From: Nayna <nayna@linux.vnet.ibm.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: axboe@kernel.dk, nayna@linux.ibm.com,
linux-block@vger.kernel.org, jonathan.derrick@linux.dev,
brking@linux.vnet.ibm.com, akpm@linux-foundation.org,
linuxppc-dev@lists.ozlabs.org, gjoyce@ibm.com,
gjoyce@linux.vnet.ibm.com, Michael Ellerman <mpe@ellerman.id.au>,
Nick Piggin <npiggin@gmail.com>,
Christophe Leroy <christophe.leroy@c-s.fr>
Subject: Re: [PATCH v3 1/2] lib: generic accessor functions for arch keystore
Date: Mon, 1 Aug 2022 15:45:45 -0400 [thread overview]
Message-ID: <61ebf904-8ce1-eeac-888a-4040711e7903@linux.vnet.ibm.com> (raw)
In-Reply-To: <20220801134018.GY17705@kitsune.suse.cz>
On 8/1/22 09:40, Michal Suchánek wrote:
> Hello,
>
> On Mon, Aug 01, 2022 at 07:34:25AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>>
>> Generic kernel subsystems may rely on platform specific persistent
>> KeyStore to store objects containing sensitive key material. In such case,
>> they need to access architecture specific functions to perform read/write
>> operations on these variables.
>>
>> Define the generic variable read/write prototypes to be implemented by
>> architecture specific versions. The default(weak) implementations of
>> these prototypes return -EOPNOTSUPP unless overridden by architecture
>> versions.
>>
>> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> ---
>> include/linux/arch_vars.h | 23 +++++++++++++++++++++++
>> lib/Makefile | 2 +-
>> lib/arch_vars.c | 25 +++++++++++++++++++++++++
>> 3 files changed, 49 insertions(+), 1 deletion(-)
>> create mode 100644 include/linux/arch_vars.h
>> create mode 100644 lib/arch_vars.c
>>
>> diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h
>> new file mode 100644
>> index 000000000000..9c280ff9432e
>> --- /dev/null
>> +++ b/include/linux/arch_vars.h
>> @@ -0,0 +1,23 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * Platform variable opearations.
>> + *
>> + * Copyright (C) 2022 IBM Corporation
>> + *
>> + * These are the accessor functions (read/write) for architecture specific
>> + * variables. Specific architectures can provide overrides.
>> + *
>> + */
>> +
>> +#include <linux/kernel.h>
>> +
>> +enum arch_variable_type {
>> + ARCH_VAR_OPAL_KEY = 0, /* SED Opal Authentication Key */
>> + ARCH_VAR_OTHER = 1, /* Other type of variable */
>> + ARCH_VAR_MAX = 1, /* Maximum type value */
>> +};
>> +
>> +int arch_read_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int *varlen);
>> +int arch_write_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int varlen);
>> diff --git a/lib/Makefile b/lib/Makefile
>> index f99bf61f8bbc..b90c4cb0dbbb 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \
>> bsearch.o find_bit.o llist.o memweight.o kfifo.o \
>> percpu-refcount.o rhashtable.o \
>> once.o refcount.o usercopy.o errseq.o bucket_locks.o \
>> - generic-radix-tree.o
>> + generic-radix-tree.o arch_vars.o
>> obj-$(CONFIG_STRING_SELFTEST) += test_string.o
>> obj-y += string_helpers.o
>> obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
>> diff --git a/lib/arch_vars.c b/lib/arch_vars.c
>> new file mode 100644
>> index 000000000000..e6f16d7d09c1
>> --- /dev/null
>> +++ b/lib/arch_vars.c
>> @@ -0,0 +1,25 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * Platform variable operations.
>> + *
>> + * Copyright (C) 2022 IBM Corporation
>> + *
>> + * These are the accessor functions (read/write) for architecture specific
>> + * variables. Specific architectures can provide overrides.
