From: Russell Currey <rus...@russell.cc>
Move the constants defined in plpks.c to plpks.h, and standardise their
naming, so that PLPKS consumers can make use of them later on.
Signed-off-by: Russell Currey <rus...@russell.cc>
Co-developed-by: Andrew Donnellan <a...@linux.ibm.com>
Signed-off-by: Andrew Donnellan <a...@linux.ibm.com>
Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
---
v3: New patch
---
arch/powerpc/include/asm/plpks.h | 36 +++++++++++++---
arch/powerpc/platforms/pseries/plpks.c | 57 ++++++++++----------------
2 files changed, 53 insertions(+), 40 deletions(-)
diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h
index 8295502ee93b..6466aadd7145 100644
--- a/arch/powerpc/include/asm/plpks.h
+++ b/arch/powerpc/include/asm/plpks.h
@@ -14,14 +14,40 @@
#include <linux/types.h>
#include <linux/list.h>
-#define OSSECBOOTAUDIT 0x40000000
-#define OSSECBOOTENFORCE 0x20000000
-#define WORLDREADABLE 0x08000000
-#define SIGNEDUPDATE 0x01000000
+// Object policy flags from supported_policies
+#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be
audit/enforce
+#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce
+#define PLPKS_PWSET PPC_BIT32(3) // No access without password set
+#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication
+#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object
cannot be removed
+#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist
through reboot
+#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by
signed updates
+#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned
this object
-#define PLPKS_VAR_LINUX 0x02
+// Signature algorithm flags from signed_update_algorithms
+#define PLPKS_ALG_RSA2048 PPC_BIT(0)
+#define PLPKS_ALG_RSA4096 PPC_BIT(1)
+
+// Object label OS metadata flags
+#define PLPKS_VAR_LINUX 0x02
#define PLPKS_VAR_COMMON 0x04
+// Flags for which consumer owns an object is owned by
+#define PLPKS_FW_OWNER 0x1
+#define PLPKS_BOOTLOADER_OWNER 0x2
+#define PLPKS_OS_OWNER 0x3
+
+// Flags for label metadata fields
+#define PLPKS_LABEL_VERSION 0
+#define PLPKS_MAX_LABEL_ATTR_SIZE 16
+#define PLPKS_MAX_NAME_SIZE 239
+#define PLPKS_MAX_DATA_SIZE 4000
+
+// Timeouts for PLPKS operations
+#define PLPKS_MAX_TIMEOUT 5000 // msec
+#define PLPKS_FLUSH_SLEEP 10 // msec
+#define PLPKS_FLUSH_SLEEP_RANGE 400
+
struct plpks_var {
char *component;
u8 *name;
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index 13e6daadb179..91f3f623a2c7 100644
--- a/arch/powerpc/platforms/pseries/plpks.c
+++ b/arch/powerpc/platforms/pseries/plpks.c
@@ -20,19 +20,6 @@
#include <asm/machdep.h>
#include <asm/plpks.h>
-#define PKS_FW_OWNER 0x1
-#define PKS_BOOTLOADER_OWNER 0x2
-#define PKS_OS_OWNER 0x3
-
-#define LABEL_VERSION 0
-#define MAX_LABEL_ATTR_SIZE 16
-#define MAX_NAME_SIZE 239
-#define MAX_DATA_SIZE 4000
-
-#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec
-#define PKS_FLUSH_SLEEP 10 //msec
-#define PKS_FLUSH_SLEEP_RANGE 400
-
static u8 *ospassword;
static u16 ospasswordlength;
@@ -59,7 +46,7 @@ struct label_attr {
struct label {
struct label_attr attr;
- u8 name[MAX_NAME_SIZE];
+ u8 name[PLPKS_MAX_NAME_SIZE];
size_t size;
};
@@ -122,7 +109,7 @@ static int pseries_status_to_err(int rc)
static int plpks_gen_password(void)
{
unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
- u8 *password, consumer = PKS_OS_OWNER;
+ u8 *password, consumer = PLPKS_OS_OWNER;
int rc;
// The password must not cross a page boundary, so we align to the next
power of 2
@@ -159,7 +146,7 @@ static struct plpks_auth *construct_auth(u8 consumer)
{
struct plpks_auth *auth;
- if (consumer > PKS_OS_OWNER)
+ if (consumer > PLPKS_OS_OWNER)
return ERR_PTR(-EINVAL);
// The auth structure must not cross a page boundary and must be
