nayna Jain
Signed-off-by: Nayna Jain
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v2: Remove unnecessary config vars from
-off-by: Andrew Donnellan
---
v3: New patch
v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch)
Fix error handling on fdt_path_offset() call (ruscur)
---
arch/powerpc/kexec/file_load_64.c | 18 ++
arch/powerpc/platforms/pseries/plpks.c | 18 +-
2
e keyrings.
However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.
Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch
--
From: Russell Currey
A few improvements to load_powerpc.c:
- include integrity.h for the pr_fmt()
- move all error reporting out of get_cert_list()
- use ERR_PTR() to better preserve error detail
- don't use pr_err() for missing keys
Signed-off-by: Russell Currey
Signed-off-by: A
data to NULL and var->datalen will be populated. Update header file
to document this.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (mpe)
---
arch/powerpc/include/asm/plpks.h | 12
arch/powerpc/platforms/p
: Sudhakar Kuppusamy
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 6dd9b4f6f87c..33d1797851ba 100644
Signed-off-by: Andrew Donnellan
---
v3: Change uint64_t type to u64 (mpe)
v4: Return immediately if node is NULL (gjoyce)
---
arch/powerpc/include/asm/secvar.h| 1 +
arch/powerpc/kernel/secvar-sysfs.c | 17 +++
arch/powerpc/platforms/powernv/opal-secvar.c | 22
return of_remove_property(of_chosen, prop);
>
> Why do you remove the property afterward?
Because otherwise the password will be sitting around in /proc/device-
tree for the world to go and read.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
pal_secvar_format() doesn't return "ibm,secvar-backend", it searches
for the device tree node named "ibm,secvar-backend", then reads and
returns the contents of the property "format" under that node.
The expected content of the format property is "ibm,edk2-compat-v1".
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
d_auxv_entry(int type, char *auxv)
> @@ -142,65 +181,40 @@ bool is_ppc64le(void)
> int read_sysfs_file(char *fpath, char *result, size_t result_size)
> {
> char path[PATH_MAX] = "/sys/";
> - int rc = -1, fd;
>
> strncat(path, fpath, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_RDONLY)) < 0)
> - return rc;
> -
> - rc = read(fd, result, result_size);
> -
> - close(fd);
> -
> - if (rc < 0)
> - return rc;
> -
> - return 0;
> + return read_file(path, result, result_size, NULL);
> }
>
> int read_debugfs_file(char *debugfs_file, int *result)
> {
> - int rc = -1, fd;
> + int err;
> char path[PATH_MAX];
> - char value[16];
> + char value[16] = {0};
>
> strcpy(path, "/sys/kernel/debug/");
> strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_RDONLY)) < 0)
> - return rc;
> -
> - if ((rc = read(fd, value, sizeof(value))) < 0)
> - return rc;
> + if ((err = read_file(path, value, sizeof(value) - 1, NULL)))
> + return err;
>
> - value[15] = 0;
> *result = atoi(value);
> - close(fd);
>
> return 0;
> }
>
> int write_debugfs_file(char *debugfs_file, int result)
> {
> - int rc = -1, fd;
> char path[PATH_MAX];
> char value[16];
>
> strcpy(path, "/sys/kernel/debug/");
> strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_WRONLY)) < 0)
> - return rc;
> -
> snprintf(value, 16, "%d", result);
>
> - if ((rc = write(fd, value, strlen(value))) < 0)
> - return rc;
> -
> - close(fd);
> -
> - return 0;
> + return write_file(path, value, strlen(value));
> }
>
> static long perf_event_open(struct perf_event_attr *hw_event, pid_t
> pid,
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
njamin Gray
This seems like a sensible idea.
Nitpick below, otherwise it looks like you have changed over all 21
call sites and the new helpers look better.
Reviewed-by: Andrew Donnellan
> -int read_debugfs_file(char *debugfs_file, int *result)
> +int read_debugfs_int(const char *d
izes which are a power of
two, the alignment is also guaranteed to be at least the respective
size.
