[PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

This patchset extends the capabilites incorporated into for-6.6/block
(https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
the keyring from a secure permanent keystore.

It has gone through numerous rounds of review and all comments/suggetions
have been addressed. The reviews have covered all relevant areas including
reviews by block and keyring developers as well as the SED Opal
maintainer. The last patchset submission has not solicited any responses
in the six weeks since it was last distributed. The changes are
generally useful and ready for inclusion.

TCG SED Opal is a specification from The Trusted Computing Group
that allows self encrypting storage devices (SED) to be locked at
power on and require an authentication key to unlock the drive.

Generic functions have been defined for accessing SED Opal keys.
The generic functions are defined as weak so that they may be superseded
by keystore specific versions.

PowerPC/pseries versions of these functions provide read/write access
to SED Opal keys in the PLPKS keystore.

The SED block driver has been modified to read the SED Opal
keystore to populate a key in the SED Opal keyring. Changes to the
SED Opal key will be written to the SED Opal keystore.

Changelog
v7:	- rebased to for-6.5/block

v6:     - squashed two commits (suggested by Andrew Donnellan)

v5:     - updated to reflect changes in PLPKS API

v4:
        - scope reduced to cover just SED Opal keys
        - base SED Opal keystore is now in SED block driver
        - removed use of enum to indicate type
        - refactored common code into common function that read and
          write use
        - removed cast to void
        - added use of SED Opal keystore functions to SED block driver

v3:
        - No code changes, but per reviewer requests, adding additional
          mailing lists(keyring, EFI) for wider review.

v2:
        - Include feedback from Gregory Joyce, Eric Richter and
          Murilo Opsfelder Araujo.
        - Include suggestions from Michael Ellerman.
        - Moved a dependency from generic SED code to this patchset.
          This patchset now builds of its own.



Greg Joyce (3):
  block:sed-opal: SED Opal keystore
  block: sed-opal: keystore access for SED Opal keys
  powerpc/pseries: PLPKS SED Opal keystore support

 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 block/Makefile                                |   2 +-
 block/sed-opal-key.c                          |  24 ++++
 block/sed-opal.c                              |  18 ++-
 include/linux/sed-opal-key.h                  |  15 +++
 8 files changed, 178 insertions(+), 3 deletions(-)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c
 create mode 100644 block/sed-opal-key.c
 create mode 100644 include/linux/sed-opal-key.h


base-commit: 1341c7d2ccf42ed91aea80b8579d35bc1ea381e2
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

This patchset extends the capabilites incorporated into for-6.6/block
(https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
the keyring from a secure permanent keystore.

It has gone through numerous rounds of review and all comments/suggetions
have been addressed. The reviews have covered all relevant areas including
reviews by block and keyring developers as well as the SED Opal
maintainer. The last patchset submission has not solicited any responses
in the six weeks since it was last distributed. The changes are
generally useful and ready for inclusion.

TCG SED Opal is a specification from The Trusted Computing Group
that allows self encrypting storage devices (SED) to be locked at
power on and require an authentication key to unlock the drive.

Generic functions have been defined for accessing SED Opal keys.
The generic functions are defined as weak so that they may be superseded
by keystore specific versions.

PowerPC/pseries versions of these functions provide read/write access
to SED Opal keys in the PLPKS keystore.

The SED block driver has been modified to read the SED Opal
keystore to populate a key in the SED Opal keyring. Changes to the
SED Opal key will be written to the SED Opal keystore.

Changelog
v7:	- rebased to for-6.5/block

v6:     - squashed two commits (suggested by Andrew Donnellan)

v5:     - updated to reflect changes in PLPKS API

v4:
        - scope reduced to cover just SED Opal keys
        - base SED Opal keystore is now in SED block driver
        - removed use of enum to indicate type
        - refactored common code into common function that read and
          write use
        - removed cast to void
        - added use of SED Opal keystore functions to SED block driver

v3:
        - No code changes, but per reviewer requests, adding additional
          mailing lists(keyring, EFI) for wider review.

v2:
        - Include feedback from Gregory Joyce, Eric Richter and
          Murilo Opsfelder Araujo.
        - Include suggestions from Michael Ellerman.
        - Moved a dependency from generic SED code to this patchset.
          This patchset now builds of its own.



Greg Joyce (3):
  block:sed-opal: SED Opal keystore
  block: sed-opal: keystore access for SED Opal keys
  powerpc/pseries: PLPKS SED Opal keystore support

 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 block/Makefile                                |   2 +-
 block/sed-opal-key.c                          |  24 ++++
 block/sed-opal.c                              |  18 ++-
 include/linux/sed-opal-key.h                  |  15 +++
 8 files changed, 178 insertions(+), 3 deletions(-)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c
 create mode 100644 block/sed-opal-key.c
 create mode 100644 include/linux/sed-opal-key.h


base-commit: 1341c7d2ccf42ed91aea80b8579d35bc1ea381e2
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Add read and write functions that allow SED Opal keys to stored
in a permanent keystore.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 block/Makefile               |  2 +-
 block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
 include/linux/sed-opal-key.h | 15 +++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 block/sed-opal-key.c
 create mode 100644 include/linux/sed-opal-key.h

diff --git a/block/Makefile b/block/Makefile
index 46ada9dc8bbf..ea07d80402a6 100644
--- a/block/Makefile
+++ b/block/Makefile
@@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED)	+= blk-zoned.o
 obj-$(CONFIG_BLK_WBT)		+= blk-wbt.o
 obj-$(CONFIG_BLK_DEBUG_FS)	+= blk-mq-debugfs.o
 obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
-obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o
+obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o sed-opal-key.o
 obj-$(CONFIG_BLK_PM)		+= blk-pm.o
 obj-$(CONFIG_BLK_INLINE_ENCRYPTION)	+= blk-crypto.o blk-crypto-profile.o \
 					   blk-crypto-sysfs.o
diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
new file mode 100644
index 000000000000..16f380164c44
--- /dev/null
+++ b/block/sed-opal-key.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SED key operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for SED Opal
+ * keys. Specific keystores can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/sed-opal-key.h>
+
+int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	return -EOPNOTSUPP;
+}
+
+int __weak sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	return -EOPNOTSUPP;
+}
diff --git a/include/linux/sed-opal-key.h b/include/linux/sed-opal-key.h
new file mode 100644
index 000000000000..c9b1447986d8
--- /dev/null
+++ b/include/linux/sed-opal-key.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * SED key operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for SED Opal
+ * keys. Specific keystores can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+
+int sed_read_key(char *keyname, char *key, u_int *keylen);
+int sed_write_key(char *keyname, char *key, u_int keylen);
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Add read and write functions that allow SED Opal keys to stored
in a permanent keystore.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 block/Makefile               |  2 +-
 block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
 include/linux/sed-opal-key.h | 15 +++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 block/sed-opal-key.c
 create mode 100644 include/linux/sed-opal-key.h

diff --git a/block/Makefile b/block/Makefile
index 46ada9dc8bbf..ea07d80402a6 100644
--- a/block/Makefile
+++ b/block/Makefile
@@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED)	+= blk-zoned.o
 obj-$(CONFIG_BLK_WBT)		+= blk-wbt.o
 obj-$(CONFIG_BLK_DEBUG_FS)	+= blk-mq-debugfs.o
 obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
-obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o
+obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o sed-opal-key.o
 obj-$(CONFIG_BLK_PM)		+= blk-pm.o
 obj-$(CONFIG_BLK_INLINE_ENCRYPTION)	+= blk-crypto.o blk-crypto-profile.o \
 					   blk-crypto-sysfs.o
diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
new file mode 100644
index 000000000000..16f380164c44
--- /dev/null
+++ b/block/sed-opal-key.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SED key operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for SED Opal
+ * keys. Specific keystores can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/sed-opal-key.h>
+
+int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	return -EOPNOTSUPP;
+}
+
+int __weak sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	return -EOPNOTSUPP;
+}
diff --git a/include/linux/sed-opal-key.h b/include/linux/sed-opal-key.h
new file mode 100644
index 000000000000..c9b1447986d8
--- /dev/null
+++ b/include/linux/sed-opal-key.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * SED key operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for SED Opal
+ * keys. Specific keystores can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+
+int sed_read_key(char *keyname, char *key, u_int *keylen);
+int sed_write_key(char *keyname, char *key, u_int keylen);
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 2/3 RESEND] block: sed-opal: keystore access for SED Opal keys

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Allow for permanent SED authentication keys by
reading/writing to the SED Opal non-volatile keystore.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 block/sed-opal.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/block/sed-opal.c b/block/sed-opal.c
index 6d7f25d1711b..fa23a6a60485 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -18,6 +18,7 @@
 #include <linux/uaccess.h>
 #include <uapi/linux/sed-opal.h>
 #include <linux/sed-opal.h>
+#include <linux/sed-opal-key.h>
 #include <linux/string.h>
 #include <linux/kdev_t.h>
 #include <linux/key.h>
@@ -3019,7 +3020,13 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
 	if (ret)
 		return ret;
 
-	/* update keyring with new password */
+	/* update keyring and key store with new password */
+	ret = sed_write_key(OPAL_AUTH_KEY,
+			    opal_pw->new_user_pw.opal_key.key,
+			    opal_pw->new_user_pw.opal_key.key_len);
+	if (ret != -EOPNOTSUPP)
+		pr_warn("error updating SED key: %d\n", ret);
+
 	ret = update_sed_opal_key(OPAL_AUTH_KEY,
 				  opal_pw->new_user_pw.opal_key.key,
 				  opal_pw->new_user_pw.opal_key.key_len);
@@ -3292,6 +3299,8 @@ EXPORT_SYMBOL_GPL(sed_ioctl);
 static int __init sed_opal_init(void)
 {
 	struct key *kr;
+	char init_sed_key[OPAL_KEY_MAX];
+	int keylen = OPAL_KEY_MAX - 1;
 
 	kr = keyring_alloc(".sed_opal",
 			   GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
@@ -3304,6 +3313,11 @@ static int __init sed_opal_init(void)
 
 	sed_opal_keyring = kr;
 
-	return 0;
+	if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
+		memset(init_sed_key, '\0', sizeof(init_sed_key));
+		keylen = OPAL_KEY_MAX - 1;
+	}
+
+	return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
 }
 late_initcall(sed_opal_init);
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 2/3 RESEND] block: sed-opal: keystore access for SED Opal keys

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Allow for permanent SED authentication keys by
reading/writing to the SED Opal non-volatile keystore.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 block/sed-opal.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/block/sed-opal.c b/block/sed-opal.c
index 6d7f25d1711b..fa23a6a60485 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -18,6 +18,7 @@
 #include <linux/uaccess.h>
 #include <uapi/linux/sed-opal.h>
 #include <linux/sed-opal.h>
+#include <linux/sed-opal-key.h>
 #include <linux/string.h>
 #include <linux/kdev_t.h>
 #include <linux/key.h>
@@ -3019,7 +3020,13 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
 	if (ret)
 		return ret;
 
-	/* update keyring with new password */
+	/* update keyring and key store with new password */
+	ret = sed_write_key(OPAL_AUTH_KEY,
+			    opal_pw->new_user_pw.opal_key.key,
+			    opal_pw->new_user_pw.opal_key.key_len);
+	if (ret != -EOPNOTSUPP)
+		pr_warn("error updating SED key: %d\n", ret);
+
 	ret = update_sed_opal_key(OPAL_AUTH_KEY,
 				  opal_pw->new_user_pw.opal_key.key,
 				  opal_pw->new_user_pw.opal_key.key_len);
@@ -3292,6 +3299,8 @@ EXPORT_SYMBOL_GPL(sed_ioctl);
 static int __init sed_opal_init(void)
 {
 	struct key *kr;
+	char init_sed_key[OPAL_KEY_MAX];
+	int keylen = OPAL_KEY_MAX - 1;
 
 	kr = keyring_alloc(".sed_opal",
 			   GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
@@ -3304,6 +3313,11 @@ static int __init sed_opal_init(void)
 
 	sed_opal_keyring = kr;
 
-	return 0;
+	if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
+		memset(init_sed_key, '\0', sizeof(init_sed_key));
+		keylen = OPAL_KEY_MAX - 1;
+	}
+
+	return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
 }
 late_initcall(sed_opal_init);
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Define operations for SED Opal to read/write keys
from POWER LPAR Platform KeyStore(PLPKS). This allows
non-volatile storage of SED Opal keys.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 4 files changed, 122 insertions(+)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c

diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index 4ebf2ef2845d..afc0f6a61337 100644
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -164,6 +164,12 @@ config PSERIES_PLPKS
 	# This option is selected by in-kernel consumers that require
 	# access to the PKS.
 