@@ -171,7 +158,7 @@ static struct plpks_auth *construct_auth(u8 consumer)
auth->version = 1;
auth->consumer = consumer;
- if (consumer == PKS_FW_OWNER || consumer == PKS_BOOTLOADER_OWNER)
+ if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER)
return auth;
memcpy(auth->password, ospassword, ospasswordlength);
@@ -191,7 +178,7 @@ static struct label *construct_label(char *component, u8
varos, u8 *name,
struct label *label;
size_t slen;
- if (!name || namelen > MAX_NAME_SIZE)
+ if (!name || namelen > PLPKS_MAX_NAME_SIZE)
return ERR_PTR(-EINVAL);
slen = strlen(component);
@@ -206,9 +193,9 @@ static struct label *construct_label(char *component, u8
varos, u8 *name,
if (component)
memcpy(&label->attr.prefix, component, slen);
- label->attr.version = LABEL_VERSION;
+ label->attr.version = PLPKS_LABEL_VERSION;
label->attr.os = varos;
- label->attr.length = MAX_LABEL_ATTR_SIZE;
+ label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE;
memcpy(&label->name, name, namelen);
label->size = sizeof(struct label_attr) + namelen;
@@ -274,10 +261,10 @@ static int plpks_confirm_object_flushed(struct label
*label,
break;
}
- usleep_range(PKS_FLUSH_SLEEP,
- PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE);
- timeout = timeout + PKS_FLUSH_SLEEP;
- } while (timeout < PKS_FLUSH_MAX_TIMEOUT);
+ usleep_range(PLPKS_FLUSH_SLEEP,
+ PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE);
+ timeout = timeout + PLPKS_FLUSH_SLEEP;
+ } while (timeout < PLPKS_MAX_TIMEOUT);
if (timed_out)
return -ETIMEDOUT;
@@ -293,13 +280,13 @@ int plpks_write_var(struct plpks_var var)
int rc;
if (!var.component || !var.data || var.datalen <= 0 ||
- var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE)
+ var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen >
PLPKS_MAX_DATA_SIZE)
return -EINVAL;
- if (var.policy & SIGNEDUPDATE)
+ if (var.policy & PLPKS_SIGNEDUPDATE)
return -EINVAL;
- auth = construct_auth(PKS_OS_OWNER);
+ auth = construct_auth(PLPKS_OS_OWNER);
if (IS_ERR(auth))
return PTR_ERR(auth);
@@ -331,10 +318,10 @@ int plpks_remove_var(char *component, u8 varos, struct
plpks_var_name vname)
struct label *label;
int rc;
- if (!component || vname.namelen > MAX_NAME_SIZE)
+ if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE)
return -EINVAL;
- auth = construct_auth(PKS_OS_OWNER);
+ auth = construct_auth(PLPKS_OS_OWNER);
if (IS_ERR(auth))
return PTR_ERR(auth);
@@ -366,14 +353,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var
*var)
u8 *output;
int rc;
- if (var->namelen > MAX_NAME_SIZE)
+ if (var->namelen > PLPKS_MAX_NAME_SIZE)
return -EINVAL;
auth = construct_auth(consumer);
if (IS_ERR(auth))
return PTR_ERR(auth);
- if (consumer == PKS_OS_OWNER) {
+ if (consumer == PLPKS_OS_OWNER) {
label = construct_label(var->component, var->os, var->name,
var->namelen);
if (IS_ERR(label)) {
@@ -388,7 +375,7 @@ static int plpks_read_var(u8 consumer, struct plpks_var
*var)
goto out_free_label;
}
- if (consumer == PKS_OS_OWNER)
+ if (consumer == PLPKS_OS_OWNER)
rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
virt_to_phys(label), label->size,
virt_to_phys(output),
maxobjsize);
@@ -428,17 +415,17 @@ static int plpks_read_var(u8 consumer, struct plpks_var
*var)
int plpks_read_os_var(struct plpks_var *var)
{
- return plpks_read_var(PKS_OS_OWNER, var);
+ return plpks_read_var(PLPKS_OS_OWNER, var);
}
int plpks_read_fw_var(struct plpks_var *var)
{
- return plpks_read_var(PKS_FW_OWNER, var);
+ return plpks_read_var(PLPKS_FW_OWNER, var);
}
int plpks_read_bootloader_var(struct plpks_var *var)
{
- return plpks_read_var(PKS_BOOTLOADER_OWNER, var);
+ return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var);
}
static __init int pseries_plpks_init(void)
--
2.39.1
