From: Stefan Berger <stefanb@linux.ibm.com> To: Michael Ellerman <michaele@au1.ibm.com>, Andrew Donnellan <ajd@linux.ibm.com>, linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: Re: [PATCH v6 24/26] powerpc/pseries: Implement secvars for dynamic secure boot Date: Mon, 13 Feb 2023 08:52:26 -0500 [thread overview] Message-ID: <f852f3d3-3d17-5204-1590-8add97033a6f@linux.ibm.com> (raw) In-Reply-To: <87pmadvm0n.fsf@mpe.ellerman.id.au> On 2/13/23 06:32, Michael Ellerman wrote: > Stefan Berger <stefanb@linux.ibm.com> writes: >> On 2/10/23 03:03, Andrew Donnellan wrote: >>> From: Russell Currey <ruscur@russell.cc> > ... >>> +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, >>> + u64 data_size) >>> +{ >>> + struct plpks_var var = {0}; >>> + int rc = 0; >>> + u64 flags; >>> + >>> + // Secure variables need to be prefixed with 8 bytes of flags. >>> + // We only want to perform the write if we have at least one byte of data. >>> + if (data_size <= sizeof(flags)) >>> + return -EINVAL; >>> + >>> + // We subtract 1 from key_len because we don't need to include the >>> + // null terminator at the end of the string >>> + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); >>> + if (!var.name) >>> + return -ENOMEM; >>> + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, >>> + key_len - 1); >>> + if (rc < 0) >>> + goto err; >>> + var.namelen = rc * 2; >>> + >>> + memcpy(&flags, data, sizeof(flags)); >> >> conversion from bytestream to integer: I think in this case it would be better to use >> >> flags = cpu_to_be64p((__u64*)data); >> >> so that the flags always in hypervisor/big endian format > > I don't think it's correct to byte swap the flags here. They must be in > big endian format, but that's up to the caller. > > The powernv secvar backend doesn't byte swap the flags, if the pseries > one did then the final content of the variable, written either by phyp > or OPAL, would differ depending on which backend is active. > > Or am I missing something? It seems wrong to not use the cpu_to_be64p() API to convert a byte stream to flags... That's why I suggested this. Stefan > > cheers
WARNING: multiple messages have this Message-ID (diff)
From: Stefan Berger <stefanb@linux.ibm.com> To: Michael Ellerman <michaele@au1.ibm.com>, Andrew Donnellan <ajd@linux.ibm.com>, linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, nayna@linux.ibm.com, npiggin@gmail.com, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, gjoyce@linux.ibm.com, ruscur@russell.cc, joel@jms.id.au, bgray@linux.ibm.com, brking@linux.ibm.com, gcwilson@linux.ibm.com Subject: Re: [PATCH v6 24/26] powerpc/pseries: Implement secvars for dynamic secure boot Date: Mon, 13 Feb 2023 08:52:26 -0500 [thread overview] Message-ID: <f852f3d3-3d17-5204-1590-8add97033a6f@linux.ibm.com> (raw) In-Reply-To: <87pmadvm0n.fsf@mpe.ellerman.id.au> On 2/13/23 06:32, Michael Ellerman wrote: > Stefan Berger <stefanb@linux.ibm.com> writes: >> On 2/10/23 03:03, Andrew Donnellan wrote: >>> From: Russell Currey <ruscur@russell.cc> > ... >>> +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, >>> + u64 data_size) >>> +{ >>> + struct plpks_var var = {0}; >>> + int rc = 0; >>> + u64 flags; >>> + >>> + // Secure variables need to be prefixed with 8 bytes of flags. >>> + // We only want to perform the write if we have at least one byte of data. >>> + if (data_size <= sizeof(flags)) >>> + return -EINVAL; >>> + >>> + // We subtract 1 from key_len because we don't need to include the >>> + // null terminator at the end of the string >>> + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); >>> + if (!var.name) >>> + return -ENOMEM; >>> + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, >>> + key_len - 1); >>> + if (rc < 0) >>> + goto err; >>> + var.namelen = rc * 2; >>> + >>> + memcpy(&flags, data, sizeof(flags)); >> >> conversion from bytestream to integer: I think in this case it would be better to use >> >> flags = cpu_to_be64p((__u64*)data); >> >> so that the flags always in hypervisor/big endian format > > I don't think it's correct to byte swap the flags here. They must be in > big endian format, but that's up to the caller. > > The powernv secvar backend doesn't byte swap the flags, if the pseries > one did then the final content of the variable, written either by phyp > or OPAL, would differ depending on which backend is active. > > Or am I missing something? It seems wrong to not use the cpu_to_be64p() API to convert a byte stream to flags... That's why I suggested this. Stefan > > cheers
