From: Nayna Jain <nayna@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org Cc: linux-efi@vger.kernel.org, linux-security-module <linux-security-module@vger.kernel.org>, linux-kernel@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Michael Ellerman <mpe@ellerman.id.au>, npiggin@gmail.com, christophe.leroy@csgroup.eu, Dov Murik <dovmurik@linux.ibm.com>, George Wilson <gcwilson@linux.ibm.com>, Matthew Garrett <mjg59@srcf.ucam.org>, Dave Hansen <dave.hansen@intel.com>, Benjamin Herrenschmidt <benh@kernel.crashing.org>, Paul Mackerras <paulus@samba.org>, Russell Currey <ruscur@russell.cc>, Andrew Donnellan <ajd@linux.ibm.com>, Stefan Berger <stefanb@linux.ibm.com>, Nayna Jain <nayna@linux.ibm.com> Subject: [PATCH 3/4] powerpc/pseries: initialize fwsecurityfs with plpks arch-specific structure Date: Sun, 6 Nov 2022 16:07:43 -0500 [thread overview] Message-ID: <20221106210744.603240-4-nayna@linux.ibm.com> (raw) In-Reply-To: <20221106210744.603240-1-nayna@linux.ibm.com> PowerVM PLPKS variables are exposed via fwsecurityfs. Initialize fwsecurityfs arch-specific structure with plpks configuration. Eg: [root@ltcfleet35-lp1 config]# pwd /sys/firmware/security/plpks/config [root@ltcfleet35-lp1 config]# ls -ltrh total 0 -r--r--r-- 1 root root 1 Sep 28 15:01 version -r--r--r-- 1 root root 4 Sep 28 15:01 used_space -r--r--r-- 1 root root 4 Sep 28 15:01 total_size -r--r--r-- 1 root root 2 Sep 28 15:01 max_object_size -r--r--r-- 1 root root 2 Sep 28 15:01 max_object_label_size Signed-off-by: Nayna Jain <nayna@linux.ibm.com> --- arch/powerpc/platforms/pseries/Kconfig | 10 ++ arch/powerpc/platforms/pseries/Makefile | 1 + .../platforms/pseries/fwsecurityfs_arch.c | 116 ++++++++++++++++++ include/linux/fwsecurityfs.h | 4 + 4 files changed, 131 insertions(+) create mode 100644 arch/powerpc/platforms/pseries/fwsecurityfs_arch.c diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..5fb45e601982 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -162,6 +162,16 @@ config PSERIES_PLPKS If unsure, select N. +config PSERIES_FWSECURITYFS_ARCH + select FWSECURITYFS + bool "Support fwsecurityfs for pseries" + help + Enable fwsecurityfs arch specific code. This would initialize + the firmware security filesystem with initial platform specific + structure. + + If you are unsure how to use it, say N. + config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM tristate "Support for the PAPR Storage Class Memory interface" diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..2903cff26258 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -28,6 +28,7 @@ obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PSERIES_FWSECURITYFS_ARCH) += fwsecurityfs_arch.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c b/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c new file mode 100644 index 000000000000..b43bd3cf7889 --- /dev/null +++ b/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Initialize fwsecurityfs with POWER LPAR Platform KeyStore (PLPKS) + * Copyright (C) 2022 IBM Corporation + * Author: Nayna Jain <nayna@linux.ibm.com> + * + */ + +#include <linux/fwsecurityfs.h> +#include "plpks.h" + +static struct dentry *plpks_dir; + +static ssize_t plpks_config_file_read(struct file *file, char __user *userbuf, + size_t count, loff_t *ppos) +{ + u8 out[4]; + u32 outlen; + size_t size; + char *name; + u32 data; + + name = file_dentry(file)->d_iname; + + if (strcmp(name, "max_object_size") == 0) { + outlen = sizeof(u16); + data = plpks_get_maxobjectsize(); + } else if (strcmp(name, "max_object_label_size") == 0) { + outlen = sizeof(u16); + data = plpks_get_maxobjectlabelsize(); + } else if (strcmp(name, "total_size") == 0) { + outlen = sizeof(u32); + data = plpks_get_totalsize(); + } else if (strcmp(name, "used_space") == 0) { + outlen = sizeof(u32); + data = plpks_get_usedspace(); + } else if (strcmp(name, "version") == 0) { + outlen = sizeof(u8); + data = plpks_get_version(); + } else { + return -EINVAL; + } + + memcpy(out, &data, outlen); + + size = simple_read_from_buffer(userbuf, count, ppos, out, outlen); + + return size; +} + +static const struct file_operations plpks_config_file_operations = { + .open = simple_open, + .read = plpks_config_file_read, + .llseek = no_llseek, +}; + +static int create_plpks_dir(void) +{ + struct dentry *config_dir; + struct dentry *fdentry; + + if (!IS_ENABLED(CONFIG_PSERIES_PLPKS) || !plpks_is_available()) { + pr_warn("Platform KeyStore is not available on this LPAR\n"); + return 0; + } + + plpks_dir = fwsecurityfs_create_dir("plpks", S_IFDIR | 0755, NULL, + NULL); + if (IS_ERR(plpks_dir)) { + pr_err("Unable to create PLPKS dir: %ld\n", PTR_ERR(plpks_dir)); + return PTR_ERR(plpks_dir); + } + + config_dir = fwsecurityfs_create_dir("config", S_IFDIR | 0755, plpks_dir, NULL); + if (IS_ERR(config_dir)) { + pr_err("Unable to create config dir: %ld\n", PTR_ERR(config_dir)); + return PTR_ERR(config_dir); + } + + fdentry = fwsecurityfs_create_file("max_object_size", S_IFREG | 0444, + sizeof(u16), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create max object size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("max_object_label_size", S_IFREG | 0444, + sizeof(u16), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create max object label size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("total_size", S_IFREG | 0444, + sizeof(u32), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create total size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("used_space", S_IFREG | 0444, + sizeof(u32), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create used space %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("version", S_IFREG | 0444, + sizeof(u8), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create version %ld\n", PTR_ERR(fdentry)); + + return 0; +} + +int arch_fwsecurityfs_init(void) +{ + return create_plpks_dir(); +} diff --git a/include/linux/fwsecurityfs.h b/include/linux/fwsecurityfs.h index ed8f328f3133..38fcb3cb374e 100644 --- a/include/linux/fwsecurityfs.h +++ b/include/linux/fwsecurityfs.h @@ -21,9 +21,13 @@ struct dentry *fwsecurityfs_create_dir(const char *name, umode_t mode, const struct inode_operations *iops); int fwsecurityfs_remove_dir(struct dentry *dentry); +#ifdef CONFIG_PSERIES_FWSECURITYFS_ARCH +int arch_fwsecurityfs_init(void); +#else static int arch_fwsecurityfs_init(void) { return 0; } +#endif #endif /* _FWSECURITYFS_H_ */ -- 2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Nayna Jain <nayna@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org Cc: Matthew Garrett <mjg59@srcf.ucam.org>, linux-efi@vger.kernel.org, Andrew Donnellan <ajd@linux.ibm.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-kernel@vger.kernel.org, npiggin@gmail.com, Dov Murik <dovmurik@linux.ibm.com>, Dave Hansen <dave.hansen@intel.com>, linux-security-module <linux-security-module@vger.kernel.org>, Paul Mackerras <paulus@samba.org>, George Wilson <gcwilson@linux.ibm.com>, Nayna Jain <nayna@linux.ibm.com>, Stefan Berger <stefanb@linux.ibm.com> Subject: [PATCH 3/4] powerpc/pseries: initialize fwsecurityfs with plpks arch-specific structure Date: Sun, 6 Nov 2022 16:07:43 -0500 [thread overview] Message-ID: <20221106210744.603240-4-nayna@linux.ibm.com> (raw) In-Reply-To: <20221106210744.603240-1-nayna@linux.ibm.com> PowerVM PLPKS variables are exposed via fwsecurityfs. Initialize fwsecurityfs arch-specific structure with plpks configuration. Eg: [root@ltcfleet35-lp1 config]# pwd /sys/firmware/security/plpks/config [root@ltcfleet35-lp1 config]# ls -ltrh total 0 -r--r--r-- 1 root root 1 Sep 28 15:01 version -r--r--r-- 1 root root 4 Sep 28 15:01 used_space -r--r--r-- 1 root root 4 Sep 28 15:01 total_size -r--r--r-- 1 root root 2 Sep 28 15:01 max_object_size -r--r--r-- 1 root root 2 Sep 28 15:01 max_object_label_size Signed-off-by: Nayna Jain <nayna@linux.ibm.com> --- arch/powerpc/platforms/pseries/Kconfig | 10 ++ arch/powerpc/platforms/pseries/Makefile | 1 + .../platforms/pseries/fwsecurityfs_arch.c | 116 ++++++++++++++++++ include/linux/fwsecurityfs.h | 4 + 4 files changed, 131 insertions(+) create mode 100644 arch/powerpc/platforms/pseries/fwsecurityfs_arch.c diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..5fb45e601982 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -162,6 +162,16 @@ config PSERIES_PLPKS If unsure, select N. +config PSERIES_FWSECURITYFS_ARCH + select FWSECURITYFS + bool "Support fwsecurityfs for pseries" + help + Enable fwsecurityfs arch specific code. This would initialize + the firmware security filesystem with initial platform specific + structure. + + If you are unsure how to use it, say N. + config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM tristate "Support for the PAPR Storage Class Memory interface" diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..2903cff26258 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -28,6 +28,7 @@ obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PSERIES_FWSECURITYFS_ARCH) += fwsecurityfs_arch.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c b/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c new file mode 100644 index 000000000000..b43bd3cf7889 --- /dev/null +++ b/arch/powerpc/platforms/pseries/fwsecurityfs_arch.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Initialize fwsecurityfs with POWER LPAR Platform KeyStore (PLPKS) + * Copyright (C) 2022 IBM Corporation + * Author: Nayna Jain <nayna@linux.ibm.com> + * + */ + +#include <linux/fwsecurityfs.h> +#include "plpks.h" + +static struct dentry *plpks_dir; + +static ssize_t plpks_config_file_read(struct file *file, char __user *userbuf, + size_t count, loff_t *ppos) +{ + u8 out[4]; + u32 outlen; + size_t size; + char *name; + u32 data; + + name = file_dentry(file)->d_iname; + + if (strcmp(name, "max_object_size") == 0) { + outlen = sizeof(u16); + data = plpks_get_maxobjectsize(); + } else if (strcmp(name, "max_object_label_size") == 0) { + outlen = sizeof(u16); + data = plpks_get_maxobjectlabelsize(); + } else if (strcmp(name, "total_size") == 0) { + outlen = sizeof(u32); + data = plpks_get_totalsize(); + } else if (strcmp(name, "used_space") == 0) { + outlen = sizeof(u32); + data = plpks_get_usedspace(); + } else if (strcmp(name, "version") == 0) { + outlen = sizeof(u8); + data = plpks_get_version(); + } else { + return -EINVAL; + } + + memcpy(out, &data, outlen); + + size = simple_read_from_buffer(userbuf, count, ppos, out, outlen); + + return size; +} + +static const struct file_operations plpks_config_file_operations = { + .open = simple_open, + .read = plpks_config_file_read, + .llseek = no_llseek, +}; + +static int create_plpks_dir(void) +{ + struct dentry *config_dir; + struct dentry *fdentry; + + if (!IS_ENABLED(CONFIG_PSERIES_PLPKS) || !plpks_is_available()) { + pr_warn("Platform KeyStore is not available on this LPAR\n"); + return 0; + } + + plpks_dir = fwsecurityfs_create_dir("plpks", S_IFDIR | 0755, NULL, + NULL); + if (IS_ERR(plpks_dir)) { + pr_err("Unable to create PLPKS dir: %ld\n", PTR_ERR(plpks_dir)); + return PTR_ERR(plpks_dir); + } + + config_dir = fwsecurityfs_create_dir("config", S_IFDIR | 0755, plpks_dir, NULL); + if (IS_ERR(config_dir)) { + pr_err("Unable to create config dir: %ld\n", PTR_ERR(config_dir)); + return PTR_ERR(config_dir); + } + + fdentry = fwsecurityfs_create_file("max_object_size", S_IFREG | 0444, + sizeof(u16), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create max object size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("max_object_label_size", S_IFREG | 0444, + sizeof(u16), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create max object label size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("total_size", S_IFREG | 0444, + sizeof(u32), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create