From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Eric Richter <erichte@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Nayna Jain <nayna@linux.ibm.com>,
linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
Matthew Garret <matthew.garret@nebula.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Paul Mackerras <paulus@samba.org>, Jeremy Kerr <jk@ozlabs.org>,
Elaine Palmer <erpalmer@us.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>,
George Wilson <gcwilson@linux.ibm.com>
Subject: Re: [PATCH v6 1/4] powerpc/powernv: Add OPAL API interface to access secure variable
Date: Tue, 5 Nov 2019 19:07:55 -0800 [thread overview]
Message-ID: <3d2e3792-e78e-95a8-623e-1ddcf3ccf241@linux.microsoft.com> (raw)
In-Reply-To: <20191105082450.14746-2-erichte@linux.ibm.com>
On 11/5/2019 12:24 AM, Eric Richter wrote:
> From: Nayna Jain <nayna@linux.ibm.com>
>
> The X.509 certificates trusted by the platform and required to secure boot
> the OS kernel are wrapped in secure variables, which are controlled by
> OPAL.
>
> This patch adds firmware/kernel interface to read and write OPAL secure
> variables based on the unique key.
I feel splitting this patch into smaller set of changes would make it
easier to review. For instance roughly as below:
1, opal-api.h which adds the #defines OPAL_SECVAR_ and the API signature.
2, secvar.h then adds secvar_operations struct
3, powerpc/kernel for the Interface definitions
4, powernv/opal-secvar.c for the API implementations
5, powernv/opal-call.c for the API calls
6, powernv/opal.c for the secvar init calls.
> diff --git a/arch/powerpc/include/asm/opal-api.h b/arch/powerpc/include/asm/opal-api.h
> index 378e3997845a..c1f25a760eb1 100644
> --- a/arch/powerpc/include/asm/opal-api.h
> +++ b/arch/powerpc/include/asm/opal-api.h
> @@ -211,7 +211,10 @@
> #define OPAL_MPIPL_UPDATE 173
> #define OPAL_MPIPL_REGISTER_TAG 174
> #define OPAL_MPIPL_QUERY_TAG 175
> -#define OPAL_LAST 175
> +#define OPAL_SECVAR_GET 176
> +#define OPAL_SECVAR_GET_NEXT 177
> +#define OPAL_SECVAR_ENQUEUE_UPDATE 178
> +#define OPAL_LAST 178
Please fix the indentation for the #defines
> +static int opal_get_variable(const char *key, uint64_t ksize,
> + u8 *data, uint64_t *dsize)
> +{
> + int rc;
> +
> + if (!key || !dsize)
> + return -EINVAL;
> +
> + *dsize = cpu_to_be64(*dsize);
> +
> + rc = opal_secvar_get(key, ksize, data, dsize);
> +
> + *dsize = be64_to_cpu(*dsize);
Should the return status (rc) from opal_secvar_get be checked before
attempting to do the conversion (be64_to_cpu)?
> +static int opal_get_next_variable(const char *key, uint64_t *keylen,
> + uint64_t keybufsize)
> +{
> + int rc;
> +
> + if (!key || !keylen)
> + return -EINVAL;
> +
> + *keylen = cpu_to_be64(*keylen);
> +
> + rc = opal_secvar_get_next(key, keylen, keybufsize);
> +
> + *keylen = be64_to_cpu(*keylen);
Same comment as above - should rc be checke before attempting to convert?
> +
> + return opal_status_to_err(rc);
> +}
> +
> +static int opal_set_variable(const char *key, uint64_t ksize, u8 *data,
> + uint64_t dsize)
> +{
> + int rc;
> +
> + if (!key || !data)
> + return -EINVAL;
Is the key and data received here from a trusted caller? If not, should
there be some validation checks done here before enqueuing the data?
-lakshmi
next prev parent reply other threads:[~2019-11-06 3:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 8:24 [PATCH v6 0/4] powerpc: expose secure variables to the kernel and userspace Eric Richter
2019-11-05 8:24 ` [PATCH v6 1/4] powerpc/powernv: Add OPAL API interface to access secure variable Eric Richter
2019-11-06 3:07 ` Lakshmi Ramasubramanian [this message]
2019-11-05 8:24 ` [PATCH v6 2/4] powerpc: expose secure variables to userspace via sysfs Eric Richter
2019-11-06 3:22 ` Lakshmi Ramasubramanian
2019-11-05 8:24 ` [PATCH v6 3/4] x86/efi: move common keyring handler functions to new file Eric Richter
2019-11-05 8:24 ` [PATCH v6 4/4] powerpc: load firmware trusted keys/hashes into kernel keyring Eric Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3d2e3792-e78e-95a8-623e-1ddcf3ccf241@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=ard.biesheuvel@linaro.org \
--cc=cclaudio@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=nayna@linux.ibm.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).