>> + *
>> + */
>> +
>> +#include <linux/kernel.h>
>> +#include <linux/arch_vars.h>
>> +
>> +int __weak arch_read_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int *varlen)
>> +{
>> + return -EOPNOTSUPP;
>> +}
>> +
>> +int __weak arch_write_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int varlen)
>> +{
>> + return -EOPNOTSUPP;
>> +}
>> --
> Doesn't EFI already have some variables?
>
> And even powernv?
>
> Shouldn't this generalize the already existing variables?
>
> Or move to powerpc and at least generalize the powerpc ones?
Yes, EFI and PowerNV do have variables, but I am not exactly clear about
your reference to them in this context. What do you mean by generalize
already existing variables ?
This interface is actually generalizing calls to access platform
specific keystores. It is explained in cover letter that this patch is
defining generic interface and these are default implementations which
needs to be overridden by arch specific versions. For PowerVM PLPAR
Platform KeyStore, the arch specific version is implemented in Patch 2.
Access to EFI variables should be implemented by EFI arch specific
interface and PowerNV will have to do the same if it needs to.
Hope it helps.
Thanks & Regards,
- Nayna
WARNING: multiple messages have this Message-ID (diff)
From: Nayna <nayna@linux.vnet.ibm.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: axboe@kernel.dk, Christophe Leroy <christophe.leroy@c-s.fr>,
gjoyce@linux.vnet.ibm.com, nayna@linux.ibm.com,
Nick Piggin <npiggin@gmail.com>,
linux-block@vger.kernel.org, jonathan.derrick@linux.dev,
brking@linux.vnet.ibm.com, akpm@linux-foundation.org,
linuxppc-dev@lists.ozlabs.org, gjoyce@ibm.com
Subject: Re: [PATCH v3 1/2] lib: generic accessor functions for arch keystore
Date: Mon, 1 Aug 2022 15:45:45 -0400 [thread overview]
Message-ID: <61ebf904-8ce1-eeac-888a-4040711e7903@linux.vnet.ibm.com> (raw)
In-Reply-To: <20220801134018.GY17705@kitsune.suse.cz>
On 8/1/22 09:40, Michal Suchánek wrote:
> Hello,
>
> On Mon, Aug 01, 2022 at 07:34:25AM -0500, gjoyce@linux.vnet.ibm.com wrote:
>> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>>
>> Generic kernel subsystems may rely on platform specific persistent
>> KeyStore to store objects containing sensitive key material. In such case,
>> they need to access architecture specific functions to perform read/write
>> operations on these variables.
>>
>> Define the generic variable read/write prototypes to be implemented by
>> architecture specific versions. The default(weak) implementations of
>> these prototypes return -EOPNOTSUPP unless overridden by architecture
>> versions.
>>
>> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
>> ---
>> include/linux/arch_vars.h | 23 +++++++++++++++++++++++
>> lib/Makefile | 2 +-
>> lib/arch_vars.c | 25 +++++++++++++++++++++++++
>> 3 files changed, 49 insertions(+), 1 deletion(-)
>> create mode 100644 include/linux/arch_vars.h
>> create mode 100644 lib/arch_vars.c
>>
>> diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h
>> new file mode 100644
>> index 000000000000..9c280ff9432e
>> --- /dev/null
>> +++ b/include/linux/arch_vars.h
>> @@ -0,0 +1,23 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * Platform variable opearations.
>> + *
>> + * Copyright (C) 2022 IBM Corporation
>> + *
>> + * These are the accessor functions (read/write) for architecture specific
>> + * variables. Specific architectures can provide overrides.