total size %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("used_space", S_IFREG | 0444, + sizeof(u32), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create used space %ld\n", PTR_ERR(fdentry)); + + fdentry = fwsecurityfs_create_file("version", S_IFREG | 0444, + sizeof(u8), config_dir, NULL, NULL, + &plpks_config_file_operations); + if (IS_ERR(fdentry)) + pr_err("Could not create version %ld\n", PTR_ERR(fdentry)); + + return 0; +} + +int arch_fwsecurityfs_init(void) +{ + return create_plpks_dir(); +} diff --git a/include/linux/fwsecurityfs.h b/include/linux/fwsecurityfs.h index ed8f328f3133..38fcb3cb374e 100644 --- a/include/linux/fwsecurityfs.h +++ b/include/linux/fwsecurityfs.h @@ -21,9 +21,13 @@ struct dentry *fwsecurityfs_create_dir(const char *name, umode_t mode, const struct inode_operations *iops); int fwsecurityfs_remove_dir(struct dentry *dentry); +#ifdef CONFIG_PSERIES_FWSECURITYFS_ARCH +int arch_fwsecurityfs_init(void); +#else static int arch_fwsecurityfs_init(void) { return 0; } +#endif #endif /* _FWSECURITYFS_H_ */ -- 2.31.1
next prev parent reply other threads:[~2022-11-06 21:09 UTC|newest] Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-11-06 21:07 [PATCH 0/4] powerpc/pseries: expose firmware security variables via filesystem Nayna Jain 2022-11-06 21:07 ` Nayna Jain 2022-11-06 21:07 ` [PATCH 1/4] powerpc/pseries: Add new functions to PLPKS driver Nayna Jain 2022-11-06 21:07 ` Nayna Jain 2022-11-06 21:07 ` [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs Nayna Jain 2022-11-06 21:07 ` Nayna Jain 2022-11-07 9:35 ` kernel test robot 2022-11-07 9:35 ` kernel test robot 2022-11-09 13:46 ` Greg Kroah-Hartman 2022-11-09 13:46 ` Greg Kroah-Hartman 2022-11-09 20:10 ` Nayna 2022-11-09 20:10 ` Nayna 2022-11-10 9:58 ` Greg Kroah-Hartman 2022-11-10 9:58 ` Greg Kroah-Hartman 2022-11-14 23:03 ` Nayna 2022-11-14 23:03 ` Nayna 2022-11-17 21:27 ` Greg Kroah-Hartman 2022-11-17 21:27 ` Greg Kroah-Hartman 2022-11-19 6:20 ` Nayna 2022-11-19 6:20 ` Nayna 2022-11-20 16:13 ` Greg Kroah-Hartman 2022-11-20 16:13 ` Greg Kroah-Hartman 2022-11-21 3:14 ` James Bottomley 2022-11-21 3:14 ` James Bottomley 2022-11-21 11:05 ` Greg Kroah-Hartman 2022-11-21 11:05 ` Greg Kroah-Hartman 2022-11-21 14:03 ` James Bottomley 2022-11-21 14:03 ` James Bottomley 2022-11-21 15:05 ` Greg Kroah-Hartman 2022-11-21 15:05 ` Greg Kroah-Hartman 2022-11-21 17:33 ` James Bottomley 2022-11-21 17:33 ` James Bottomley 2022-11-21 18:12 ` Greg Kroah-Hartman 2022-11-21 18:12 ` Greg Kroah-Hartman 2022-11-21 16:12 ` David Laight 2022-11-21 19:34 ` Nayna 2022-11-19 11:48 ` Ritesh Harjani (IBM) 2022-11-19 11:48 ` Ritesh Harjani (IBM) 2022-11-22 23:21 ` Nayna 2022-11-22 23:21 ` Nayna 2022-11-23 15:05 ` Nayna 2022-11-23 15:05 ` Nayna 2022-11-23 15:57 ` Greg Kroah-Hartman 2022-11-23 15:57 ` Greg Kroah-Hartman 2022-11-23 18:57 ` Nayna 2022-11-23 18:57 ` Nayna 2022-12-12 0:58 ` Andrew Donnellan 2022-12-12 0:58 ` Andrew Donnellan 2022-12-12 6:11 ` Greg Kroah-Hartman 2022-12-12 6:11 ` Greg Kroah-Hartman 2022-11-06 21:07 ` Nayna Jain [this message] 2022-11-06 21:07 ` [PATCH 3/4] powerpc/pseries: initialize fwsecurityfs with plpks arch-specific structure Nayna Jain 2022-11-07 3:52 ` kernel test robot 2022-11-07 3:52 ` kernel test robot 2022-11-06 21:07 ` [PATCH 4/4] powerpc/pseries: expose authenticated variables stored in LPAR PKS Nayna Jain 2022-11-06 21:07 ` Nayna Jain
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20221106210744.603240-4-nayna@linux.ibm.com \ --to=nayna@linux.ibm.com \ --cc=ajd@linux.ibm.com \ --cc=benh@kernel.crashing.org \ --cc=christophe.leroy@csgroup.eu \ --cc=dave.hansen@intel.com \ --cc=dovmurik@linux.ibm.com \ --cc=gcwilson@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=mjg59@srcf.ucam.org \ --cc=mpe@ellerman.id.au \ --cc=npiggin@gmail.com \ --cc=paulus@samba.org \ --cc=ruscur@russell.cc \ --cc=stefanb@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.