Is this wrong?
Andrew
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
/flexible_array.cocci.
Cc: Nathan Lynch
Cc: Leonardo Bras
Cc: linux-harden...@vger.kernel.org
Link: https://github.com/KSPP/linux/issues/21
Link: https://github.com/KSPP/linux/issues/79
Signed-off-by: Andrew Donnellan
---
arch/powerpc/include/asm/rtas-types.h | 4 ++--
1 file changed, 2 insertions(+), 2
out secvar or secure boot).
I think the comment confuses more than it clarifies, I'll remove it.
As you say, read_var() should work fine with component == NULL, though
write_var() checks it. The only rule I can find in the spec is that
signed update calls *must* set the component to NULL. I'm seeking
clarification on that.
> > +EXPORT_SYMBOL(plpks_signed_update_var);
>
> Sorry I missed it before -- can this be a _GPL export?
Indeed it should be - actually, I should check if I can get rid of the
export completely...
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
clarify in the commit message of the next revision.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
ng a real
error.
I plan to keep this as is for the next revision, but I'm happy to
change it if there's a strong objection, it could go either way.
>
> > + goto err;
> > + }
> > +
> > + // This string is made up by us - the hype
On Tue, 2023-01-31 at 13:54 +1100, Andrew Donnellan wrote:
> > > +{
> > > + // The max object size reported by the hypervisor is
> > > accurate for the
> > > + // object itself, but we use the first 8 bytes of data on
> > > write as the
>
pace via sysfs"), but the return code of
secvar_sysfs_load() was never checked so this issue never mattered.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v5: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
eeding to expose more, we
can add them later and update the docs.
Use sysfs_emit() instead of sprintf() for all sysfs strings
Change the size of the sysfs binary attributes to include the 8-byte
flags header, preventing truncation of large writes.
Andrew Donnellan (8):
powerpc/pser
size).
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
Reviewed-by: Russell Currey
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
v4: F
urned to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
Tested-by: Russell Currey
Reviewed-by: Russell Currey
From: Russell Currey
The secvar format string and object size sysfs files are both ASCII
text, and should use sysfs_emit(). No functional change.
Suggested-by: Greg Kroah-Hartman
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v2: New patch (gregkh)
---
arch/powerpc
: Sudhakar Kuppusamy
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 9b6be63b7b36..ca3df3f7156c 100644
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New
From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../powerpc/{platforms/pseries
implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Remove unnecessary "secvar:" prefix from error messages (ajd)
Merge config attri
chael Ellerman
Reviewed-by: Russell Currey
Reviewed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Include new patch
---
arch/powerpc/include/asm/secvar.h| 9 +++--
arch/powerpc/kernel/secvar-sysfs.c | 8
arch/powerpc/platforms/powernv
lit patch, extend to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_get_usedspace() (ajd)
urrey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../integrity/platform_certs/load_powerpc.c | 26 ++-
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/security/integrity/platform_certs/load_powerpc.c
b/security/integrity/platform_certs/load_powerpc.c
From: Russell Currey
Add helper function to get the PLPKS password length. This will be used
in a later patch to support passing the password between kernels over
kexec.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
v5: Drop plpks_get_password() since we
e keyrings.
However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.
Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch
Signed-off-by: Andrew Donnellan
---
v3: New patch
v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch)
Fix error handling on fdt_path_offset() call (ruscur)
v5: Fix DT property name in commit message (npiggin)
Clear prop in FDT during init to prevent password exposure (mpe
ff-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index cee06fb9a370..e5755443d4a4 100644
--- a/arch/powerpc/plat
e with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as
compatible strings.)
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
v4: Pass format buffer size (stefanb, npiggin)
v5: Use sizeof(buf) rather than stating the size twice (np
s worth of write buffer at a time, and the
hypervisor does not expose an interface for partial writes.)
