From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Matthew Garrett <matthew.garrett@nebula.com>,
Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
Josh Boyer <jwboyer@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>,
Matt Fleming <matt.fleming@intel.com>,
Jiri Kosina <jkosina@suse.cz>, "H. Peter Anvin" <hpa@zytor.com>,
Ingo Molnar <mingo@redhat.com>, "Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH v2 09/16] PM / hibernate: Reserve hibernation key and erase footprints
Date: Tue, 11 Aug 2015 14:16:29 +0800 [thread overview]
Message-ID: <1439273796-25359-10-git-send-email-jlee@suse.com> (raw)
In-Reply-To: <1439273796-25359-1-git-send-email-jlee@suse.com>
Add handler to parse the setup data that carrying hibernation key, it
reserves hibernation key by memblock then copies key to a allocated page
in later initcall stage.
And for erasing footprints, the codes in this patch remove setup
data that carried hibernation key, and clean the memory space that
reserved by memblock.
Reviewed-by: Jiri Kosina <jkosina@suse.com>
Tested-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
arch/x86/include/asm/suspend.h | 4 +++
arch/x86/kernel/setup.c | 21 ++++++++++-
arch/x86/power/Makefile | 1 +
arch/x86/power/hibernate_keys.c | 78 +++++++++++++++++++++++++++++++++++++++++
kernel/power/power.h | 5 +++
5 files changed, 108 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/power/hibernate_keys.c
diff --git a/arch/x86/include/asm/suspend.h b/arch/x86/include/asm/suspend.h
index ab463c4..bb3652a 100644
--- a/arch/x86/include/asm/suspend.h
+++ b/arch/x86/include/asm/suspend.h
@@ -7,8 +7,12 @@
#ifdef CONFIG_HIBERNATE_VERIFICATION
#include <linux/suspend.h>
+extern void parse_hibernation_keys(u64 phys_addr, u32 data_len);
+
struct hibernation_keys {
unsigned long hkey_status;
u8 hibernation_key[HIBERNATION_DIGEST_SIZE];
};
+#else
+static inline void parse_hibernation_keys(u64 phys_addr, u32 data_len) {}
#endif
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 80f874b..b345359 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -112,6 +112,8 @@
#include <asm/alternative.h>
#include <asm/prom.h>
+#include <asm/suspend.h>
+
/*
* max_low_pfn_mapped: highest direct mapped pfn under 4GB
* max_pfn_mapped: highest direct mapped pfn over 4GB
@@ -425,10 +427,22 @@ static void __init reserve_initrd(void)
}
#endif /* CONFIG_BLK_DEV_INITRD */
+static void __init remove_setup_data(u64 pa_prev, u64 pa_next)
+{
+ struct setup_data *data;
+
+ if (pa_prev) {
+ data = early_memremap(pa_prev, sizeof(*data));
+ data->next = pa_next;
+ early_iounmap(data, sizeof(*data));
+ } else
+ boot_params.hdr.setup_data = pa_next;
+}
+
static void __init parse_setup_data(void)
{
struct setup_data *data;
- u64 pa_data, pa_next;
+ u64 pa_data, pa_next, pa_prev = 0;
pa_data = boot_params.hdr.setup_data;
while (pa_data) {
@@ -450,9 +464,14 @@ static void __init parse_setup_data(void)
case SETUP_EFI:
parse_efi_setup(pa_data, data_len);
break;
+ case SETUP_HIBERNATION_KEYS:
+ parse_hibernation_keys(pa_data, data_len);
+ remove_setup_data(pa_prev, pa_next);
+ break;
default:
break;
}
+ pa_prev = pa_data;
pa_data = pa_next;
}
}
diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile
index a6a198c..ef8d550 100644
--- a/arch/x86/power/Makefile
+++ b/arch/x86/power/Makefile
@@ -5,3 +5,4 @@ CFLAGS_cpu.o := $(nostackp)
obj-$(CONFIG_PM_SLEEP) += cpu.o
obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o
+obj-$(CONFIG_HIBERNATE_VERIFICATION) += hibernate_keys.o
diff --git a/arch/x86/power/hibernate_keys.c b/arch/x86/power/hibernate_keys.c
new file mode 100644
index 0000000..357dc0e
--- /dev/null
+++ b/arch/x86/power/hibernate_keys.c
@@ -0,0 +1,78 @@
+/* Hibernation keys handler
+ *
+ * Copyright (C) 2015 Lee, Chun-Yi <jlee@suse.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <linux/bootmem.h>
+#include <linux/memblock.h>
+#include <linux/suspend.h>
+#include <asm/suspend.h>
+
+/* physical address of hibernation keys from boot params */
+static u64 keys_phys_addr;
+
+/* A page used to keep hibernation keys */
+static struct hibernation_keys *hibernation_keys;
+
+void __init parse_hibernation_keys(u64 phys_addr, u32 data_len)
+{
+ struct setup_data *hibernation_setup_data;
+
+ /* Reserve keys memory, will copy and erase in init_hibernation_keys() */
+ keys_phys_addr = phys_addr + sizeof(struct setup_data);
+ memblock_reserve(keys_phys_addr, sizeof(struct hibernation_keys));
+
+ /* clear hibernation_data */
+ hibernation_setup_data = early_memremap(phys_addr, data_len);
+ if (!hibernation_setup_data)
+ return;
+
+ memset(hibernation_setup_data, 0, sizeof(struct setup_data));
+ early_memunmap(hibernation_setup_data, data_len);
+}
+
+int get_hibernation_key(u8 **hkey)