>> + *
>> + */
>> +
>> +#include <linux/kernel.h>
>> +
>> +enum arch_variable_type {
>> + ARCH_VAR_OPAL_KEY = 0, /* SED Opal Authentication Key */
>> + ARCH_VAR_OTHER = 1, /* Other type of variable */
>> + ARCH_VAR_MAX = 1, /* Maximum type value */
>> +};
>> +
>> +int arch_read_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int *varlen);
>> +int arch_write_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int varlen);
>> diff --git a/lib/Makefile b/lib/Makefile
>> index f99bf61f8bbc..b90c4cb0dbbb 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \
>> bsearch.o find_bit.o llist.o memweight.o kfifo.o \
>> percpu-refcount.o rhashtable.o \
>> once.o refcount.o usercopy.o errseq.o bucket_locks.o \
>> - generic-radix-tree.o
>> + generic-radix-tree.o arch_vars.o
>> obj-$(CONFIG_STRING_SELFTEST) += test_string.o
>> obj-y += string_helpers.o
>> obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
>> diff --git a/lib/arch_vars.c b/lib/arch_vars.c
>> new file mode 100644
>> index 000000000000..e6f16d7d09c1
>> --- /dev/null
>> +++ b/lib/arch_vars.c
>> @@ -0,0 +1,25 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * Platform variable operations.
>> + *
>> + * Copyright (C) 2022 IBM Corporation
>> + *
>> + * These are the accessor functions (read/write) for architecture specific
>> + * variables. Specific architectures can provide overrides.
>> + *
>> + */
>> +
>> +#include <linux/kernel.h>
>> +#include <linux/arch_vars.h>
>> +
>> +int __weak arch_read_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int *varlen)
>> +{
>> + return -EOPNOTSUPP;
>> +}
>> +
>> +int __weak arch_write_variable(enum arch_variable_type type, char *varname,
>> + void *varbuf, u_int varlen)
>> +{
>> + return -EOPNOTSUPP;
>> +}
>> --
> Doesn't EFI already have some variables?
>
> And even powernv?
>
> Shouldn't this generalize the already existing variables?
>
> Or move to powerpc and at least generalize the powerpc ones?
Yes, EFI and PowerNV do have variables, but I am not exactly clear about
your reference to them in this context. What do you mean by generalize
already existing variables ?
This interface is actually generalizing calls to access platform
specific keystores. It is explained in cover letter that this patch is
defining generic interface and these are default implementations which
needs to be overridden by arch specific versions. For PowerVM PLPAR
Platform KeyStore, the arch specific version is implemented in Patch 2.
Access to EFI variables should be implemented by EFI arch specific
interface and PowerNV will have to do the same if it needs to.
Hope it helps.
Thanks & Regards,
- Nayna
next prev parent reply other threads:[~2022-08-01 19:46 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-01 12:34 [PATCH v3 0/2] generic and PowerPC accessor functions for arch keystore gjoyce
2022-08-01 12:34 ` gjoyce
2022-08-01 12:34 ` [PATCH v3 1/2] lib: generic " gjoyce
2022-08-01 12:34 ` gjoyce
2022-08-01 13:40 ` Michal Suchánek
2022-08-01 13:40 ` Michal Suchánek
2022-08-01 19:45 ` Nayna [this message]
2022-08-01 19:45 ` Nayna
2022-08-01 20:24 ` Michal Suchánek
2022-08-01 20:24 ` Michal Suchánek
2022-08-04 15:41 ` Greg Joyce
2022-08-04 15:41 ` Greg Joyce
2022-08-02 2:59 ` Michael Ellerman
2022-08-02 22:39 ` Greg Joyce
2022-08-01 12:34 ` [PATCH v3 2/2] powerpc/pseries: Override lib/arch_vars.c functions gjoyce
2022-08-01 12:34 ` gjoyce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=61ebf904-8ce1-eeac-888a-4040711e7903@linux.vnet.ibm.com \
--to=nayna@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=brking@linux.vnet.ibm.com \
--cc=christophe.leroy@c-s.fr \
--cc=gjoyce@ibm.com \
--cc=gjoyce@linux.vnet.ibm.com \
--cc=jonathan.derrick@linux.dev \
--cc=linux-block@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=msuchanek@suse.de \
--cc=nayna@linux.ibm.com \
--cc=npiggin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.