Co-developed-by: Nayna Jain
Signed-off-by: Nayna Jain
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v2: Remove unnecessary config vars from
From: Russell Currey
Move the constants defined in plpks.c to plpks.h, and standardise their
naming, so that PLPKS consumers can make use of them later on.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc
dling and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Fix error code handling in plpks_confirm_object_flushed() (ruscur)
Pass plpks_var stru
ead, let the backend put
a NULL-terminated array of variable names into secvar_ops->var_names,
which will be used if get_next() is undefined.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (ajd/mpe)
---
arch/powerpc/include/asm/secvar.h | 4 ++
arch/powerpc/
From: Russell Currey
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic. No functional change.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
--
data to NULL and var->datalen will be populated. Update header file
to document this.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (mpe)
---
arch/powerpc/include/asm/plpks.h | 12
arch/powerpc/platforms/p
Signed-off-by: Andrew Donnellan
---
v3: Change uint64_t type to u64 (mpe)
v4: Return immediately if node is NULL (gjoyce)
---
arch/powerpc/include/asm/secvar.h| 1 +
arch/powerpc/kernel/secvar-sysfs.c | 17 +++
arch/powerpc/platforms/powernv/opal-secvar.c | 22
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.
It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.
Signed-off-by: Andrew Donnellan
Signed-off-by: Ru
From: Russell Currey
The secvar code only supports one consumer at a time.
Multiple consumers aren't possible at this point in time, but we'd want
it to be obvious if it ever could happen.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew
uiring special pointers.
Indeed, I was confused - in the read case, the buffer doesn't get
directly passed to the hcall.
I'll wait a little bit longer for more feedback on v5 of this series
and maybe fix this in v6 if mpe thinks I should respin it again.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
; + // We only want to perform the write if we have at least
> > one byte of data.
> > + if (data_size <= sizeof(flags))
> > + return -EINVAL;
> > +
> > + // We subtract 1 from key_len because we don't need to
> > include the
> > + // null terminator at the end of the string
> > + var.name = kcalloc(key_len - 1, sizeof(wchar_t),
> > GFP_KERNEL);
> here I would think that it should be key_len * 2 - 1 since
> utf8s_to_utf16s presumably makes the string longer
No, wchar_t is u16, so this allocates (key_len - 1)*sizeof(u16) =
(key_len - 1)*2 bytes.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
that
wants access to the rtas struct would clearly be doing something
extremely cursed that ought to be stopped.
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
seem unlikely.
>
> Arguably the default for RTAS symbols should have become
> EXPORT_SYMBOL_GPL once it was available. Let's make it so now, and
> exceptions can be evaluated as needed.
>
> Signed-off-by: Nathan Lynch
Agreed.
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
lines in rtas_call() lack appropriate spacing around
> operators and cause checkpatch errors; fix these as well.
>
> Suggested-by: Laurent Dufour
> Signed-off-by: Nathan Lynch
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
ere's no apparent
> reason not to upgrade timebase_lock as well.
>
> Signed-off-by: Nathan Lynch
I'm no locking expert but this looks reasonable from a quick read-
through.
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
On Tue, 2023-01-31 at 11:38 -0500, Stefan Berger wrote:
>
>
> On 1/31/23 01:39, Andrew Donnellan wrote:
> > Currently, plpks_read_var() allocates a buffer to pass to the
> > H_PKS_READ_OBJECT hcall, then allocates another buffer, of the
> > caller's
>
>
&g
chael Ellerman
Reviewed-by: Russell Currey
Reviewed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Include new patch
---
arch/powerpc/include/asm/secvar.h| 9 +++--
arch/powerpc/kernel/secvar-sysfs.c | 8
arch/powerpc/platforms/powernv
pace via sysfs"), but the return code of
secvar_sysfs_load() was never checked so this issue never mattered.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v5: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 6 --
1 file changed, 4 ins
nks to review from Greg. If we end up needing to expose more, we
can add them later and update the docs.