next prev parent reply other threads:[~2023-02-13 13:52 UTC|newest] Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-10 8:03 [PATCH v6 00/26] pSeries dynamic secure boot secvar interface + platform keyring loading Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 01/26] powerpc/pseries: Fix handling of PLPKS object flushing timeout Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 02/26] powerpc/pseries: Fix alignment of PLPKS structures and buffers Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 03/26] powerpc/secvar: Fix incorrect return in secvar_sysfs_load() Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 04/26] powerpc/secvar: Use u64 in secvar_operations Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 05/26] powerpc/secvar: Warn and error if multiple secvar ops are set Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 20:51 ` Stefan Berger 2023-02-10 20:51 ` Stefan Berger 2023-02-10 8:03 ` [PATCH v6 06/26] powerpc/secvar: Use sysfs_emit() instead of sprintf() Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 07/26] powerpc/secvar: Handle format string in the consumer Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 08/26] powerpc/secvar: Handle max object size " Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 09/26] powerpc/secvar: Clean up init error messages Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 10/26] powerpc/secvar: Extend sysfs to include config vars Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 11/26] powerpc/secvar: Allow backend to populate static list of variable names Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 12/26] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 13/26] powerpc/secvar: Don't print error on ENOENT when reading variables Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 14/26] powerpc/pseries: Move plpks.h to include directory Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 15/26] powerpc/pseries: Move PLPKS constants to header file Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 16/26] powerpc/pseries: Expose PLPKS config values, support additional fields Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 17/26] powerpc/pseries: Implement signed update for PLPKS objects Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 18/26] powerpc/pseries: Log hcall return codes for PLPKS debug Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 19/26] powerpc/pseries: Make caller pass buffer to plpks_read_var() Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 20/26] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 21/26] powerpc/pseries: Clarify warning when PLPKS password already set Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 20:47 ` Stefan Berger 2023-02-10 20:47 ` Stefan Berger 2023-02-12 13:26 ` Andrew Donnellan 2023-02-12 13:26 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 22/26] powerpc/pseries: Add helper to get PLPKS password length Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 8:03 ` [PATCH v6 23/26] powerpc/pseries: Pass PLPKS password on kexec Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 20:59 ` Stefan Berger 2023-02-10 20:59 ` Stefan Berger 2023-02-10 8:03 ` [PATCH v6 24/26] powerpc/pseries: Implement secvars for dynamic secure boot Andrew Donnellan 2023-02-10 8:03 ` Andrew Donnellan 2023-02-10 21:23 ` Stefan Berger 2023-02-10 21:23 ` Stefan Berger 2023-02-10 21:28 ` Stefan Berger 2023-02-10 21:28 ` Stefan Berger 2023-02-12 13:33 ` Andrew Donnellan 2023-02-12 13:33 ` Andrew Donnellan 2023-02-13 5:26 ` Michael Ellerman 2023-02-13 5:26 ` Michael Ellerman 2023-02-13 7:07 ` Andrew Donnellan 2023-02-13 7:07 ` Andrew Donnellan 2023-02-13 7:06 ` Andrew Donnellan 2023-02-13 7:06 ` Andrew Donnellan 2023-02-13 11:32 ` Michael Ellerman 2023-02-13 11:32 ` Michael Ellerman 2023-02-13 13:52 ` Stefan Berger [this message] 2023-02-13 13:52 ` Stefan Berger 2023-02-14 6:07 ` Andrew Donnellan 2023-02-14 6:07 ` Andrew Donnellan 2023-02-15 11:46 ` Michael Ellerman 2023-02-15 11:46 ` Michael Ellerman 2023-02-10 8:04 ` [PATCH v6 25/26] integrity/powerpc: Improve error handling & reporting when loading certs Andrew Donnellan 2023-02-10 8:04 ` Andrew Donnellan 2023-02-10 8:04 ` [PATCH v6 26/26] integrity/powerpc: Support loading keys from PLPKS Andrew Donnellan 2023-02-10 8:04 ` Andrew Donnellan 2023-02-15 12:41 ` [PATCH v6 00/26] pSeries dynamic secure boot secvar interface + platform keyring loading Michael Ellerman 2023-02-15 12:41 ` Michael Ellerman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=f852f3d3-3d17-5204-1590-8add97033a6f@linux.ibm.com \ --to=stefanb@linux.ibm.com \ --cc=ajd@linux.ibm.com \ --cc=bgray@linux.ibm.com \ --cc=brking@linux.ibm.com \ --cc=erichte@linux.ibm.com \ --cc=gcwilson@linux.ibm.com \ --cc=gjoyce@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=joel@jms.id.au \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=michaele@au1.ibm.com \ --cc=nayna@linux.ibm.com \ --cc=npiggin@gmail.com \ --cc=ruscur@russell.cc \ --cc=sudhakar@linux.ibm.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.