+config PSERIES_PLPKS_SED
+	depends on PPC_PSERIES
+	bool
+	# This option is selected by in-kernel consumers that require
+	# access to the SED PKS keystore.
+
 config PAPR_SCM
 	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
 	tristate "Support for the PAPR Storage Class Memory interface"
diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile
index 53c3b91af2f7..1476c5e4433c 100644
--- a/arch/powerpc/platforms/pseries/Makefile
+++ b/arch/powerpc/platforms/pseries/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SVM)		+= svm.o
 obj-$(CONFIG_FA_DUMP)		+= rtas-fadump.o
 obj-$(CONFIG_PSERIES_PLPKS)	+= plpks.o
 obj-$(CONFIG_PPC_SECURE_BOOT)	+= plpks-secvar.o
+obj-$(CONFIG_PSERIES_PLPKS_SED)	+= plpks_sed_ops.o
 obj-$(CONFIG_SUSPEND)		+= suspend.o
 obj-$(CONFIG_PPC_VAS)		+= vas.o vas-sysfs.o
 
diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
new file mode 100644
index 000000000000..c1d08075e850
--- /dev/null
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * POWER Platform specific code for non-volatile SED key access
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * Define operations for SED Opal to read/write keys
+ * from POWER LPAR Platform KeyStore(PLPKS).
+ *
+ * Self Encrypting Drives(SED) key storage using PLPKS
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/ioctl.h>
+#include <linux/sed-opal-key.h>
+#include <asm/plpks.h>
+
+/*
+ * structure that contains all SED data
+ */
+struct plpks_sed_object_data {
+	u_char version;
+	u_char pad1[7];
+	u_long authority;
+	u_long range;
+	u_int  key_len;
+	u_char key[32];
+};
+
+#define PLPKS_SED_OBJECT_DATA_V0        0
+#define PLPKS_SED_MANGLED_LABEL         "/default/pri"
+#define PLPKS_SED_COMPONENT             "sed-opal"
+#define PLPKS_SED_KEY                   "opal-boot-pin"
+
+/*
+ * authority is admin1 and range is global
+ */
+#define PLPKS_SED_AUTHORITY  0x0000000900010001
+#define PLPKS_SED_RANGE      0x0000080200000001
+
+void plpks_init_var(struct plpks_var *var, char *keyname)
+{
+	var->name = keyname;
+	var->namelen = strlen(keyname);
+	if (strcmp(PLPKS_SED_KEY, keyname) == 0) {
+		var->name = PLPKS_SED_MANGLED_LABEL;
+		var->namelen = strlen(keyname);
+	}
+	var->policy = PLPKS_WORLDREADABLE;
+	var->os = PLPKS_VAR_COMMON;
+	var->data = NULL;
+	var->datalen = 0;
+	var->component = PLPKS_SED_COMPONENT;
+}
+
+/*
+ * Read the SED Opal key from PLPKS given the label
+ */
+int sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	int ret;
+	u_int len;
+
+	plpks_init_var(&var, keyname);
+	var.data = (u8 *)&data;
+	var.datalen = sizeof(data);
+
+	ret = plpks_read_os_var(&var);
+	if (ret != 0)
+		return ret;
+
+	len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
+	memcpy(key, data.key, len);
+	key[len] = '\0';
+	*keylen = len;
+
+	return 0;
+}
+
+/*
+ * Write the SED Opal key to PLPKS given the label
+ */
+int sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	struct plpks_var_name vname;
+
+	plpks_init_var(&var, keyname);
+
+	var.datalen = sizeof(struct plpks_sed_object_data);
+	var.data = (u8 *)&data;
+
+	/* initialize SED object */
+	data.version = PLPKS_SED_OBJECT_DATA_V0;
+	data.authority = cpu_to_be64(PLPKS_SED_AUTHORITY);
+	data.range = cpu_to_be64(PLPKS_SED_RANGE);
+	memset(&data.pad1, '\0', sizeof(data.pad1));
+	data.key_len = cpu_to_be32(keylen);
+	memcpy(data.key, (char *)key, keylen);
+
+	/*
+	 * Key update requires remove first. The return value
+	 * is ignored since it's okay if the key doesn't exist.
+	 */
+	vname.namelen = var.namelen;
+	vname.name = var.name;
+	plpks_remove_var(var.component, var.os, vname);
+
+	return plpks_write_var(var);
+}
diff --git a/block/Kconfig b/block/Kconfig
index 77f72175eb72..0375d2abf7a6 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -185,6 +185,7 @@ config BLK_SED_OPAL
 	bool "Logic for interfacing with Opal enabled SEDs"
 	depends on KEYS
 	select PSERIES_PLPKS if PPC_PSERIES
+	select PSERIES_PLPKS_SED if PPC_PSERIES
 	help
 	Builds Logic for interfacing with Opal enabled controllers.
 	Enabling this option enables users to setup/unlock/lock
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Define operations for SED Opal to read/write keys
from POWER LPAR Platform KeyStore(PLPKS). This allows
non-volatile storage of SED Opal keys.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 4 files changed, 122 insertions(+)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c

diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index 4ebf2ef2845d..afc0f6a61337 100644
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -164,6 +164,12 @@ config PSERIES_PLPKS
 	# This option is selected by in-kernel consumers that require
 	# access to the PKS.
 
+config PSERIES_PLPKS_SED
+	depends on PPC_PSERIES
+	bool
+	# This option is selected by in-kernel consumers that require
+	# access to the SED PKS keystore.
+
 config PAPR_SCM
 	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
 	tristate "Support for the PAPR Storage Class Memory interface"
diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile
index 53c3b91af2f7..1476c5e4433c 100644
--- a/arch/powerpc/platforms/pseries/Makefile
+++ b/arch/powerpc/platforms/pseries/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SVM)		+= svm.o
 obj-$(CONFIG_FA_DUMP)		+= rtas-fadump.o
 obj-$(CONFIG_PSERIES_PLPKS)	+= plpks.o
 obj-$(CONFIG_PPC_SECURE_BOOT)	+= plpks-secvar.o
+obj-$(CONFIG_PSERIES_PLPKS_SED)	+= plpks_sed_ops.o
 obj-$(CONFIG_SUSPEND)		+= suspend.o
 obj-$(CONFIG_PPC_VAS)		+= vas.o vas-sysfs.o
 
diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
new file mode 100644
index 000000000000..c1d08075e850
--- /dev/null
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * POWER Platform specific code for non-volatile SED key access
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * Define operations for SED Opal to read/write keys
+ * from POWER LPAR Platform KeyStore(PLPKS).
+ *
+ * Self Encrypting Drives(SED) key storage using PLPKS
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/ioctl.h>
+#include <linux/sed-opal-key.h>
+#include <asm/plpks.h>
+
+/*
+ * structure that contains all SED data
+ */
+struct plpks_sed_object_data {
+	u_char version;
+	u_char pad1[7];
+	u_long authority;
+	u_long range;
+	u_int  key_len;
+	u_char key[32];
+};
+
+#define PLPKS_SED_OBJECT_DATA_V0        0
+#define PLPKS_SED_MANGLED_LABEL         "/default/pri"
+#define PLPKS_SED_COMPONENT             "sed-opal"
+#define PLPKS_SED_KEY                   "opal-boot-pin"
+
+/*
+ * authority is admin1 and range is global
+ */
+#define PLPKS_SED_AUTHORITY  0x0000000900010001
+#define PLPKS_SED_RANGE      0x0000080200000001
+
+void plpks_init_var(struct plpks_var *var, char *keyname)
+{
+	var->name = keyname;
+	var->namelen = strlen(keyname);
+	if (strcmp(PLPKS_SED_KEY, keyname) == 0) {
+		var->name = PLPKS_SED_MANGLED_LABEL;
+		var->namelen = strlen(keyname);
+	}
+	var->policy = PLPKS_WORLDREADABLE;
+	var->os = PLPKS_VAR_COMMON;
+	var->data = NULL;
+	var->datalen = 0;
+	var->component = PLPKS_SED_COMPONENT;
+}
+
+/*
+ * Read the SED Opal key from PLPKS given the label
+ */
+int sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	int ret;
+	u_int len;
+
+	plpks_init_var(&var, keyname);
+	var.data = (u8 *)&data;
+	var.datalen = sizeof(data);
+
+	ret = plpks_read_os_var(&var);
+	if (ret != 0)
+		return ret;
+
+	len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
+	memcpy(key, data.key, len);
+	key[len] = '\0';
+	*keylen = len;
+
+	return 0;
+}
+
+/*
+ * Write the SED Opal key to PLPKS given the label
+ */
+int sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	struct plpks_var_name vname;
+
+	plpks_init_var(&var, keyname);
+
+	var.datalen = sizeof(struct plpks_sed_object_data);
+	var.data = (u8 *)&data;
+
+	/* initialize SED object */
+	data.version = PLPKS_SED_OBJECT_DATA_V0;
+	data.authority = cpu_to_be64(PLPKS_SED_AUTHORITY);
+	data.range = cpu_to_be64(PLPKS_SED_RANGE);
+	memset(&data.pad1, '\0', sizeof(data.pad1));
+	data.key_len = cpu_to_be32(keylen);
+	memcpy(data.key, (char *)key, keylen);
+
+	/*
+	 * Key update requires remove first. The return value
+	 * is ignored since it's okay if the key doesn't exist.
+	 */
+	vname.namelen = var.namelen;
+	vname.name = var.name;
+	plpks_remove_var(var.component, var.os, vname);
+
+	return plpks_write_var(var);
+}
diff --git a/block/Kconfig b/block/Kconfig
index 77f72175eb72..0375d2abf7a6 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -185,6 +185,7 @@ config BLK_SED_OPAL
 	bool "Logic for interfacing with Opal enabled SEDs"
 	depends on KEYS
 	select PSERIES_PLPKS if PPC_PSERIES
+	select PSERIES_PLPKS_SED if PPC_PSERIES
 	help
 	Builds Logic for interfacing with Opal enabled controllers.
 	Enabling this option enables users to setup/unlock/lock
-- 
gjoyce@linux.vnet.ibm.com

Re: [PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[Jens Axboe]

On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> This patchset extends the capabilites incorporated into for-6.6/block
> (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
> the keyring from a secure permanent keystore.
> 
> It has gone through numerous rounds of review and all comments/suggetions
> have been addressed. The reviews have covered all relevant areas including
> reviews by block and keyring developers as well as the SED Opal
> maintainer. The last patchset submission has not solicited any responses
> in the six weeks since it was last distributed. The changes are
> generally useful and ready for inclusion.

Best time to resend is generally once the merge window is closed again,
as I won't start applying patches for the next release before that
happens. I'll try to remember to pick this one up for 6.7.

-- 
Jens Axboe

Re: [PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[Jens Axboe]

On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> This patchset extends the capabilites incorporated into for-6.6/block
> (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
> the keyring from a secure permanent keystore.
> 
> It has gone through numerous rounds of review and all comments/suggetions
> have been addressed. The reviews have covered all relevant areas including
> reviews by block and keyring developers as well as the SED Opal
> maintainer. The last patchset submission has not solicited any responses
> in the six weeks since it was last distributed. The changes are
> generally useful and ready for inclusion.

Best time to resend is generally once the merge window is closed again,
as I won't start applying patches for the next release before that
happens. I'll try to remember to pick this one up for 6.7.

-- 
Jens Axboe

Re: [PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[Jens Axboe]

On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> This patchset extends the capabilites incorporated into for-6.6/block
> (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
> the keyring from a secure permanent keystore.
> 
> It has gone through numerous rounds of review and all comments/suggetions
> have been addressed. The reviews have covered all relevant areas including
> reviews by block and keyring developers as well as the SED Opal
> maintainer. The last patchset submission has not solicited any responses
> in the six weeks since it was last distributed. The changes are
> generally useful and ready for inclusion.
> 
> TCG SED Opal is a specification from The Trusted Computing Group
> that allows self encrypting storage devices (SED) to be locked at
> power on and require an authentication key to unlock the drive.
> 
> Generic functions have been defined for accessing SED Opal keys.
> The generic functions are defined as weak so that they may be superseded
> by keystore specific versions.
> 
> PowerPC/pseries versions of these functions provide read/write access
> to SED Opal keys in the PLPKS keystore.
> 
> The SED block driver has been modified to read the SED Opal
> keystore to populate a key in the SED Opal keyring. Changes to the
> SED Opal key will be written to the SED Opal keystore.

Applied for 6.7, thanks.

-- 
Jens Axboe

Re: [PATCH v7 0/3 RESEND] generic and PowerPC SED Opal keystore

[Jens Axboe]

On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> This patchset extends the capabilites incorporated into for-6.6/block
> (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into
> the keyring from a secure permanent keystore.
> 
> It has gone through numerous rounds of review and all comments/suggetions
> have been addressed. The reviews have covered all relevant areas including
> reviews by block and keyring developers as well as the SED Opal
> maintainer. The last patchset submission has not solicited any responses
> in the six weeks since it was last distributed. The changes are
> generally useful and ready for inclusion.
> 
> TCG SED Opal is a specification from The Trusted Computing Group
> that allows self encrypting storage devices (SED) to be locked at
> power on and require an authentication key to unlock the drive.
> 
> Generic functions have been defined for accessing SED Opal keys.
> The generic functions are defined as weak so that they may be superseded
> by keystore specific versions.
> 
> PowerPC/pseries versions of these functions provide read/write access
> to SED Opal keys in the PLPKS keystore.
> 
> The SED block driver has been modified to read the SED Opal
> keystore to populate a key in the SED Opal keyring. Changes to the
> SED Opal key will be written to the SED Opal keystore.