+{
+ if (!hibernation_keys)
+ return -ENODEV;
+
+ if (!hibernation_keys->hkey_status)
+ *hkey = hibernation_keys->hibernation_key;
+
+ return hibernation_keys->hkey_status;
+}
+
+static int __init init_hibernation_keys(void)
+{
+ struct hibernation_keys *keys;
+ int ret = 0;
+
+ if (!keys_phys_addr)
+ return -ENODEV;
+
+ keys = early_memremap(keys_phys_addr, sizeof(struct hibernation_keys));
+
+ /* Copy hibernation keys to a allocated page */
+ hibernation_keys = (struct hibernation_keys *)get_zeroed_page(GFP_KERNEL);
+ if (hibernation_keys) {
+ *hibernation_keys = *keys;
+ } else {
+ pr_err("PM: Allocate hibernation keys page failed\n");
+ ret = -ENOMEM;
+ }
+
+ /* Erase keys data no matter copy success or failed */
+ memset(keys, 0, sizeof(struct hibernation_keys));
+ early_memunmap(keys, sizeof(struct hibernation_keys));
+ memblock_free(keys_phys_addr, sizeof(struct hibernation_keys));
+ keys_phys_addr = 0;
+
+ return ret;
+}
+
+late_initcall(init_hibernation_keys);
diff --git a/kernel/power/power.h b/kernel/power/power.h
index 6ea5c78..7d8f310 100644
--- a/kernel/power/power.h
+++ b/kernel/power/power.h
@@ -16,6 +16,11 @@ struct swsusp_info {
u8 signature[HIBERNATION_DIGEST_SIZE];
} __aligned(PAGE_SIZE);
+#ifdef CONFIG_HIBERNATE_VERIFICATION
+/* arch/x86/power/hibernate_keys.c */
+extern int get_hibernation_key(u8 **hkey);
+#endif
+
/* kernel/power/snapshot.c */
extern void __init hibernate_reserved_size_init(void);
extern void __init hibernate_image_size_init(void);
--
2.1.4
next prev parent reply other threads:[~2015-08-11 6:18 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-11 6:16 [PATCH v2 00/16] Signature verification of hibernate snapshot Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 01/16] PM / hibernate: define HMAC algorithm and digest size of hibernation Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 02/16] x86/efi: Add get and set variable to EFI services pointer table Lee, Chun-Yi
2015-08-19 16:35 ` Matt Fleming
2015-08-11 6:16 ` [PATCH v2 03/16] x86/boot: Public getting random boot function Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 04/16] x86/efi: Generating random number in EFI stub Lee, Chun-Yi
2015-08-20 14:12 ` Matt Fleming
2015-08-27 4:06 ` joeyli
2015-08-11 6:16 ` [PATCH v2 05/16] x86/efi: Get entropy through EFI random number generator protocol Lee, Chun-Yi
2015-08-20 14:47 ` Matt Fleming
2015-08-27 4:51 ` joeyli
2015-08-20 20:26 ` Matt Fleming
2015-08-27 6:17 ` joeyli
2015-08-11 6:16 ` [PATCH v2 06/16] x86/efi: Generating random HMAC key for siging hibernate image Lee, Chun-Yi
2015-08-20 20:40 ` Matt Fleming
2015-08-27 9:04 ` joeyli
2015-09-09 12:15 ` Matt Fleming
2015-09-13 2:47 ` joeyli
2015-08-11 6:16 ` [PATCH v2 07/16] efi: Make efi_status_to_err() public Lee, Chun-Yi
2015-08-20 15:07 ` Matt Fleming
2015-08-27 9:06 ` joeyli
2015-08-11 6:16 ` [PATCH v2 08/16] x86/efi: Carrying hibernation key by setup data Lee, Chun-Yi
2015-08-15 17:07 ` Pavel Machek
2015-08-16 5:28 ` joeyli
2015-08-16 21:23 ` Jiri Kosina
2015-08-17 6:54 ` Nigel Cunningham
2015-08-21 12:40 ` Matt Fleming
2015-08-27 9:28 ` joeyli
2015-08-11 6:16 ` Lee, Chun-Yi [this message]
2015-08-13 2:45 ` [PATCH v2 09/16] PM / hibernate: Reserve hibernation key and erase footprints Chen, Yu C
2015-08-13 3:25 ` joeyli
2015-08-13 14:33 ` joeyli
2015-08-21 13:27 ` Matt Fleming
2015-08-27 10:21 ` joeyli
2015-09-09 12:24 ` Matt Fleming
2015-09-13 2:58 ` joeyli
2015-08-11 6:16 ` [PATCH v2 10/16] PM / hibernate: Generate and verify signature of hibernate snapshot Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 11/16] PM / hibernate: Avoid including hibernation key to hibernate image Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 12/16] PM / hibernate: Forward signature verifying result and key to image kernel Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 13/16] PM / hibernate: Add configuration to enforce signature verification Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 14/16] PM / hibernate: Allow user trigger hibernation key re-generating Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 15/16] PM / hibernate: Bypass verification logic on legacy BIOS Lee, Chun-Yi
2015-08-11 6:16 ` [PATCH v2 16/16] PM / hibernate: Document signature verification of hibernate snapshot Lee, Chun-Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1439273796-25359-10-git-send-email-jlee@suse.com \
--to=joeyli.kernel@gmail.com \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=jlee@suse.com \
--cc=jwboyer@redhat.com \
--cc=len.brown@intel.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=matthew.garrett@nebula.com \
--cc=mingo@redhat.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).