From: gjoyce@linux.vnet.ibm.com To: linux-block@vger.kernel.org Cc: axboe@kernel.dk, gjoyce@linux.vnet.ibm.com, nayna@linux.ibm.com, jonathan.derrick@linux.dev, brking@linux.vnet.ibm.com, akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org, gjoyce@ibm.com Subject: [PATCH v3 2/2] powerpc/pseries: Override lib/arch_vars.c functions Date: Mon, 1 Aug 2022 07:34:26 -0500 [thread overview] Message-ID: <20220801123426.585801-3-gjoyce@linux.vnet.ibm.com> (raw) In-Reply-To: <20220801123426.585801-1-gjoyce@linux.vnet.ibm.com> From: Greg Joyce <gjoyce@linux.vnet.ibm.com> Self Encrypting Drives(SED) make use of POWER LPAR Platform KeyStore for storing its variables. Thus the block subsystem needs to access PowerPC specific functions to read/write objects in PLPKS. Override the default implementations in lib/arch_vars.c file with PowerPC specific versions. Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> --- arch/powerpc/platforms/pseries/Makefile | 1 + .../platforms/pseries/plpks_arch_ops.c | 167 ++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 arch/powerpc/platforms/pseries/plpks_arch_ops.c diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 14e143b946a3..3a545422eae5 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PSERIES_PLPKS) += plpks_arch_ops.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks_arch_ops.c b/arch/powerpc/platforms/pseries/plpks_arch_ops.c new file mode 100644 index 000000000000..fdea3322f696 --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks_arch_ops.c @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * POWER Platform arch specific code for SED + * Copyright (C) 2022 IBM Corporation + * + * Define operations for generic kernel subsystems to read/write keys + * from POWER LPAR Platform KeyStore(PLPKS). + * + * List of subsystems/usecase using PLPKS: + * - Self Encrypting Drives(SED) + */ + +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/string.h> +#include <linux/ioctl.h> +#include <uapi/linux/sed-opal.h> +#include <linux/sed-opal.h> +#include <linux/arch_vars.h> +#include "plpks.h" + +/* + * variable structure that contains all SED data + */ +struct plpks_sed_object_data { + u_char version; + u_char pad1[7]; + u_long authority; + u_long range; + u_int key_len; + u_char key[32]; +}; + +/* + * ext_type values + * 00 no extension exists + * 01-1F common + * 20-3F AIX + * 40-5F Linux + * 60-7F IBMi + */ + +/* + * This extension is optional for version 1 sed_object_data + */ +struct sed_object_extension { + u8 ext_type; + u8 rsvd[3]; + u8 ext_data[64]; +}; + +#define PKS_SED_OBJECT_DATA_V1 1 +#define PKS_SED_MANGLED_LABEL "/default/pri" +#define PLPKS_SED_COMPONENT "sed-opal" + +#define PLPKS_ARCHVAR_POLICY WORLDREADABLE +#define PLPKS_ARCHVAR_OS_COMMON 4 + +/* + * Read the variable data from PKS given the label + */ +int arch_read_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int *varlen) +{ + struct plpks_var var; + struct plpks_sed_object_data *data; + u_int offset = 0; + char *buf = (char *)varbuf; + int ret; + + var.name = varname; + var.namelen = strlen(varname); + var.policy = PLPKS_ARCHVAR_POLICY; + var.os = PLPKS_ARCHVAR_OS_COMMON; + var.data = NULL; + var.datalen = 0; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + var.component = PLPKS_SED_COMPONENT; +#ifdef OPAL_AUTH_KEY + if (strcmp(OPAL_AUTH_KEY, varname) == 0) { + var.name = PKS_SED_MANGLED_LABEL; + var.namelen = strlen(varname); + } +#endif + offset = offsetof(struct plpks_sed_object_data, key); + break; + case ARCH_VAR_OTHER: + var.component = ""; + break; + } + + ret = plpks_read_os_var(&var); + if (ret != 0) + return ret; + + if (offset > var.datalen) + offset = 0; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + data = (struct plpks_sed_object_data *)var.data; + *varlen = data->key_len; + break; + case ARCH_VAR_OTHER: + *varlen = var.datalen; + break; + } + + if (var.data) { + memcpy(varbuf, var.data + offset, var.datalen - offset); + buf[*varlen] = '\0'; + kfree(var.data); + } + + return 0; +} + +/* + * Write the variable data to PKS given the label + */ +int arch_write_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int varlen) +{ + struct plpks_var var; + struct plpks_sed_object_data data; + struct plpks_var_name vname; + + var.name = varname; + var.namelen = strlen(varname); + var.policy = PLPKS_ARCHVAR_POLICY; + var.os = PLPKS_ARCHVAR_OS_COMMON; + var.datalen = varlen; + var.data = varbuf; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + var.component = PLPKS_SED_COMPONENT; +#ifdef OPAL_AUTH_KEY + if (strcmp(OPAL_AUTH_KEY, varname) == 0) { + var.name = PKS_SED_MANGLED_LABEL; + var.namelen = strlen(varname); + } +#endif + var.datalen = sizeof(struct plpks_sed_object_data); + var.data = (u8 *)&data; + + /* initialize SED object */ + data.version = PKS_SED_OBJECT_DATA_V1; + data.authority = 0; + data.range = 0; + data.key_len = varlen; + memcpy(data.key, varbuf, varlen); + break; + case ARCH_VAR_OTHER: + var.component = ""; + break; + } + + /* variable update requires delete first */ + vname.namelen = var.namelen; + vname.name = var.name; + (void)plpks_remove_var(var.component, var.os, vname); + + return plpks_write_var(var); +} -- 2.27.0
WARNING: multiple messages have this Message-ID (diff)
From: gjoyce@linux.vnet.ibm.com To: linux-block@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org, jonathan.derrick@linux.dev, brking@linux.vnet.ibm.com, gjoyce@ibm.com, nayna@linux.ibm.com, axboe@kernel.dk, akpm@linux-foundation.org, gjoyce@linux.vnet.ibm.com Subject: [PATCH v3 2/2] powerpc/pseries: Override lib/arch_vars.c functions Date: Mon, 1 Aug 2022 07:34:26 -0500 [thread overview] Message-ID: <20220801123426.585801-3-gjoyce@linux.vnet.ibm.com> (raw) In-Reply-To: <20220801123426.585801-1-gjoyce@linux.vnet.ibm.com> From: Greg Joyce <gjoyce@linux.vnet.ibm.com> Self Encrypting Drives(SED) make use of POWER LPAR Platform KeyStore for storing its variables. Thus the block subsystem needs to access PowerPC specific functions to read/write objects in PLPKS. Override the default implementations in lib/arch_vars.c file with PowerPC specific versions. Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> --- arch/powerpc/platforms/pseries/Makefile | 1 + .../platforms/pseries/plpks_arch_ops.c | 167 ++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 arch/powerpc/platforms/pseries/plpks_arch_ops.c diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 14e143b946a3..3a545422eae5 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PSERIES_PLPKS) += plpks_arch_ops.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks_arch_ops.c b/arch/powerpc/platforms/pseries/plpks_arch_ops.c new file mode 100644 index 000000000000..fdea3322f696 --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks_arch_ops.c @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * POWER Platform arch specific code for SED + * Copyright (C) 2022 IBM Corporation + * + * Define operations for generic kernel subsystems to read/write keys + * from POWER LPAR Platform KeyStore(PLPKS). + * + * List of subsystems/usecase using PLPKS: + * - Self Encrypting Drives(SED) + */ + +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/string.h> +#include <linux/ioctl.h> +#include <uapi/linux/sed-opal.h> +#include <linux/sed-opal.h> +#include <linux/arch_vars.h> +#include "plpks.h" + +/* + * variable structure that contains all SED data + */ +struct plpks_sed_object_data { + u_char version; + u_char pad1[7]; + u_long authority; + u_long range; + u_int key_len; + u_char key[32]; +}; + +/* + * ext_type values + * 00 no extension exists + * 01-1F common + * 20-3F AIX + * 40-5F Linux + * 60-7F IBMi + */ + +/* + * This extension is optional for version 1 sed_object_data + */ +struct