Applied for 6.7, thanks.

-- 
Jens Axboe

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nathan Chancellor]

Hi Greg,

On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Add read and write functions that allow SED Opal keys to stored
> in a permanent keystore.
> 
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> ---
>  block/Makefile               |  2 +-
>  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
>  include/linux/sed-opal-key.h | 15 +++++++++++++++
>  3 files changed, 40 insertions(+), 1 deletion(-)
>  create mode 100644 block/sed-opal-key.c
>  create mode 100644 include/linux/sed-opal-key.h
> 
> diff --git a/block/Makefile b/block/Makefile
> index 46ada9dc8bbf..ea07d80402a6 100644
> --- a/block/Makefile
> +++ b/block/Makefile
> @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED)	+= blk-zoned.o
>  obj-$(CONFIG_BLK_WBT)		+= blk-wbt.o
>  obj-$(CONFIG_BLK_DEBUG_FS)	+= blk-mq-debugfs.o
>  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> -obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o
> +obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o sed-opal-key.o
>  obj-$(CONFIG_BLK_PM)		+= blk-pm.o
>  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)	+= blk-crypto.o blk-crypto-profile.o \
>  					   blk-crypto-sysfs.o
> diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> new file mode 100644
> index 000000000000..16f380164c44
> --- /dev/null
> +++ b/block/sed-opal-key.c
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * SED key operations.
> + *
> + * Copyright (C) 2022 IBM Corporation
> + *
> + * These are the accessor functions (read/write) for SED Opal
> + * keys. Specific keystores can provide overrides.
> + *
> + */
> +
> +#include <linux/kernel.h>
> +#include <linux/errno.h>
> +#include <linux/sed-opal-key.h>
> +
> +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
> +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> +{
> +	return -EOPNOTSUPP;
> +}

This change causes a build failure for certain clang configurations due
to an unfortunate issue [1] with recordmcount, clang's integrated
assembler, and object files that contain a section with only weak
functions/symbols (in this case, the .text section in sed-opal-key.c),
resulting in

  Cannot find symbol for section 2: .text.
  block/sed-opal-key.o: failed

when building this file.

Is there any real reason to have a separate translation unit for these
two functions versus just having them living in sed-opal.c? Those two
object files share the same Kconfig dependency. I am happy to send a
patch if that is an acceptable approach.

[1]: https://github.com/ClangBuiltLinux/linux/issues/981

Cheers,
Nathan

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nathan Chancellor]

Hi Greg,

On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Add read and write functions that allow SED Opal keys to stored
> in a permanent keystore.
> 
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> ---
>  block/Makefile               |  2 +-
>  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
>  include/linux/sed-opal-key.h | 15 +++++++++++++++
>  3 files changed, 40 insertions(+), 1 deletion(-)
>  create mode 100644 block/sed-opal-key.c
>  create mode 100644 include/linux/sed-opal-key.h
> 
> diff --git a/block/Makefile b/block/Makefile
> index 46ada9dc8bbf..ea07d80402a6 100644
> --- a/block/Makefile
> +++ b/block/Makefile
> @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED)	+= blk-zoned.o
>  obj-$(CONFIG_BLK_WBT)		+= blk-wbt.o
>  obj-$(CONFIG_BLK_DEBUG_FS)	+= blk-mq-debugfs.o
>  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> -obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o
> +obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o sed-opal-key.o
>  obj-$(CONFIG_BLK_PM)		+= blk-pm.o
>  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)	+= blk-crypto.o blk-crypto-profile.o \
>  					   blk-crypto-sysfs.o
> diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> new file mode 100644
> index 000000000000..16f380164c44
> --- /dev/null
> +++ b/block/sed-opal-key.c
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * SED key operations.
> + *
> + * Copyright (C) 2022 IBM Corporation
> + *
> + * These are the accessor functions (read/write) for SED Opal
> + * keys. Specific keystores can provide overrides.
> + *
> + */
> +
> +#include <linux/kernel.h>
> +#include <linux/errno.h>
> +#include <linux/sed-opal-key.h>
> +
> +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
> +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> +{
> +	return -EOPNOTSUPP;
> +}

This change causes a build failure for certain clang configurations due
to an unfortunate issue [1] with recordmcount, clang's integrated
assembler, and object files that contain a section with only weak
functions/symbols (in this case, the .text section in sed-opal-key.c),
resulting in

  Cannot find symbol for section 2: .text.
  block/sed-opal-key.o: failed

when building this file.

Is there any real reason to have a separate translation unit for these
two functions versus just having them living in sed-opal.c? Those two
object files share the same Kconfig dependency. I am happy to send a
patch if that is an acceptable approach.

[1]: https://github.com/ClangBuiltLinux/linux/issues/981

Cheers,
Nathan

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Nathan Chancellor]

Hi Greg,

On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> Define operations for SED Opal to read/write keys
> from POWER LPAR Platform KeyStore(PLPKS). This allows
> non-volatile storage of SED Opal keys.
>
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> Reviewed-by: Hannes Reinecke <hare@suse.de>

After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
PLPKS SED Opal keystore support"), I see the following crash when
booting some distribution configurations, such as OpenSUSE's [1] (the
rootfs is available at [2] if necessary):

$ qemu-system-ppc64 \
    -display none \
    -nodefaults \
    -device ipmi-bmc-sim,id=bmc0 \
    -device isa-ipmi-bt,bmc=bmc0,irq=10 \
    -machine powernv \
    -kernel arch/powerpc/boot/zImage.epapr \
    -initrd ppc64le-rootfs.cpio \
    -m 2G \
    -serial mon:stdio
...
[    0.000000] Linux version 6.6.0-rc1-00004-g9f2c7411ada9 (nathan@dev-arch.thelio-3990X) (powerpc64-linux-gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.41) #1 SMP Wed Sep 13 11:53:38 MST 2023
...
[    1.808911] ------------[ cut here ]------------
[    1.810336] kernel BUG at arch/powerpc/kernel/syscall.c:34!
[    1.810799] Oops: Exception in kernel mode, sig: 5 [#1]
[    1.810985] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
[    1.811191] Modules linked in:
[    1.811483] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc1-00004-g9f2c7411ada9 #1
[    1.811825] Hardware name: IBM PowerNV (emulated by qemu) POWER9 0x4e1202 opal:v7.0 PowerNV
[    1.812133] NIP:  c00000000002c8c4 LR: c00000000000d620 CTR: c00000000000d4c0
[    1.812335] REGS: c000000002deb7b0 TRAP: 0700   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.812595] MSR:  9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 20040004
[    1.812930] CFAR: c00000000000d61c IRQMASK: 3
[    1.812930] GPR00: c00000000000d620 c000000002deba50 c0000000015ef400 c000000002debe80
[    1.812930] GPR04: 000000004800028d 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR08: 0000000079cd0000 0000000000000001 0000000000000000 0000000000000000
[    1.812930] GPR12: 0000000000000000 c0000000028b0000 0000000000000000 0000000000000000
[    1.812930] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR28: 0000000000000000 000000004800028d c000000002debe80 c000000002debe10
[    1.814858] NIP [c00000000002c8c4] system_call_exception+0x84/0x250
[    1.815480] LR [c00000000000d620] system_call_common+0x160/0x2c4
[    1.815772] Call Trace:
[    1.815929] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.816178] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.816330] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.816518] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.816740] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.817039] IRQMASK: 0
[    1.817039] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.817039] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.817039] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.817039] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.817039] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.818785] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.818929] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.819093] --- interrupt: c00
[    1.819195] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.819433] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.819617] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.819823] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.820017] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.820229] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.820411] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.820614] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.820755] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.820940] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.821157] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.821444] IRQMASK: 0
[    1.821444] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.821444] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.821444] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.821444] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.821444] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.823188] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.823331] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.823493] --- interrupt: c00
[    1.823585] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.823813] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.823996] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.824183] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.824370] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.824577] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.824764] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.824965] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.825105] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.825290] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.825505] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.825795] IRQMASK: 0
[    1.825795] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.825795] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.825795] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.825795] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.825795] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.827538] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.827682] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.827842] --- interrupt: c00
[    1.827930] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.828154] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.828335] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.828522] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.828712] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.828917] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.829098] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.829300] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.829443] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.829627] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.829841] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.830127] IRQMASK: 0
[    1.830127] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.830127] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.830127] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.830127] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.830127] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.831867] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.832011] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.832168] --- interrupt: c00
[    1.832255] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.832476] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.832661] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.832845] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.833037] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.833243] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.833423] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.833631] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.833778] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.833964] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.834179] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.834466] IRQMASK: 0
[    1.834466] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.834466] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.834466] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.834466] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.834466] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.836206] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.836349] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.836505] --- interrupt: c00
[    1.836592] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.836819] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.837002] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.837187] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.837380] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.837587] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.837772] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.837978] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.838117] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.838305] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.838521] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.838803] IRQMASK: 0
[    1.838803] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.838803] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.838803] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.838803] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.838803] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.840549] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.840699] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.840854] --- interrupt: c00
[    1.840940] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.841164] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.841347] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.841538] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.841727] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.841932] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.842114] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.842311] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.842453] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.842638] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.842856] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.843143] IRQMASK: 0
[    1.843143] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.843143] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.843143] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.843143] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.843143] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.844880] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.845027] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.845184] --- interrupt: c00
[    1.845272] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.845491] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.845674] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.845857] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.846043] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.846246] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.846429] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.846625] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.846775] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.846965] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.847178] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.847457] IRQMASK: 0
[    1.847457] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.847457] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.847457] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.847457] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.847457] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.849184] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.849328] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.849483] --- interrupt: c00
[    1.849571] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.849795] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.849976] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.850165] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.850359] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.850561] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.850743] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.850943] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.851082] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.851264] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.851480] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.851762] IRQMASK: 0
[    1.851762] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.851762] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.851762] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.851762] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.851762] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.853506] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.853654] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.853811] --- interrupt: c00
[    1.853897] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.854119] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.854303] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.854488] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.854677] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.854877] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.855061] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.855262] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.855404] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.855587] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.855805] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.856090] IRQMASK: 0
[    1.856090] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.856090] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.856090] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.856090] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.856090] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.857848] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.857992] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.858148] --- interrupt: c00
[    1.858325] Code: 7d41496a 39210020 60000000 39200000 0b090000 60000000 e93e0108 692a0002 794affe2 0b0a0000 69294000 792997e2 <0b090000> e93e0138 792907e0 0b090000
[    1.859199] ---[ end trace 0000000000000000 ]---
[    1.859407]
[    2.859747] note: swapper/0[1] exited with irqs disabled
[    2.862681] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005
[    2.864206] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005 ]---

IIRC, this occurs when running on a non-pseries machine, as I think this
is a similar crash to commit a66de5283e16 ("powerpc/pseries: Fix plpks
crash on non-pseries"), but I am not sure if that fix is appropriate or
not here, hence just the report. If there is any additional information
I can provide or patches I can test, I am more than happy to do so.