Use sysfs_emit() instead of sprintf() for all sysfs strings
Change the size of the sysfs binary attributes to include the 8-byte
flags header, preventing truncation of larg
size).
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
Reviewed-by: Russell Currey
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
v4: F
From: Russell Currey
The secvar format string and object size sysfs files are both ASCII
text, and should use sysfs_emit(). No functional change.
Suggested-by: Greg Kroah-Hartman
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v2: New patch
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Ste
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: Change uint64_t type to u64 (mpe)
v4: Return immediately if node is NULL (gjoyce)
---
arch/powerpc/include/asm/secvar.h| 1 +
arch/powerpc/kernel/secvar-sysfs.c | 17 +++
arch/powerpc/platforms
From: Russell Currey
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic. No functional change.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
R
From: Russell Currey
The secvar code only supports one consumer at a time.
Multiple consumers aren't possible at this point in time, but we'd want
it to be obvious if it ever could happen.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.
It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.
Signed-off-by: Andrew Donnellan
Signed-off-by: Ru
ead, let the backend put
a NULL-terminated array of variable names into secvar_ops->var_names,
which will be used if get_next() is undefined.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
---
v3: New patch (ajd/mpe)
v6: Add newlines for better aest
: Sudhakar Kuppusamy
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 6b
ff-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index cee06fb9a370..e5755443d4a4 100644
lit patch, extend to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_
fail.
Signed-off-by: Andrew Donnellan
---
v6: New patch
---
arch/powerpc/platforms/pseries/plpks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index 926b6a927326..01ae919b4497 100644
--- a
urrey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../integrity/platform_certs/load_powerpc.c | 26 ++-
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/security/integrity/platform_certs/load_powerpc.c
b/security/integrity/platform_certs/load_powerpc.c
kexec_file_load() syscall, not the older
kexec_load() syscall, however if you're using Secure Boot then you want
to be using kexec_file_load() anyway.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch)
Fix
From: Russell Currey
Move the constants defined in plpks.c to plpks.h, and standardise their
naming, so that PLPKS consumers can make use of them later on.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3
Update header file
to document this.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
---
v3: New patch (mpe)
v6: Reword commit message (stefanb)
---
arch/powerpc/include/asm/plpks.h | 12
arch/pow
From: Russell Currey
Add helper function to get the PLPKS password length. This will be used
in a later patch to support passing the password between kernels over
kexec.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: New patch
v5: Drop
implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: Remove unnecessary "secvar:" prefix from error mes
e with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as
compatible strings.)
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: New patch
v4: Pass format buffer size (stefanb, npiggin)
v5: Use sizeof(buf) rather than stat
dling and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
---
v3: Merge plpks fixes and signed update series with secvar series
Fix error code handling in plpks_confirm_object_flushed() (ruscur)
s worth of write buffer at a time, and the
hypervisor does not expose an interface for partial writes.)
Co-developed-by: Nayna Jain
Signed-off-by: Nayna Jain
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v2: Remove unnecessary config vars from
From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
Reviewed-by: Stefan Berger
---
v3: New patch
---
.../powerpc
urned to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
Tested-by: Russell Currey
Reviewed-by: Russell Currey
e keyrings.
However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.
Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
Reviewed-by: Stefan Berger
On Fri, 2023-02-10 at 15:47 -0500, Stefan Berger wrote:
>
>
> On 2/10/23 03:03, Andrew Donnellan wrote:
> > When the H_PKS_GEN_PASSWORD hcall returns H_IN_USE, operations that
> > require
> > authentication (i.e. anything other than reading a world-readable
>
>
Argh, thanks for catching this.
I don't think the condition is needed - we can assume the var.data is
unmodified.
mpe, are you able to fix this up in merge?