sed_object_extension { + u8 ext_type; + u8 rsvd[3]; + u8 ext_data[64]; +}; + +#define PKS_SED_OBJECT_DATA_V1 1 +#define PKS_SED_MANGLED_LABEL "/default/pri" +#define PLPKS_SED_COMPONENT "sed-opal" + +#define PLPKS_ARCHVAR_POLICY WORLDREADABLE +#define PLPKS_ARCHVAR_OS_COMMON 4 + +/* + * Read the variable data from PKS given the label + */ +int arch_read_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int *varlen) +{ + struct plpks_var var; + struct plpks_sed_object_data *data; + u_int offset = 0; + char *buf = (char *)varbuf; + int ret; + + var.name = varname; + var.namelen = strlen(varname); + var.policy = PLPKS_ARCHVAR_POLICY; + var.os = PLPKS_ARCHVAR_OS_COMMON; + var.data = NULL; + var.datalen = 0; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + var.component = PLPKS_SED_COMPONENT; +#ifdef OPAL_AUTH_KEY + if (strcmp(OPAL_AUTH_KEY, varname) == 0) { + var.name = PKS_SED_MANGLED_LABEL; + var.namelen = strlen(varname); + } +#endif + offset = offsetof(struct plpks_sed_object_data, key); + break; + case ARCH_VAR_OTHER: + var.component = ""; + break; + } + + ret = plpks_read_os_var(&var); + if (ret != 0) + return ret; + + if (offset > var.datalen) + offset = 0; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + data = (struct plpks_sed_object_data *)var.data; + *varlen = data->key_len; + break; + case ARCH_VAR_OTHER: + *varlen = var.datalen; + break; + } + + if (var.data) { + memcpy(varbuf, var.data + offset, var.datalen - offset); + buf[*varlen] = '\0'; + kfree(var.data); + } + + return 0; +} + +/* + * Write the variable data to PKS given the label + */ +int arch_write_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int varlen) +{ + struct plpks_var var; + struct plpks_sed_object_data data; + struct plpks_var_name vname; + + var.name = varname; + var.namelen = strlen(varname); + var.policy = PLPKS_ARCHVAR_POLICY; + var.os = PLPKS_ARCHVAR_OS_COMMON; + var.datalen = varlen; + var.data = varbuf; + + switch (type) { + case ARCH_VAR_OPAL_KEY: + var.component = PLPKS_SED_COMPONENT; +#ifdef OPAL_AUTH_KEY + if (strcmp(OPAL_AUTH_KEY, varname) == 0) { + var.name = PKS_SED_MANGLED_LABEL; + var.namelen = strlen(varname); + } +#endif + var.datalen = sizeof(struct plpks_sed_object_data); + var.data = (u8 *)&data; + + /* initialize SED object */ + data.version = PKS_SED_OBJECT_DATA_V1; + data.authority = 0; + data.range = 0; + data.key_len = varlen; + memcpy(data.key, varbuf, varlen); + break; + case ARCH_VAR_OTHER: + var.component = ""; + break; + } + + /* variable update requires delete first */ + vname.namelen = var.namelen; + vname.name = var.name; + (void)plpks_remove_var(var.component, var.os, vname); + + return plpks_write_var(var); +} -- 2.27.0
next prev parent reply other threads:[~2022-08-01 12:36 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-08-01 12:34 [PATCH v3 0/2] generic and PowerPC accessor functions for arch keystore gjoyce 2022-08-01 12:34 ` gjoyce 2022-08-01 12:34 ` [PATCH v3 1/2] lib: generic " gjoyce 2022-08-01 12:34 ` gjoyce 2022-08-01 13:40 ` Michal Suchánek 2022-08-01 13:40 ` Michal Suchánek 2022-08-01 19:45 ` Nayna 2022-08-01 19:45 ` Nayna 2022-08-01 20:24 ` Michal Suchánek 2022-08-01 20:24 ` Michal Suchánek 2022-08-04 15:41 ` Greg Joyce 2022-08-04 15:41 ` Greg Joyce 2022-08-02 2:59 ` Michael Ellerman 2022-08-02 22:39 ` Greg Joyce 2022-08-01 12:34 ` gjoyce [this message] 2022-08-01 12:34 ` [PATCH v3 2/2] powerpc/pseries: Override lib/arch_vars.c functions gjoyce
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220801123426.585801-3-gjoyce@linux.vnet.ibm.com \ --to=gjoyce@linux.vnet.ibm.com \ --cc=akpm@linux-foundation.org \ --cc=axboe@kernel.dk \ --cc=brking@linux.vnet.ibm.com \ --cc=gjoyce@ibm.com \ --cc=jonathan.derrick@linux.dev \ --cc=linux-block@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=nayna@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.