[1]: https://github.com/openSUSE/kernel-source/raw/master/config/ppc64le/default
[2]: https://github.com/ClangBuiltLinux/boot-utils/releases

Cheers,
Nathan

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Nathan Chancellor]

Hi Greg,

On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>
> Define operations for SED Opal to read/write keys
> from POWER LPAR Platform KeyStore(PLPKS). This allows
> non-volatile storage of SED Opal keys.
>
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> Reviewed-by: Hannes Reinecke <hare@suse.de>

After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
PLPKS SED Opal keystore support"), I see the following crash when
booting some distribution configurations, such as OpenSUSE's [1] (the
rootfs is available at [2] if necessary):

$ qemu-system-ppc64 \
    -display none \
    -nodefaults \
    -device ipmi-bmc-sim,id=bmc0 \
    -device isa-ipmi-bt,bmc=bmc0,irq=10 \
    -machine powernv \
    -kernel arch/powerpc/boot/zImage.epapr \
    -initrd ppc64le-rootfs.cpio \
    -m 2G \
    -serial mon:stdio
...
[    0.000000] Linux version 6.6.0-rc1-00004-g9f2c7411ada9 (nathan@dev-arch.thelio-3990X) (powerpc64-linux-gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.41) #1 SMP Wed Sep 13 11:53:38 MST 2023
...
[    1.808911] ------------[ cut here ]------------
[    1.810336] kernel BUG at arch/powerpc/kernel/syscall.c:34!
[    1.810799] Oops: Exception in kernel mode, sig: 5 [#1]
[    1.810985] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
[    1.811191] Modules linked in:
[    1.811483] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc1-00004-g9f2c7411ada9 #1
[    1.811825] Hardware name: IBM PowerNV (emulated by qemu) POWER9 0x4e1202 opal:v7.0 PowerNV
[    1.812133] NIP:  c00000000002c8c4 LR: c00000000000d620 CTR: c00000000000d4c0
[    1.812335] REGS: c000000002deb7b0 TRAP: 0700   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.812595] MSR:  9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 20040004
[    1.812930] CFAR: c00000000000d61c IRQMASK: 3
[    1.812930] GPR00: c00000000000d620 c000000002deba50 c0000000015ef400 c000000002debe80
[    1.812930] GPR04: 000000004800028d 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR08: 0000000079cd0000 0000000000000001 0000000000000000 0000000000000000
[    1.812930] GPR12: 0000000000000000 c0000000028b0000 0000000000000000 0000000000000000
[    1.812930] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.812930] GPR28: 0000000000000000 000000004800028d c000000002debe80 c000000002debe10
[    1.814858] NIP [c00000000002c8c4] system_call_exception+0x84/0x250
[    1.815480] LR [c00000000000d620] system_call_common+0x160/0x2c4
[    1.815772] Call Trace:
[    1.815929] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.816178] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.816330] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.816518] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.816740] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.817039] IRQMASK: 0
[    1.817039] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.817039] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.817039] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.817039] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.817039] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.817039] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.818785] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.818929] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.819093] --- interrupt: c00
[    1.819195] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.819433] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.819617] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.819823] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.820017] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.820229] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.820411] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.820614] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.820755] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.820940] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.821157] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.821444] IRQMASK: 0
[    1.821444] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.821444] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.821444] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.821444] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.821444] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.821444] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.823188] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.823331] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.823493] --- interrupt: c00
[    1.823585] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.823813] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.823996] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.824183] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.824370] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.824577] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.824764] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.824965] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.825105] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.825290] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.825505] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.825795] IRQMASK: 0
[    1.825795] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.825795] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.825795] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.825795] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.825795] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.825795] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.827538] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.827682] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.827842] --- interrupt: c00
[    1.827930] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.828154] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.828335] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.828522] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.828712] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.828917] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.829098] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.829300] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.829443] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.829627] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.829841] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.830127] IRQMASK: 0
[    1.830127] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.830127] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.830127] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.830127] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.830127] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.830127] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.831867] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.832011] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.832168] --- interrupt: c00
[    1.832255] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.832476] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.832661] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.832845] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.833037] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.833243] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.833423] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.833631] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.833778] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.833964] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.834179] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.834466] IRQMASK: 0
[    1.834466] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.834466] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.834466] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.834466] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.834466] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.834466] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.836206] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.836349] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.836505] --- interrupt: c00
[    1.836592] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.836819] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.837002] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.837187] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.837380] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.837587] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.837772] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.837978] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.838117] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.838305] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.838521] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.838803] IRQMASK: 0
[    1.838803] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.838803] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.838803] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.838803] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.838803] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.838803] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.840549] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.840699] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.840854] --- interrupt: c00
[    1.840940] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.841164] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.841347] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.841538] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.841727] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.841932] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.842114] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.842311] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.842453] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.842638] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.842856] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.843143] IRQMASK: 0
[    1.843143] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.843143] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.843143] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.843143] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.843143] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.843143] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.844880] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.845027] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.845184] --- interrupt: c00
[    1.845272] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.845491] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.845674] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.845857] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.846043] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.846246] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.846429] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.846625] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.846775] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.846965] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.847178] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.847457] IRQMASK: 0
[    1.847457] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.847457] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.847457] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.847457] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.847457] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.847457] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.849184] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.849328] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.849483] --- interrupt: c00
[    1.849571] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.849795] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.849976] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.850165] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.850359] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.850561] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.850743] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.850943] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.851082] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.851264] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.851480] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.851762] IRQMASK: 0
[    1.851762] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.851762] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.851762] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.851762] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.851762] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.851762] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.853506] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.853654] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.853811] --- interrupt: c00
[    1.853897] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
[    1.854119] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
[    1.854303] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
[    1.854488] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
[    1.854677] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
[    1.854877] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
[    1.855061] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
[    1.855262] --- interrupt: c00 at plpar_hcall+0x38/0x60
[    1.855404] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
[    1.855587] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
[    1.855805] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
[    1.856090] IRQMASK: 0
[    1.856090] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
[    1.856090] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
[    1.856090] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
[    1.856090] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    1.856090] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
[    1.856090] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
[    1.857848] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
[    1.857992] LR [c0000000000fb558] plpks_read_var+0x208/0x290
[    1.858148] --- interrupt: c00
[    1.858325] Code: 7d41496a 39210020 60000000 39200000 0b090000 60000000 e93e0108 692a0002 794affe2 0b0a0000 69294000 792997e2 <0b090000> e93e0138 792907e0 0b090000
[    1.859199] ---[ end trace 0000000000000000 ]---
[    1.859407]
[    2.859747] note: swapper/0[1] exited with irqs disabled
[    2.862681] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005
[    2.864206] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005 ]---

IIRC, this occurs when running on a non-pseries machine, as I think this
is a similar crash to commit a66de5283e16 ("powerpc/pseries: Fix plpks
crash on non-pseries"), but I am not sure if that fix is appropriate or
not here, hence just the report. If there is any additional information
I can provide or patches I can test, I am more than happy to do so.

[1]: https://github.com/openSUSE/kernel-source/raw/master/config/ppc64le/default
[2]: https://github.com/ClangBuiltLinux/boot-utils/releases

Cheers,
Nathan

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Jens Axboe]

On 9/13/23 12:59 PM, Nathan Chancellor wrote:
> Hi Greg,
> 
> On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>>
>> Define operations for SED Opal to read/write keys
>> from POWER LPAR Platform KeyStore(PLPKS). This allows
>> non-volatile storage of SED Opal keys.
>>
>> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
>> Reviewed-by: Hannes Reinecke <hare@suse.de>
> 
> After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
> PLPKS SED Opal keystore support"), I see the following crash when
> booting some distribution configurations, such as OpenSUSE's [1] (the
> rootfs is available at [2] if necessary):

I'll drop the series for now - I didn't push out the main branch just
yet as I don't publish the block next tree until at least at -rc2 time,
so it's just in a private branch for now.

-- 
Jens Axboe

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Jens Axboe]

On 9/13/23 12:59 PM, Nathan Chancellor wrote:
> Hi Greg,
> 
> On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>>
>> Define operations for SED Opal to read/write keys
>> from POWER LPAR Platform KeyStore(PLPKS). This allows
>> non-volatile storage of SED Opal keys.
>>
>> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
>> Reviewed-by: Hannes Reinecke <hare@suse.de>
> 
> After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
> PLPKS SED Opal keystore support"), I see the following crash when
> booting some distribution configurations, such as OpenSUSE's [1] (the
> rootfs is available at [2] if necessary):

I'll drop the series for now - I didn't push out the main branch just
yet as I don't publish the block next tree until at least at -rc2 time,
so it's just in a private branch for now.

-- 
Jens Axboe

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nick Desaulniers]

On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org> wrote:
>
> Hi Greg,
>
> On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >
> > Add read and write functions that allow SED Opal keys to stored
> > in a permanent keystore.
> >
> > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > ---
> >  block/Makefile               |  2 +-
> >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> >  3 files changed, 40 insertions(+), 1 deletion(-)
> >  create mode 100644 block/sed-opal-key.c
> >  create mode 100644 include/linux/sed-opal-key.h
> >
> > diff --git a/block/Makefile b/block/Makefile
> > index 46ada9dc8bbf..ea07d80402a6 100644
> > --- a/block/Makefile
> > +++ b/block/Makefile
> > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-profile.o \
> >                                          blk-crypto-sysfs.o
> > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > new file mode 100644
> > index 000000000000..16f380164c44
> > --- /dev/null
> > +++ b/block/sed-opal-key.c
> > @@ -0,0 +1,24 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * SED key operations.
> > + *
> > + * Copyright (C) 2022 IBM Corporation
> > + *
> > + * These are the accessor functions (read/write) for SED Opal
> > + * keys. Specific keystores can provide overrides.
> > + *
> > + */
> > +
> > +#include <linux/kernel.h>
> > +#include <linux/errno.h>
> > +#include <linux/sed-opal-key.h>
> > +
> > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> > +     return -EOPNOTSUPP;
> > +}
> > +
> > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > +{
> > +     return -EOPNOTSUPP;
> > +}
>
> This change causes a build failure for certain clang configurations due
> to an unfortunate issue [1] with recordmcount, clang's integrated
> assembler, and object files that contain a section with only weak
> functions/symbols (in this case, the .text section in sed-opal-key.c),
> resulting in
>
>   Cannot find symbol for section 2: .text.
>   block/sed-opal-key.o: failed
>
> when building this file.

The definitions in
block/sed-opal-key.c
should be deleted. Instead, in
include/linux/sed-opal-key.h
CONFIG_PSERIES_PLPKS_SED should be used to define static inline
versions when CONFIG_PSERIES_PLPKS_SED is not defined.

#ifdef CONFIG_PSERIES_PLPKS_SED
int sed_read_key(char *keyname, char *key, u_int *keylen);
int sed_write_key(char *keyname, char *key, u_int keylen);
#else
static inline
int sed_read_key(char *keyname, char *key, u_int *keylen) {
  return -EOPNOTSUPP;
}
static inline
int sed_write_key(char *keyname, char *key, u_int keylen);
  return -EOPNOTSUPP;
}
#endif

>
> Is there any real reason to have a separate translation unit for these
> two functions versus just having them living in sed-opal.c? Those two
> object files share the same Kconfig dependency. I am happy to send a
> patch if that is an acceptable approach.
>
> [1]: https://github.com/ClangBuiltLinux/linux/issues/981
>
> Cheers,
> Nathan
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nick Desaulniers]

On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org> wrote:
>
> Hi Greg,
>
> On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >
> > Add read and write functions that allow SED Opal keys to stored
> > in a permanent keystore.
> >
> > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > ---
> >  block/Makefile               |  2 +-
> >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> >  3 files changed, 40 insertions(+), 1 deletion(-)
> >  create mode 100644 block/sed-opal-key.c
> >  create mode 100644 include/linux/sed-opal-key.h
> >
> > diff --git a/block/Makefile b/block/Makefile
> > index 46ada9dc8bbf..ea07d80402a6 100644
> > --- a/block/Makefile
> > +++ b/block/Makefile
> > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-profile.o \
> >                                          blk-crypto-sysfs.o
> > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > new file mode 100644
> > index 000000000000..16f380164c44
> > --- /dev/null
> > +++ b/block/sed-opal-key.c
> > @@ -0,0 +1,24 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * SED key operations.
> > + *
> > + * Copyright (C) 2022 IBM Corporation
> > + *
> > + * These are the accessor functions (read/write) for SED Opal
> > + * keys. Specific keystores can provide overrides.
> > + *
> > + */
> > +
> > +#include <linux/kernel.h>
> > +#include <linux/errno.h>
> > +#include <linux/sed-opal-key.h>
> > +
> > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> > +     return -EOPNOTSUPP;
> > +}
> > +
> > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > +{
> > +     return -EOPNOTSUPP;
> > +}
>
> This change causes a build failure for certain clang configurations due
> to an unfortunate issue [1] with recordmcount, clang's integrated
> assembler, and object files that contain a section with only weak
> functions/symbols (in this case, the .text section in sed-opal-key.c),
> resulting in
>
>   Cannot find symbol for section 2: .text.
>   block/sed-opal-key.o: failed
>
> when building this file.

The definitions in
block/sed-opal-key.c
should be deleted. Instead, in
include/linux/sed-opal-key.h
CONFIG_PSERIES_PLPKS_SED should be used to define static inline
versions when CONFIG_PSERIES_PLPKS_SED is not defined.