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
always in hypervisor/big endian format
Thanks for catching this - it turns out we weren't properly testing the
one flag that exists (append vs replace) in our test script, so I
didn't notice this.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
On Mon, 2023-02-13 at 16:26 +1100, Michael Ellerman wrote:
> Andrew Donnellan writes:
> > On Fri, 2023-02-10 at 16:28 -0500, Stefan Berger wrote:
> > > > > +err:
> > > > > + kfree(var.data);
> > > >
> > > > remove the kfree()
ng?
The powernv secvar backend doesn't have a notion of flags at all. (The
flags interface for pseries is a little ugly, but it gets the job done
- userspace can read the format attribute to discover what it needs to
do.)
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
ement secvars for dynamic secure
boot")
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks-secvar.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c
b/arch/powerpc/platforms/pseries/plpks-secv
Add a firmware feature flag, FW_FEATURE_PLPKS, to indicate availability of
Platform KeyStore related hcalls.
Check this flag in plpks_is_available() and pseries_plpks_init() before
trying to make an hcall.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
---
arch/powerpc/include
0e695f24] kernel_init+0x64/0x400
> [c00263607e50] [ce68e0e4]
> ret_from_kernel_thread+0x5c/0x64
>
> Fix this by creating separate notifier_block structs for each bus
> type.
>
> Fixes: d6b9a81b2a45 ("powerpc: IOMMU fault injection")
> Reported-by: Nageswara R Sastry
> Signed-off-by: Russell Currey
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
On Mon, 2023-03-06 at 15:33 -0600, Nathan Lynch via B4 Relay wrote:
> From: Nathan Lynch
>
> The 'filter' member is a pointer, not a bool; fix the wording
> accordingly.
>
> Signed-off-by: Nathan Lynch
Reviewed-by: Andrew Donnellan
> ---
> arch/powe
968820 b rtas_args
> >
> > Add an alignment directive to the struct rtas_args declaration so
> > all
> > instances have the alignment required by the specs. rtas-types.h no
> > longer refers to any spinlock types, so drop the spinlock_types.h
> > inclusion wh
; old ppc64 version of this code did not have this problem.
>
> Use memmove() instead.
>
> Fixes: 033ef338b6e0 ("powerpc: Merge rtas.c into
> arch/powerpc/kernel")
> Signed-off-by: Nathan Lynch
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
On Mon, 2023-03-06 at 15:33 -0600, Nathan Lynch via B4 Relay wrote:
> From: Nathan Lynch
>
> Add documentation for rtas_call_unlocked(), including details on how
> it differs from rtas_call().
>
> Signed-off-by: Nathan Lynch
Reviewed-by: Andrew Donnellan
--
Andrew Donnel
va_rtas_call(args, token, nargs, nret, list);
> va_end(list);
>
> /* A -1 return code indicates that the last command couldn't
>
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
mp;rtas_args);
> +
> va_start(list, nret);
> va_rtas_call(args, token, nargs, nret, list);
> va_end(list);
>
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
> Signed-off-by: Nathan Lynch
I'm no lockdep expert and I haven't checked if every possible case that
can be annotated has been annotated, but these changes make sense as
far as I can tell from my limited inspection.
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
nds time elapsed ( +- 0.05% )
> + 6.54256 +- 0.00830 seconds time elapsed ( +- 0.13% )
>
> Move the existing rtas_lock-guarded critical section in sys_rtas()
> into a conventional rtas_busy_delay()-based loop, returning to user
> space only when a final success or f
MAX_TIMEOUT, and assumes
it to be in milliseconds rather than microseconds.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
Seems like a good idea to me!
Reviewed-by: Andrew Donnellan
Tested-by: Andrew Donnellan
> ---
> arch/powerpc/Kbuild | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/Kbuild b/arch/powerpc/Kbuild
> index 22cd0d55a892..da862e9558bc 100644
>
401 - 500 of 1086 matches
Mail list logo