#ifdef CONFIG_PSERIES_PLPKS_SED
int sed_read_key(char *keyname, char *key, u_int *keylen);
int sed_write_key(char *keyname, char *key, u_int keylen);
#else
static inline
int sed_read_key(char *keyname, char *key, u_int *keylen) {
  return -EOPNOTSUPP;
}
static inline
int sed_write_key(char *keyname, char *key, u_int keylen);
  return -EOPNOTSUPP;
}
#endif

>
> Is there any real reason to have a separate translation unit for these
> two functions versus just having them living in sed-opal.c? Those two
> object files share the same Kconfig dependency. I am happy to send a
> patch if that is an acceptable approach.
>
> [1]: https://github.com/ClangBuiltLinux/linux/issues/981
>
> Cheers,
> Nathan
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nathan Chancellor]

On Wed, Sep 13, 2023 at 01:49:39PM -0700, Nick Desaulniers wrote:
> On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org> wrote:
> >
> > Hi Greg,
> >
> > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > >
> > > Add read and write functions that allow SED Opal keys to stored
> > > in a permanent keystore.
> > >
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > ---
> > >  block/Makefile               |  2 +-
> > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > >  create mode 100644 block/sed-opal-key.c
> > >  create mode 100644 include/linux/sed-opal-key.h
> > >
> > > diff --git a/block/Makefile b/block/Makefile
> > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > --- a/block/Makefile
> > > +++ b/block/Makefile
> > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-profile.o \
> > >                                          blk-crypto-sysfs.o
> > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > new file mode 100644
> > > index 000000000000..16f380164c44
> > > --- /dev/null
> > > +++ b/block/sed-opal-key.c
> > > @@ -0,0 +1,24 @@
> > > +// SPDX-License-Identifier: GPL-2.0-only
> > > +/*
> > > + * SED key operations.
> > > + *
> > > + * Copyright (C) 2022 IBM Corporation
> > > + *
> > > + * These are the accessor functions (read/write) for SED Opal
> > > + * keys. Specific keystores can provide overrides.
> > > + *
> > > + */
> > > +
> > > +#include <linux/kernel.h>
> > > +#include <linux/errno.h>
> > > +#include <linux/sed-opal-key.h>
> > > +
> > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > > +
> > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> >
> > This change causes a build failure for certain clang configurations due
> > to an unfortunate issue [1] with recordmcount, clang's integrated
> > assembler, and object files that contain a section with only weak
> > functions/symbols (in this case, the .text section in sed-opal-key.c),
> > resulting in
> >
> >   Cannot find symbol for section 2: .text.
> >   block/sed-opal-key.o: failed
> >
> > when building this file.
> 
> The definitions in
> block/sed-opal-key.c
> should be deleted. Instead, in
> include/linux/sed-opal-key.h
> CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> 
> #ifdef CONFIG_PSERIES_PLPKS_SED
> int sed_read_key(char *keyname, char *key, u_int *keylen);
> int sed_write_key(char *keyname, char *key, u_int keylen);
> #else
> static inline
> int sed_read_key(char *keyname, char *key, u_int *keylen) {
>   return -EOPNOTSUPP;
> }
> static inline
> int sed_write_key(char *keyname, char *key, u_int keylen);
>   return -EOPNOTSUPP;
> }
> #endif

Ah yes, this is the other solution. I figured the way that it was
written, sed_read_key() and sed_write_key() may be overridden by a
different architecture or translation unit in the future but I think
until it is needed, your solution would be perfectly fine. Thanks for
taking a look!

Cheers,
Nathan

> > Is there any real reason to have a separate translation unit for these
> > two functions versus just having them living in sed-opal.c? Those two
> > object files share the same Kconfig dependency. I am happy to send a
> > patch if that is an acceptable approach.
> >
> > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> >
> > Cheers,
> > Nathan
> >
> 
> 
> -- 
> Thanks,
> ~Nick Desaulniers

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nathan Chancellor]

On Wed, Sep 13, 2023 at 01:49:39PM -0700, Nick Desaulniers wrote:
> On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org> wrote:
> >
> > Hi Greg,
> >
> > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > >
> > > Add read and write functions that allow SED Opal keys to stored
> > > in a permanent keystore.
> > >
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > ---
> > >  block/Makefile               |  2 +-
> > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > >  create mode 100644 block/sed-opal-key.c
> > >  create mode 100644 include/linux/sed-opal-key.h
> > >
> > > diff --git a/block/Makefile b/block/Makefile
> > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > --- a/block/Makefile
> > > +++ b/block/Makefile
> > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-profile.o \
> > >                                          blk-crypto-sysfs.o
> > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > new file mode 100644
> > > index 000000000000..16f380164c44
> > > --- /dev/null
> > > +++ b/block/sed-opal-key.c
> > > @@ -0,0 +1,24 @@
> > > +// SPDX-License-Identifier: GPL-2.0-only
> > > +/*
> > > + * SED key operations.
> > > + *
> > > + * Copyright (C) 2022 IBM Corporation
> > > + *
> > > + * These are the accessor functions (read/write) for SED Opal
> > > + * keys. Specific keystores can provide overrides.
> > > + *
> > > + */
> > > +
> > > +#include <linux/kernel.h>
> > > +#include <linux/errno.h>
> > > +#include <linux/sed-opal-key.h>
> > > +
> > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > > +
> > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> >
> > This change causes a build failure for certain clang configurations due
> > to an unfortunate issue [1] with recordmcount, clang's integrated
> > assembler, and object files that contain a section with only weak
> > functions/symbols (in this case, the .text section in sed-opal-key.c),
> > resulting in
> >
> >   Cannot find symbol for section 2: .text.
> >   block/sed-opal-key.o: failed
> >
> > when building this file.
> 
> The definitions in
> block/sed-opal-key.c
> should be deleted. Instead, in
> include/linux/sed-opal-key.h
> CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> 
> #ifdef CONFIG_PSERIES_PLPKS_SED
> int sed_read_key(char *keyname, char *key, u_int *keylen);
> int sed_write_key(char *keyname, char *key, u_int keylen);
> #else
> static inline
> int sed_read_key(char *keyname, char *key, u_int *keylen) {
>   return -EOPNOTSUPP;
> }
> static inline
> int sed_write_key(char *keyname, char *key, u_int keylen);
>   return -EOPNOTSUPP;
> }
> #endif

Ah yes, this is the other solution. I figured the way that it was
written, sed_read_key() and sed_write_key() may be overridden by a
different architecture or translation unit in the future but I think
until it is needed, your solution would be perfectly fine. Thanks for
taking a look!

Cheers,
Nathan

> > Is there any real reason to have a separate translation unit for these
> > two functions versus just having them living in sed-opal.c? Those two
> > object files share the same Kconfig dependency. I am happy to send a
> > patch if that is an acceptable approach.
> >
> > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> >
> > Cheers,
> > Nathan
> >
> 
> 
> -- 
> Thanks,
> ~Nick Desaulniers

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Michael Ellerman]

Nathan Chancellor <nathan@kernel.org> writes:
> Hi Greg,
>
> On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>>
>> Define operations for SED Opal to read/write keys
>> from POWER LPAR Platform KeyStore(PLPKS). This allows
>> non-volatile storage of SED Opal keys.
>>
>> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
>> Reviewed-by: Hannes Reinecke <hare@suse.de>
>
> After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
> PLPKS SED Opal keystore support"), I see the following crash when
> booting some distribution configurations, such as OpenSUSE's [1] (the
> rootfs is available at [2] if necessary):

Thanks for testing Nathan.

The code needs to check plpks_is_available() somewhere, before calling
the plpks routines.

cheers

> $ qemu-system-ppc64 \
>     -display none \
>     -nodefaults \
>     -device ipmi-bmc-sim,id=bmc0 \
>     -device isa-ipmi-bt,bmc=bmc0,irq=10 \
>     -machine powernv \
>     -kernel arch/powerpc/boot/zImage.epapr \
>     -initrd ppc64le-rootfs.cpio \
>     -m 2G \
>     -serial mon:stdio
> ...
> [    0.000000] Linux version 6.6.0-rc1-00004-g9f2c7411ada9 (nathan@dev-arch.thelio-3990X) (powerpc64-linux-gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 2.41) #1 SMP Wed Sep 13 11:53:38 MST 2023
> ...
> [    1.808911] ------------[ cut here ]------------
> [    1.810336] kernel BUG at arch/powerpc/kernel/syscall.c:34!
> [    1.810799] Oops: Exception in kernel mode, sig: 5 [#1]
> [    1.810985] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
> [    1.811191] Modules linked in:
> [    1.811483] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc1-00004-g9f2c7411ada9 #1
> [    1.811825] Hardware name: IBM PowerNV (emulated by qemu) POWER9 0x4e1202 opal:v7.0 PowerNV
> [    1.812133] NIP:  c00000000002c8c4 LR: c00000000000d620 CTR: c00000000000d4c0
> [    1.812335] REGS: c000000002deb7b0 TRAP: 0700   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.812595] MSR:  9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 20040004
> [    1.812930] CFAR: c00000000000d61c IRQMASK: 3
> [    1.812930] GPR00: c00000000000d620 c000000002deba50 c0000000015ef400 c000000002debe80
> [    1.812930] GPR04: 000000004800028d 0000000000000000 0000000000000000 0000000000000000
> [    1.812930] GPR08: 0000000079cd0000 0000000000000001 0000000000000000 0000000000000000
> [    1.812930] GPR12: 0000000000000000 c0000000028b0000 0000000000000000 0000000000000000
> [    1.812930] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.812930] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.812930] GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.812930] GPR28: 0000000000000000 000000004800028d c000000002debe80 c000000002debe10
> [    1.814858] NIP [c00000000002c8c4] system_call_exception+0x84/0x250
> [    1.815480] LR [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.815772] Call Trace:
> [    1.815929] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.816178] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.816330] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.816518] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.816740] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.817039] IRQMASK: 0
> [    1.817039] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.817039] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.817039] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.817039] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.817039] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.817039] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.817039] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.817039] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.818785] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.818929] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.819093] --- interrupt: c00
> [    1.819195] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.819433] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.819617] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.819823] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.820017] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.820229] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.820411] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.820614] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.820755] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.820940] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.821157] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.821444] IRQMASK: 0
> [    1.821444] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.821444] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.821444] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.821444] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.821444] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.821444] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.821444] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.821444] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.823188] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.823331] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.823493] --- interrupt: c00
> [    1.823585] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.823813] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.823996] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.824183] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.824370] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.824577] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.824764] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.824965] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.825105] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.825290] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.825505] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.825795] IRQMASK: 0
> [    1.825795] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.825795] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.825795] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.825795] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.825795] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.825795] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.825795] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.825795] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.827538] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.827682] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.827842] --- interrupt: c00
> [    1.827930] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.828154] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.828335] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.828522] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.828712] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.828917] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.829098] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.829300] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.829443] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.829627] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.829841] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.830127] IRQMASK: 0
> [    1.830127] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.830127] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.830127] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.830127] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.830127] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.830127] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.830127] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.830127] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.831867] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.832011] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.832168] --- interrupt: c00
> [    1.832255] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.832476] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.832661] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.832845] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.833037] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.833243] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.833423] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.833631] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.833778] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.833964] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.834179] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.834466] IRQMASK: 0
> [    1.834466] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.834466] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.834466] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.834466] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.834466] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.834466] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.834466] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.834466] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.836206] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.836349] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.836505] --- interrupt: c00
> [    1.836592] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.836819] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.837002] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.837187] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.837380] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.837587] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.837772] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.837978] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.838117] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.838305] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.838521] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.838803] IRQMASK: 0
> [    1.838803] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.838803] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.838803] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.838803] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.838803] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.838803] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.838803] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.838803] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.840549] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.840699] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.840854] --- interrupt: c00
> [    1.840940] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.841164] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.841347] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.841538] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.841727] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.841932] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.842114] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.842311] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.842453] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.842638] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.842856] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.843143] IRQMASK: 0
> [    1.843143] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.843143] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.843143] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.843143] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.843143] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.843143] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.843143] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.843143] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.844880] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.845027] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.845184] --- interrupt: c00
> [    1.845272] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.845491] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.845674] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.845857] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.846043] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.846246] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.846429] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.846625] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.846775] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.846965] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.847178] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.847457] IRQMASK: 0
> [    1.847457] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.847457] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.847457] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.847457] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.847457] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.847457] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.847457] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.847457] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.849184] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.849328] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.849483] --- interrupt: c00
> [    1.849571] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.849795] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.849976] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.850165] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.850359] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.850561] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.850743] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.850943] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.851082] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.851264] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.851480] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.851762] IRQMASK: 0
> [    1.851762] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.851762] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.851762] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.851762] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.851762] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.851762] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.851762] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.851762] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.853506] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.853654] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.853811] --- interrupt: c00
> [    1.853897] [c000000002deb950] [c0000000000fb528] plpks_read_var+0x1d8/0x290 (unreliable)
> [    1.854119] [c000000002deba10] [c0000000000fc1ac] sed_read_key+0x9c/0x170
> [    1.854303] [c000000002debad0] [c0000000020541a8] sed_opal_init+0xac/0x174
> [    1.854488] [c000000002debc50] [c000000000010ad0] do_one_initcall+0x80/0x3b0
> [    1.854677] [c000000002debd30] [c000000002004860] kernel_init_freeable+0x338/0x3dc
> [    1.854877] [c000000002debdf0] [c0000000000111b0] kernel_init+0x30/0x1a0
> [    1.855061] [c000000002debe50] [c00000000000d620] system_call_common+0x160/0x2c4
> [    1.855262] --- interrupt: c00 at plpar_hcall+0x38/0x60
> [    1.855404] NIP:  c0000000000e43f8 LR: c0000000000fb558 CTR: 0000000000000000
> [    1.855587] REGS: c000000002debe80 TRAP: 0c00   Not tainted  (6.6.0-rc1-00004-g9f2c7411ada9)
> [    1.855805] MSR:  900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 2800028d  XER: 00000000
> [    1.856090] IRQMASK: 0
> [    1.856090] GPR00: 000000004800028d c000000002deb950 c0000000015ef400 0000000000000434
> [    1.856090] GPR04: 00000000028eb190 0000000028ac6600 000000000000001d 0000000000000010
> [    1.856090] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.856090] GPR12: 0000000000000000 c0000000028b0000 c000000000011188 0000000000000000
> [    1.856090] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.856090] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [    1.856090] GPR24: 0000000000000000 0000000000000000 0000000000000000 c000000028ac6600
> [    1.856090] GPR28: 0000000000000010 c0000000028eb190 c000000028ac6600 c000000002deba30
> [    1.857848] NIP [c0000000000e43f8] plpar_hcall+0x38/0x60
> [    1.857992] LR [c0000000000fb558] plpks_read_var+0x208/0x290
> [    1.858148] --- interrupt: c00
> [    1.858325] Code: 7d41496a 39210020 60000000 39200000 0b090000 60000000 e93e0108 692a0002 794affe2 0b0a0000 69294000 792997e2 <0b090000> e93e0138 792907e0 0b090000
> [    1.859199] ---[ end trace 0000000000000000 ]---
> [    1.859407]
> [    2.859747] note: swapper/0[1] exited with irqs disabled
> [    2.862681] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005
> [    2.864206] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000005 ]---
>
> IIRC, this occurs when running on a non-pseries machine, as I think this
> is a similar crash to commit a66de5283e16 ("powerpc/pseries: Fix plpks
> crash on non-pseries"), but I am not sure if that fix is appropriate or
> not here, hence just the report. If there is any additional information
> I can provide or patches I can test, I am more than happy to do so.
>
> [1]: https://github.com/openSUSE/kernel-source/raw/master/config/ppc64le/default
> [2]: https://github.com/ClangBuiltLinux/boot-utils/releases
>
> Cheers,
> Nathan

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Michal Suchánek]

Hello,

On Thu, Sep 14, 2023 at 02:13:32PM +1000, Michael Ellerman wrote:
> Nathan Chancellor <nathan@kernel.org> writes:
> > Hi Greg,
> >
> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> >> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >>
> >> Define operations for SED Opal to read/write keys
> >> from POWER LPAR Platform KeyStore(PLPKS). This allows
> >> non-volatile storage of SED Opal keys.
> >>
> >> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> >> Reviewed-by: Hannes Reinecke <hare@suse.de>
> >
> > After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
> > PLPKS SED Opal keystore support"), I see the following crash when
> > booting some distribution configurations, such as OpenSUSE's [1] (the
> > rootfs is available at [2] if necessary):
> 
> Thanks for testing Nathan.
> 
> The code needs to check plpks_is_available() somewhere, before calling
> the plpks routines.

would this fixup do it?

I don't really see any other place to plug the check with the current
code structure.

Thanks

Michal

diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
index c1d08075e850..f8038d998eae 100644
--- a/arch/powerpc/platforms/pseries/plpks_sed_ops.c
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -64,6 +64,9 @@ int sed_read_key(char *keyname, char *key, u_int *keylen)
 	int ret;
 	u_int len;
 
+	if (!plpks_is_available())
+		return -ENODEV;
+
 	plpks_init_var(&var, keyname);
 	var.data = (u8 *)&data;
 	var.datalen = sizeof(data);
@@ -89,6 +92,9 @@ int sed_write_key(char *keyname, char *key, u_int keylen)
 	struct plpks_sed_object_data data;
 	struct plpks_var_name vname;
 
+	if (!plpks_is_available())
+		return -ENODEV;
+
 	plpks_init_var(&var, keyname);
 
 	var.datalen = sizeof(struct plpks_sed_object_data);
-- 
2.41.0

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Michal Suchánek]

Hello,

On Thu, Sep 14, 2023 at 02:13:32PM +1000, Michael Ellerman wrote:
> Nathan Chancellor <nathan@kernel.org> writes:
> > Hi Greg,
> >
> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
> >> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >>
> >> Define operations for SED Opal to read/write keys
> >> from POWER LPAR Platform KeyStore(PLPKS). This allows
> >> non-volatile storage of SED Opal keys.
> >>
> >> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> >> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> >> Reviewed-by: Hannes Reinecke <hare@suse.de>
> >
> > After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
> > PLPKS SED Opal keystore support"), I see the following crash when
> > booting some distribution configurations, such as OpenSUSE's [1] (the
> > rootfs is available at [2] if necessary):
> 
> Thanks for testing Nathan.
> 
> The code needs to check plpks_is_available() somewhere, before calling
> the plpks routines.

would this fixup do it?

I don't really see any other place to plug the check with the current
code structure.

Thanks

Michal

diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
index c1d08075e850..f8038d998eae 100644
--- a/arch/powerpc/platforms/pseries/plpks_sed_ops.c
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -64,6 +64,9 @@ int sed_read_key(char *keyname, char *key, u_int *keylen)
 	int ret;
 	u_int len;
 
+	if (!plpks_is_available())
+		return -ENODEV;
+
 	plpks_init_var(&var, keyname);
 	var.data = (u8 *)&data;
 	var.datalen = sizeof(data);
@@ -89,6 +92,9 @@ int sed_write_key(char *keyname, char *key, u_int keylen)
 	struct plpks_sed_object_data data;
 	struct plpks_var_name vname;
 
+	if (!plpks_is_available())
+		return -ENODEV;
+
 	plpks_init_var(&var, keyname);
 
 	var.datalen = sizeof(struct plpks_sed_object_data);
-- 
2.41.0

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Michael Ellerman]

Michal Suchánek <msuchanek@suse.de> writes:
> Hello,
>
> On Thu, Sep 14, 2023 at 02:13:32PM +1000, Michael Ellerman wrote:
>> Nathan Chancellor <nathan@kernel.org> writes:
>> > Hi Greg,
>> >
>> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> >> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> >>
>> >> Define operations for SED Opal to read/write keys
>> >> from POWER LPAR Platform KeyStore(PLPKS). This allows
>> >> non-volatile storage of SED Opal keys.
>> >>
>> >> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> >> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
>> >> Reviewed-by: Hannes Reinecke <hare@suse.de>
>> >
>> > After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
>> > PLPKS SED Opal keystore support"), I see the following crash when
>> > booting some distribution configurations, such as OpenSUSE's [1] (the
>> > rootfs is available at [2] if necessary):
>> 
>> Thanks for testing Nathan.
>> 
>> The code needs to check plpks_is_available() somewhere, before calling
>> the plpks routines.
>
> would this fixup do it?
>
> I don't really see any other place to plug the check with the current
> code structure.
 
I think the plpks_sed code should call plpks_is_available() once at init
time and cache the result.

Otherwise it's will be doing an extra hcall (in _plpks_get_config()) for
every call, which would be wasteful. 

cheers

> diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> index c1d08075e850..f8038d998eae 100644
> --- a/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> +++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> @@ -64,6 +64,9 @@ int sed_read_key(char *keyname, char *key, u_int *keylen)
>  	int ret;
>  	u_int len;
>  
> +	if (!plpks_is_available())
> +		return -ENODEV;
> +
>  	plpks_init_var(&var, keyname);
>  	var.data = (u8 *)&data;
>  	var.datalen = sizeof(data);
> @@ -89,6 +92,9 @@ int sed_write_key(char *keyname, char *key, u_int keylen)
>  	struct plpks_sed_object_data data;
>  	struct plpks_var_name vname;
>  
> +	if (!plpks_is_available())
> +		return -ENODEV;
> +
>  	plpks_init_var(&var, keyname);
>  
>  	var.datalen = sizeof(struct plpks_sed_object_data);
> -- 
> 2.41.0

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Michael Ellerman]

Michal Suchánek <msuchanek@suse.de> writes:
> Hello,
>
> On Thu, Sep 14, 2023 at 02:13:32PM +1000, Michael Ellerman wrote:
>> Nathan Chancellor <nathan@kernel.org> writes:
>> > Hi Greg,
>> >
>> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> >> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> >>
>> >> Define operations for SED Opal to read/write keys
>> >> from POWER LPAR Platform KeyStore(PLPKS). This allows
>> >> non-volatile storage of SED Opal keys.
>> >>
>> >> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> >> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
>> >> Reviewed-by: Hannes Reinecke <hare@suse.de>
>> >
>> > After this change in -next as commit 9f2c7411ada9 ("powerpc/pseries:
>> > PLPKS SED Opal keystore support"), I see the following crash when
>> > booting some distribution configurations, such as OpenSUSE's [1] (the
>> > rootfs is available at [2] if necessary):
>> 
>> Thanks for testing Nathan.
>> 
>> The code needs to check plpks_is_available() somewhere, before calling
>> the plpks routines.
>
> would this fixup do it?
>
> I don't really see any other place to plug the check with the current
> code structure.
 
I think the plpks_sed code should call plpks_is_available() once at init
time and cache the result.

Otherwise it's will be doing an extra hcall (in _plpks_get_config()) for
every call, which would be wasteful. 

cheers

> diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> index c1d08075e850..f8038d998eae 100644
> --- a/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> +++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> @@ -64,6 +64,9 @@ int sed_read_key(char *keyname, char *key, u_int *keylen)
>  	int ret;
>  	u_int len;
>  
> +	if (!plpks_is_available())
> +		return -ENODEV;
> +
>  	plpks_init_var(&var, keyname);
>  	var.data = (u8 *)&data;
>  	var.datalen = sizeof(data);
> @@ -89,6 +92,9 @@ int sed_write_key(char *keyname, char *key, u_int keylen)
>  	struct plpks_sed_object_data data;
>  	struct plpks_var_name vname;
>  
> +	if (!plpks_is_available())
> +		return -ENODEV;
> +
>  	plpks_init_var(&var, keyname);
>  
>  	var.datalen = sizeof(struct plpks_sed_object_data);
> -- 
> 2.41.0

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Greg Joyce]

On Wed, 2023-09-13 at 13:15 -0600, Jens Axboe wrote:
> On 9/13/23 12:59 PM, Nathan Chancellor wrote:
> > Hi Greg,
> > 
> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com
> >  wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > 
> > > Define operations for SED Opal to read/write keys
> > > from POWER LPAR Platform KeyStore(PLPKS). This allows
> > > non-volatile storage of SED Opal keys.
> > > 
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > Reviewed-by: Hannes Reinecke <hare@suse.de>
> > 
> > After this change in -next as commit 9f2c7411ada9
> > ("powerpc/pseries:
> > PLPKS SED Opal keystore support"), I see the following crash when
> > booting some distribution configurations, such as OpenSUSE's [1]
> > (the
> > rootfs is available at [2] if necessary):
> 
> I'll drop the series for now - I didn't push out the main branch just
> yet as I don't publish the block next tree until at least at -rc2
> time,
> so it's just in a private branch for now.
> 

Agreed. I need to figure out:

1) best place to use plpks_is_available() to prevent a crash when PLPKS
is not present in pseries.

2) Resolve issues compiling with clang

3) declare plpks_init_var() as static

Greg

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Greg Joyce]

On Wed, 2023-09-13 at 13:15 -0600, Jens Axboe wrote:
> On 9/13/23 12:59 PM, Nathan Chancellor wrote:
> > Hi Greg,
> > 
> > On Fri, Sep 08, 2023 at 10:30:56AM -0500, gjoyce@linux.vnet.ibm.com
> >  wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > 
> > > Define operations for SED Opal to read/write keys
> > > from POWER LPAR Platform KeyStore(PLPKS). This allows
> > > non-volatile storage of SED Opal keys.
> > > 
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > Reviewed-by: Hannes Reinecke <hare@suse.de>
> > 
> > After this change in -next as commit 9f2c7411ada9
> > ("powerpc/pseries:
> > PLPKS SED Opal keystore support"), I see the following crash when
> > booting some distribution configurations, such as OpenSUSE's [1]
> > (the
> > rootfs is available at [2] if necessary):
> 
> I'll drop the series for now - I didn't push out the main branch just
> yet as I don't publish the block next tree until at least at -rc2
> time,
> so it's just in a private branch for now.
> 

Agreed. I need to figure out:

1) best place to use plpks_is_available() to prevent a crash when PLPKS
is not present in pseries.

2) Resolve issues compiling with clang

3) declare plpks_init_var() as static

Greg

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Greg Joyce]

On Wed, 2023-09-13 at 13:49 -0700, Nick Desaulniers wrote:
> On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org>
> wrote:
> > Hi Greg,
> > 
> > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com
> >  wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > 
> > > Add read and write functions that allow SED Opal keys to stored
> > > in a permanent keystore.
> > > 
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > ---
> > >  block/Makefile               |  2 +-
> > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > >  create mode 100644 block/sed-opal-key.c
> > >  create mode 100644 include/linux/sed-opal-key.h
> > > 
> > > diff --git a/block/Makefile b/block/Makefile
> > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > --- a/block/Makefile
> > > +++ b/block/Makefile
> > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-
> > > profile.o \
> > >                                          blk-crypto-sysfs.o
> > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > new file mode 100644
> > > index 000000000000..16f380164c44
> > > --- /dev/null
> > > +++ b/block/sed-opal-key.c
> > > @@ -0,0 +1,24 @@
> > > +// SPDX-License-Identifier: GPL-2.0-only
> > > +/*
> > > + * SED key operations.
> > > + *
> > > + * Copyright (C) 2022 IBM Corporation
> > > + *
> > > + * These are the accessor functions (read/write) for SED Opal
> > > + * keys. Specific keystores can provide overrides.
> > > + *
> > > + */
> > > +
> > > +#include <linux/kernel.h>
> > > +#include <linux/errno.h>
> > > +#include <linux/sed-opal-key.h>
> > > +
> > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > > +
> > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > 
> > This change causes a build failure for certain clang configurations
> > due
> > to an unfortunate issue [1] with recordmcount, clang's integrated
> > assembler, and object files that contain a section with only weak
> > functions/symbols (in this case, the .text section in sed-opal-
> > key.c),
> > resulting in
> > 
> >   Cannot find symbol for section 2: .text.
> >   block/sed-opal-key.o: failed
> > 
> > when building this file.
> 
> The definitions in
> block/sed-opal-key.c
> should be deleted. Instead, in
> include/linux/sed-opal-key.h
> CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> 
> #ifdef CONFIG_PSERIES_PLPKS_SED
> int sed_read_key(char *keyname, char *key, u_int *keylen);
> int sed_write_key(char *keyname, char *key, u_int keylen);
> #else
> static inline
> int sed_read_key(char *keyname, char *key, u_int *keylen) {
>   return -EOPNOTSUPP;
> }
> static inline
> int sed_write_key(char *keyname, char *key, u_int keylen);
>   return -EOPNOTSUPP;
> }
> #endif

This change will certainly work for pseries. The intent of the weak
functions was to allow a different unknown permanent keystore to be the
source for seeding SED Opal keys. It also kept platform specific code
out of the block directory.

I'm happy to switch to the approach above, if losing those two goals
isn't a concern.

> 
> > Is there any real reason to have a separate translation unit for
> > these
> > two functions versus just having them living in sed-opal.c? Those
> > two
> > object files share the same Kconfig dependency. I am happy to send
> > a
> > patch if that is an acceptable approach.
> > 
> > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> > 
> > Cheers,
> > Nathan
> > 
> 
> 

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Greg Joyce]

On Wed, 2023-09-13 at 13:49 -0700, Nick Desaulniers wrote:
> On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org>
> wrote:
> > Hi Greg,
> > 
> > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com
> >  wrote:
> > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > 
> > > Add read and write functions that allow SED Opal keys to stored
> > > in a permanent keystore.
> > > 
> > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > ---
> > >  block/Makefile               |  2 +-
> > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > >  create mode 100644 block/sed-opal-key.c
> > >  create mode 100644 include/linux/sed-opal-key.h
> > > 
> > > diff --git a/block/Makefile b/block/Makefile
> > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > --- a/block/Makefile
> > > +++ b/block/Makefile
> > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-
> > > profile.o \
> > >                                          blk-crypto-sysfs.o
> > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > new file mode 100644
> > > index 000000000000..16f380164c44
> > > --- /dev/null
> > > +++ b/block/sed-opal-key.c
> > > @@ -0,0 +1,24 @@
> > > +// SPDX-License-Identifier: GPL-2.0-only
> > > +/*
> > > + * SED key operations.
> > > + *
> > > + * Copyright (C) 2022 IBM Corporation
> > > + *
> > > + * These are the accessor functions (read/write) for SED Opal
> > > + * keys. Specific keystores can provide overrides.
> > > + *
> > > + */
> > > +
> > > +#include <linux/kernel.h>
> > > +#include <linux/errno.h>
> > > +#include <linux/sed-opal-key.h>
> > > +
> > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > > +
> > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > +{
> > > +     return -EOPNOTSUPP;
> > > +}
> > 
> > This change causes a build failure for certain clang configurations
> > due
> > to an unfortunate issue [1] with recordmcount, clang's integrated
> > assembler, and object files that contain a section with only weak
> > functions/symbols (in this case, the .text section in sed-opal-
> > key.c),
> > resulting in
> > 
> >   Cannot find symbol for section 2: .text.
> >   block/sed-opal-key.o: failed
> > 
> > when building this file.
> 
> The definitions in
> block/sed-opal-key.c
> should be deleted. Instead, in
> include/linux/sed-opal-key.h
> CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> 
> #ifdef CONFIG_PSERIES_PLPKS_SED
> int sed_read_key(char *keyname, char *key, u_int *keylen);
> int sed_write_key(char *keyname, char *key, u_int keylen);
> #else
> static inline
> int sed_read_key(char *keyname, char *key, u_int *keylen) {
>   return -EOPNOTSUPP;
> }
> static inline
> int sed_write_key(char *keyname, char *key, u_int keylen);
>   return -EOPNOTSUPP;
> }
> #endif

This change will certainly work for pseries. The intent of the weak
functions was to allow a different unknown permanent keystore to be the
source for seeding SED Opal keys. It also kept platform specific code
out of the block directory.

I'm happy to switch to the approach above, if losing those two goals
isn't a concern.

> 
> > Is there any real reason to have a separate translation unit for
> > these
> > two functions versus just having them living in sed-opal.c? Those
> > two
> > object files share the same Kconfig dependency. I am happy to send
> > a
> > patch if that is an acceptable approach.
> > 
> > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> > 
> > Cheers,
> > Nathan
> > 
> 
> 

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nick Desaulniers]

On Wed, Sep 27, 2023 at 1:26 PM Greg Joyce <gjoyce@linux.vnet.ibm.com> wrote:
>
> On Wed, 2023-09-13 at 13:49 -0700, Nick Desaulniers wrote:
> > On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org>
> > wrote:
> > > Hi Greg,
> > >
> > > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com
> > >  wrote:
> > > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > >
> > > > Add read and write functions that allow SED Opal keys to stored
> > > > in a permanent keystore.
> > > >
> > > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > > ---
> > > >  block/Makefile               |  2 +-
> > > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > > >  create mode 100644 block/sed-opal-key.c
> > > >  create mode 100644 include/linux/sed-opal-key.h
> > > >
> > > > diff --git a/block/Makefile b/block/Makefile
> > > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > > --- a/block/Makefile
> > > > +++ b/block/Makefile
> > > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-
> > > > profile.o \
> > > >                                          blk-crypto-sysfs.o
> > > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > > new file mode 100644
> > > > index 000000000000..16f380164c44
> > > > --- /dev/null
> > > > +++ b/block/sed-opal-key.c
> > > > @@ -0,0 +1,24 @@
> > > > +// SPDX-License-Identifier: GPL-2.0-only
> > > > +/*
> > > > + * SED key operations.
> > > > + *
> > > > + * Copyright (C) 2022 IBM Corporation
> > > > + *
> > > > + * These are the accessor functions (read/write) for SED Opal
> > > > + * keys. Specific keystores can provide overrides.
> > > > + *
> > > > + */
> > > > +
> > > > +#include <linux/kernel.h>
> > > > +#include <linux/errno.h>
> > > > +#include <linux/sed-opal-key.h>
> > > > +
> > > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > > +{
> > > > +     return -EOPNOTSUPP;
> > > > +}
> > > > +
> > > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > > +{
> > > > +     return -EOPNOTSUPP;
> > > > +}
> > >
> > > This change causes a build failure for certain clang configurations
> > > due
> > > to an unfortunate issue [1] with recordmcount, clang's integrated
> > > assembler, and object files that contain a section with only weak
> > > functions/symbols (in this case, the .text section in sed-opal-
> > > key.c),
> > > resulting in
> > >
> > >   Cannot find symbol for section 2: .text.
> > >   block/sed-opal-key.o: failed
> > >
> > > when building this file.
> >
> > The definitions in
> > block/sed-opal-key.c
> > should be deleted. Instead, in
> > include/linux/sed-opal-key.h
> > CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> > versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> >
> > #ifdef CONFIG_PSERIES_PLPKS_SED
> > int sed_read_key(char *keyname, char *key, u_int *keylen);
> > int sed_write_key(char *keyname, char *key, u_int keylen);
> > #else
> > static inline
> > int sed_read_key(char *keyname, char *key, u_int *keylen) {
> >   return -EOPNOTSUPP;
> > }
> > static inline
> > int sed_write_key(char *keyname, char *key, u_int keylen);
> >   return -EOPNOTSUPP;
> > }
> > #endif
>
> This change will certainly work for pseries. The intent of the weak
> functions was to allow a different unknown permanent keystore to be the
> source for seeding SED Opal keys. It also kept platform specific code
> out of the block directory.
>
> I'm happy to switch to the approach above, if losing those two goals
> isn't a concern.

Assuming those would have mutually exclusive KConfigs, then the
pattern I describe would be preferred.

>
> >
> > > Is there any real reason to have a separate translation unit for
> > > these
> > > two functions versus just having them living in sed-opal.c? Those
> > > two
> > > object files share the same Kconfig dependency. I am happy to send
> > > a
> > > patch if that is an acceptable approach.
> > >
> > > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> > >
> > > Cheers,
> > > Nathan
> > >
> >
> >
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

[Nick Desaulniers]

On Wed, Sep 27, 2023 at 1:26 PM Greg Joyce <gjoyce@linux.vnet.ibm.com> wrote:
>
> On Wed, 2023-09-13 at 13:49 -0700, Nick Desaulniers wrote:
> > On Wed, Sep 13, 2023 at 9:56 AM Nathan Chancellor <nathan@kernel.org>
> > wrote:
> > > Hi Greg,
> > >
> > > On Fri, Sep 08, 2023 at 10:30:54AM -0500, gjoyce@linux.vnet.ibm.com
> > >  wrote:
> > > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > >
> > > > Add read and write functions that allow SED Opal keys to stored
> > > > in a permanent keystore.
> > > >
> > > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> > > > ---
> > > >  block/Makefile               |  2 +-
> > > >  block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> > > >  include/linux/sed-opal-key.h | 15 +++++++++++++++
> > > >  3 files changed, 40 insertions(+), 1 deletion(-)
> > > >  create mode 100644 block/sed-opal-key.c
> > > >  create mode 100644 include/linux/sed-opal-key.h
> > > >
> > > > diff --git a/block/Makefile b/block/Makefile
> > > > index 46ada9dc8bbf..ea07d80402a6 100644
> > > > --- a/block/Makefile
> > > > +++ b/block/Makefile
> > > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o
> > > >  obj-$(CONFIG_BLK_WBT)                += blk-wbt.o
> > > >  obj-$(CONFIG_BLK_DEBUG_FS)   += blk-mq-debugfs.o
> > > >  obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > > > -obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o
> > > > +obj-$(CONFIG_BLK_SED_OPAL)   += sed-opal.o sed-opal-key.o
> > > >  obj-$(CONFIG_BLK_PM)         += blk-pm.o
> > > >  obj-$(CONFIG_BLK_INLINE_ENCRYPTION)  += blk-crypto.o blk-crypto-
> > > > profile.o \
> > > >                                          blk-crypto-sysfs.o
> > > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > > > new file mode 100644
> > > > index 000000000000..16f380164c44
> > > > --- /dev/null
> > > > +++ b/block/sed-opal-key.c
> > > > @@ -0,0 +1,24 @@
> > > > +// SPDX-License-Identifier: GPL-2.0-only
> > > > +/*
> > > > + * SED key operations.
> > > > + *
> > > > + * Copyright (C) 2022 IBM Corporation
> > > > + *
> > > > + * These are the accessor functions (read/write) for SED Opal
> > > > + * keys. Specific keystores can provide overrides.
> > > > + *
> > > > + */
> > > > +
> > > > +#include <linux/kernel.h>
> > > > +#include <linux/errno.h>
> > > > +#include <linux/sed-opal-key.h>
> > > > +
> > > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > > > +{
> > > > +     return -EOPNOTSUPP;
> > > > +}
> > > > +
> > > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > > > +{
> > > > +     return -EOPNOTSUPP;
> > > > +}
> > >
> > > This change causes a build failure for certain clang configurations
> > > due
> > > to an unfortunate issue [1] with recordmcount, clang's integrated
> > > assembler, and object files that contain a section with only weak
> > > functions/symbols (in this case, the .text section in sed-opal-
> > > key.c),
> > > resulting in
> > >
> > >   Cannot find symbol for section 2: .text.
> > >   block/sed-opal-key.o: failed
> > >
> > > when building this file.
> >
> > The definitions in
> > block/sed-opal-key.c
> > should be deleted. Instead, in
> > include/linux/sed-opal-key.h
> > CONFIG_PSERIES_PLPKS_SED should be used to define static inline
> > versions when CONFIG_PSERIES_PLPKS_SED is not defined.
> >
> > #ifdef CONFIG_PSERIES_PLPKS_SED
> > int sed_read_key(char *keyname, char *key, u_int *keylen);
> > int sed_write_key(char *keyname, char *key, u_int keylen);
> > #else
> > static inline
> > int sed_read_key(char *keyname, char *key, u_int *keylen) {
> >   return -EOPNOTSUPP;
> > }
> > static inline
> > int sed_write_key(char *keyname, char *key, u_int keylen);
> >   return -EOPNOTSUPP;
> > }
> > #endif
>
> This change will certainly work for pseries. The intent of the weak
> functions was to allow a different unknown permanent keystore to be the
> source for seeding SED Opal keys. It also kept platform specific code
> out of the block directory.
>
> I'm happy to switch to the approach above, if losing those two goals
> isn't a concern.

Assuming those would have mutually exclusive KConfigs, then the
pattern I describe would be preferred.

>
> >
> > > Is there any real reason to have a separate translation unit for
> > > these
> > > two functions versus just having them living in sed-opal.c? Those
> > > two
> > > object files share the same Kconfig dependency. I am happy to send
> > > a
> > > patch if that is an acceptable approach.
> > >
> > > [1]: https://github.com/ClangBuiltLinux/linux/issues/981
> > >
> > > Cheers,
> > > Nathan
> > >
> >
> >
>


-- 
Thanks,
~Nick Desaulniers

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Hannes Reinecke]

On 7/21/23 23:19, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Define operations for SED Opal to read/write keys
> from POWER LPAR Platform KeyStore(PLPKS). This allows
> non-volatile storage of SED Opal keys.
> 
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> ---
>   arch/powerpc/platforms/pseries/Kconfig        |   6 +
>   arch/powerpc/platforms/pseries/Makefile       |   1 +
>   .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
>   block/Kconfig                                 |   1 +
>   4 files changed, 122 insertions(+)
>   create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

Re: [PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[Hannes Reinecke]

On 7/21/23 23:19, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Define operations for SED Opal to read/write keys
> from POWER LPAR Platform KeyStore(PLPKS). This allows
> non-volatile storage of SED Opal keys.
> 
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
> ---
>   arch/powerpc/platforms/pseries/Kconfig        |   6 +
>   arch/powerpc/platforms/pseries/Makefile       |   1 +
>   .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
>   block/Kconfig                                 |   1 +
>   4 files changed, 122 insertions(+)
>   create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

[PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Define operations for SED Opal to read/write keys
from POWER LPAR Platform KeyStore(PLPKS). This allows
non-volatile storage of SED Opal keys.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 4 files changed, 122 insertions(+)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c

diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index 4ebf2ef2845d..afc0f6a61337 100644
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -164,6 +164,12 @@ config PSERIES_PLPKS
 	# This option is selected by in-kernel consumers that require
 	# access to the PKS.
 
+config PSERIES_PLPKS_SED
+	depends on PPC_PSERIES
+	bool
+	# This option is selected by in-kernel consumers that require
+	# access to the SED PKS keystore.
+
 config PAPR_SCM
 	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
 	tristate "Support for the PAPR Storage Class Memory interface"
diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile
index 53c3b91af2f7..1476c5e4433c 100644
--- a/arch/powerpc/platforms/pseries/Makefile
+++ b/arch/powerpc/platforms/pseries/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SVM)		+= svm.o
 obj-$(CONFIG_FA_DUMP)		+= rtas-fadump.o
 obj-$(CONFIG_PSERIES_PLPKS)	+= plpks.o
 obj-$(CONFIG_PPC_SECURE_BOOT)	+= plpks-secvar.o
+obj-$(CONFIG_PSERIES_PLPKS_SED)	+= plpks_sed_ops.o
 obj-$(CONFIG_SUSPEND)		+= suspend.o
 obj-$(CONFIG_PPC_VAS)		+= vas.o vas-sysfs.o
 
diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
new file mode 100644
index 000000000000..c1d08075e850
--- /dev/null
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * POWER Platform specific code for non-volatile SED key access
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * Define operations for SED Opal to read/write keys
+ * from POWER LPAR Platform KeyStore(PLPKS).
+ *
+ * Self Encrypting Drives(SED) key storage using PLPKS
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/ioctl.h>
+#include <linux/sed-opal-key.h>
+#include <asm/plpks.h>
+
+/*
+ * structure that contains all SED data
+ */
+struct plpks_sed_object_data {
+	u_char version;
+	u_char pad1[7];
+	u_long authority;
+	u_long range;
+	u_int  key_len;
+	u_char key[32];
+};
+
+#define PLPKS_SED_OBJECT_DATA_V0        0
+#define PLPKS_SED_MANGLED_LABEL         "/default/pri"
+#define PLPKS_SED_COMPONENT             "sed-opal"
+#define PLPKS_SED_KEY                   "opal-boot-pin"
+
+/*
+ * authority is admin1 and range is global
+ */
+#define PLPKS_SED_AUTHORITY  0x0000000900010001
+#define PLPKS_SED_RANGE      0x0000080200000001
+
+void plpks_init_var(struct plpks_var *var, char *keyname)
+{
+	var->name = keyname;
+	var->namelen = strlen(keyname);
+	if (strcmp(PLPKS_SED_KEY, keyname) == 0) {
+		var->name = PLPKS_SED_MANGLED_LABEL;
+		var->namelen = strlen(keyname);
+	}
+	var->policy = PLPKS_WORLDREADABLE;
+	var->os = PLPKS_VAR_COMMON;
+	var->data = NULL;
+	var->datalen = 0;
+	var->component = PLPKS_SED_COMPONENT;
+}
+
+/*
+ * Read the SED Opal key from PLPKS given the label
+ */
+int sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	int ret;
+	u_int len;
+
+	plpks_init_var(&var, keyname);
+	var.data = (u8 *)&data;
+	var.datalen = sizeof(data);
+
+	ret = plpks_read_os_var(&var);
+	if (ret != 0)
+		return ret;
+
+	len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
+	memcpy(key, data.key, len);
+	key[len] = '\0';
+	*keylen = len;
+
+	return 0;
+}
+
+/*
+ * Write the SED Opal key to PLPKS given the label
+ */
+int sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	struct plpks_var_name vname;
+
+	plpks_init_var(&var, keyname);
+
+	var.datalen = sizeof(struct plpks_sed_object_data);
+	var.data = (u8 *)&data;
+
+	/* initialize SED object */
+	data.version = PLPKS_SED_OBJECT_DATA_V0;
+	data.authority = cpu_to_be64(PLPKS_SED_AUTHORITY);
+	data.range = cpu_to_be64(PLPKS_SED_RANGE);
+	memset(&data.pad1, '\0', sizeof(data.pad1));
+	data.key_len = cpu_to_be32(keylen);
+	memcpy(data.key, (char *)key, keylen);
+
+	/*
+	 * Key update requires remove first. The return value
+	 * is ignored since it's okay if the key doesn't exist.
+	 */
+	vname.namelen = var.namelen;
+	vname.name = var.name;
+	plpks_remove_var(var.component, var.os, vname);
+
+	return plpks_write_var(var);
+}
diff --git a/block/Kconfig b/block/Kconfig
index 77f72175eb72..0375d2abf7a6 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -185,6 +185,7 @@ config BLK_SED_OPAL
 	bool "Logic for interfacing with Opal enabled SEDs"
 	depends on KEYS
 	select PSERIES_PLPKS if PPC_PSERIES
+	select PSERIES_PLPKS_SED if PPC_PSERIES
 	help
 	Builds Logic for interfacing with Opal enabled controllers.
 	Enabling this option enables users to setup/unlock/lock
-- 
gjoyce@linux.vnet.ibm.com

[PATCH v7 3/3 RESEND] powerpc/pseries: PLPKS SED Opal keystore support

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Define operations for SED Opal to read/write keys
from POWER LPAR Platform KeyStore(PLPKS). This allows
non-volatile storage of SED Opal keys.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
---
 arch/powerpc/platforms/pseries/Kconfig        |   6 +
 arch/powerpc/platforms/pseries/Makefile       |   1 +
 .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++
 block/Kconfig                                 |   1 +
 4 files changed, 122 insertions(+)
 create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c

diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index 4ebf2ef2845d..afc0f6a61337 100644
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -164,6 +164,12 @@ config PSERIES_PLPKS
 	# This option is selected by in-kernel consumers that require
 	# access to the PKS.
 
+config PSERIES_PLPKS_SED
+	depends on PPC_PSERIES
+	bool
+	# This option is selected by in-kernel consumers that require
+	# access to the SED PKS keystore.
+
 config PAPR_SCM
 	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
 	tristate "Support for the PAPR Storage Class Memory interface"
diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile
index 53c3b91af2f7..1476c5e4433c 100644
--- a/arch/powerpc/platforms/pseries/Makefile
+++ b/arch/powerpc/platforms/pseries/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_PPC_SVM)		+= svm.o
 obj-$(CONFIG_FA_DUMP)		+= rtas-fadump.o
 obj-$(CONFIG_PSERIES_PLPKS)	+= plpks.o
 obj-$(CONFIG_PPC_SECURE_BOOT)	+= plpks-secvar.o
+obj-$(CONFIG_PSERIES_PLPKS_SED)	+= plpks_sed_ops.o
 obj-$(CONFIG_SUSPEND)		+= suspend.o
 obj-$(CONFIG_PPC_VAS)		+= vas.o vas-sysfs.o
 
diff --git a/arch/powerpc/platforms/pseries/plpks_sed_ops.c b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
new file mode 100644
index 000000000000..c1d08075e850
--- /dev/null
+++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
@@ -0,0 +1,114 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * POWER Platform specific code for non-volatile SED key access
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * Define operations for SED Opal to read/write keys
+ * from POWER LPAR Platform KeyStore(PLPKS).
+ *
+ * Self Encrypting Drives(SED) key storage using PLPKS
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/ioctl.h>
+#include <linux/sed-opal-key.h>
+#include <asm/plpks.h>
+
+/*
+ * structure that contains all SED data
+ */
+struct plpks_sed_object_data {
+	u_char version;
+	u_char pad1[7];
+	u_long authority;
+	u_long range;
+	u_int  key_len;
+	u_char key[32];
+};
+
+#define PLPKS_SED_OBJECT_DATA_V0        0
+#define PLPKS_SED_MANGLED_LABEL         "/default/pri"
+#define PLPKS_SED_COMPONENT             "sed-opal"
+#define PLPKS_SED_KEY                   "opal-boot-pin"
+
+/*
+ * authority is admin1 and range is global
+ */
+#define PLPKS_SED_AUTHORITY  0x0000000900010001
+#define PLPKS_SED_RANGE      0x0000080200000001
+
+void plpks_init_var(struct plpks_var *var, char *keyname)
+{
+	var->name = keyname;
+	var->namelen = strlen(keyname);
+	if (strcmp(PLPKS_SED_KEY, keyname) == 0) {
+		var->name = PLPKS_SED_MANGLED_LABEL;
+		var->namelen = strlen(keyname);
+	}
+	var->policy = PLPKS_WORLDREADABLE;
+	var->os = PLPKS_VAR_COMMON;
+	var->data = NULL;
+	var->datalen = 0;
+	var->component = PLPKS_SED_COMPONENT;
+}
+
+/*
+ * Read the SED Opal key from PLPKS given the label
+ */
+int sed_read_key(char *keyname, char *key, u_int *keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	int ret;
+	u_int len;
+
+	plpks_init_var(&var, keyname);
+	var.data = (u8 *)&data;
+	var.datalen = sizeof(data);
+
+	ret = plpks_read_os_var(&var);
+	if (ret != 0)
+		return ret;
+
+	len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
+	memcpy(key, data.key, len);
+	key[len] = '\0';
+	*keylen = len;
+
+	return 0;
+}
+
+/*
+ * Write the SED Opal key to PLPKS given the label
+ */
+int sed_write_key(char *keyname, char *key, u_int keylen)
+{
+	struct plpks_var var;
+	struct plpks_sed_object_data data;
+	struct plpks_var_name vname;
+
+	plpks_init_var(&var, keyname);
+
+	var.datalen = sizeof(struct plpks_sed_object_data);
+	var.data = (u8 *)&data;
+
+	/* initialize SED object */
+	data.version = PLPKS_SED_OBJECT_DATA_V0;
+	data.authority = cpu_to_be64(PLPKS_SED_AUTHORITY);
+	data.range = cpu_to_be64(PLPKS_SED_RANGE);
+	memset(&data.pad1, '\0', sizeof(data.pad1));
+	data.key_len = cpu_to_be32(keylen);
+	memcpy(data.key, (char *)key, keylen);
+
+	/*
+	 * Key update requires remove first. The return value
+	 * is ignored since it's okay if the key doesn't exist.
+	 */
+	vname.namelen = var.namelen;
+	vname.name = var.name;
+	plpks_remove_var(var.component, var.os, vname);
+
+	return plpks_write_var(var);
+}
diff --git a/block/Kconfig b/block/Kconfig
index 77f72175eb72..0375d2abf7a6 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -185,6 +185,7 @@ config BLK_SED_OPAL
 	bool "Logic for interfacing with Opal enabled SEDs"
 	depends on KEYS
 	select PSERIES_PLPKS if PPC_PSERIES
+	select PSERIES_PLPKS_SED if PPC_PSERIES
 	help
 	Builds Logic for interfacing with Opal enabled controllers.
 	Enabling this option enables users to setup/unlock/lock
-- 
gjoyce@linux.vnet.ibm.com