Reviewed-by: Greg Joyce <gjo...@linux.vnet.ibm.com>
Tested-by: Greg Joyce <gjo...@linux.vnet.ibm.com>
On Sat, 2022-07-23 at 07:30 -0400, Nayna Jain wrote:
> PowerVM provides an isolated Platform Keystore(PKS) storage
> allocation
> for each LPAR with individually managed access controls to store
> sensitive information securely. It provides a new set of hypervisor
> calls for Linux kernel to access PKS storage.
>
> Define POWER LPAR Platform KeyStore(PLPKS) driver using H_CALL
> interface
> to access PKS storage.
>
> Signed-off-by: Nayna Jain <na...@linux.ibm.com>
> ---
> arch/powerpc/include/asm/hvcall.h | 11 +
> arch/powerpc/platforms/pseries/Kconfig | 13 +
> arch/powerpc/platforms/pseries/Makefile | 1 +
> arch/powerpc/platforms/pseries/plpks.c | 460
> ++++++++++++++++++++++++
> arch/powerpc/platforms/pseries/plpks.h | 71 ++++
> 5 files changed, 556 insertions(+)
> create mode 100644 arch/powerpc/platforms/pseries/plpks.c
> create mode 100644 arch/powerpc/platforms/pseries/plpks.h
>
> diff --git a/arch/powerpc/include/asm/hvcall.h
> b/arch/powerpc/include/asm/hvcall.h
> index d92a20a85395..9f707974af1a 100644
> --- a/arch/powerpc/include/asm/hvcall.h
> +++ b/arch/powerpc/include/asm/hvcall.h
> @@ -79,6 +79,7 @@
> #define H_NOT_ENOUGH_RESOURCES -44
> #define H_R_STATE -45
> #define H_RESCINDED -46
> +#define H_P1 -54
> #define H_P2 -55
> #define H_P3 -56
> #define H_P4 -57
> @@ -97,6 +98,8 @@
> #define H_OP_MODE -73
> #define H_COP_HW -74
> #define H_STATE -75
> +#define H_IN_USE -77
> +#define H_ABORTED -78
> #define H_UNSUPPORTED_FLAG_START -256
> #define H_UNSUPPORTED_FLAG_END -511
> #define H_MULTI_THREADS_ACTIVE -9005
> @@ -321,6 +324,14 @@
> #define H_SCM_UNBIND_ALL 0x3FC
> #define H_SCM_HEALTH 0x400
> #define H_SCM_PERFORMANCE_STATS 0x418
> +#define H_PKS_GET_CONFIG 0x41C
> +#define H_PKS_SET_PASSWORD 0x420
> +#define H_PKS_GEN_PASSWORD 0x424
> +#define H_PKS_WRITE_OBJECT 0x42C
> +#define H_PKS_GEN_KEY 0x430
> +#define H_PKS_READ_OBJECT 0x434
> +#define H_PKS_REMOVE_OBJECT 0x438
> +#define H_PKS_CONFIRM_OBJECT_FLUSHED 0x43C
> #define H_RPT_INVALIDATE 0x448
> #define H_SCM_FLUSH 0x44C
> #define H_GET_ENERGY_SCALE_INFO 0x450
> diff --git a/arch/powerpc/platforms/pseries/Kconfig
> b/arch/powerpc/platforms/pseries/Kconfig
> index f7fd91d153a4..c4a6d4083a7a 100644
> --- a/arch/powerpc/platforms/pseries/Kconfig
> +++ b/arch/powerpc/platforms/pseries/Kconfig
> @@ -142,6 +142,19 @@ config IBMEBUS
> help
> Bus device driver for GX bus based adapters.
>
> +config PSERIES_PLPKS
> + depends on PPC_PSERIES
> + bool "Support for the Platform Key Storage"
> + help
> + PowerVM provides an isolated Platform Keystore(PKS) storage
> + allocation for each LPAR with individually managed access
> + controls to store sensitive information securely. It can be
> + used to store asymmetric public keys or secrets as required
> + by different usecases. Select this config to enable
> + operating system interface to hypervisor to access this
> space.
> +
> + If unsure, select N.
> +
> config PAPR_SCM
> depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
> tristate "Support for the PAPR Storage Class Memory interface"
> diff --git a/arch/powerpc/platforms/pseries/Makefile
> b/arch/powerpc/platforms/pseries/Makefile
> index 7aaff5323544..14e143b946a3 100644
> --- a/arch/powerpc/platforms/pseries/Makefile
> +++ b/arch/powerpc/platforms/pseries/Makefile
> @@ -28,6 +28,7 @@ obj-$(CONFIG_PAPR_SCM) += papr_scm.o
> obj-$(CONFIG_PPC_SPLPAR) += vphn.o
> obj-$(CONFIG_PPC_SVM) += svm.o
> obj-$(CONFIG_FA_DUMP) += rtas-fadump.o
> +obj-$(CONFIG_PSERIES_PLPKS) += plpks.o
>
> obj-$(CONFIG_SUSPEND) += suspend.o
> obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o
> diff --git a/arch/powerpc/platforms/pseries/plpks.c
> b/arch/powerpc/platforms/pseries/plpks.c
> new file mode 100644
> index 000000000000..52aaa2894606
> --- /dev/null
> +++ b/arch/powerpc/platforms/pseries/plpks.c
> @@ -0,0 +1,460 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * POWER LPAR Platform KeyStore(PLPKS)
> + * Copyright (C) 2022 IBM Corporation
> + * Author: Nayna Jain <na...@linux.ibm.com>
> + *
> + * Provides access to variables stored in Power LPAR Platform
> KeyStore(PLPKS).
> + */
> +
> +#define pr_fmt(fmt) "plpks: " fmt
> +
> +#include <linux/delay.h>
> +#include <linux/errno.h>
> +#include <linux/io.h>
> +#include <linux/printk.h>
> +#include <linux/slab.h>
> +#include <linux/string.h>
> +#include <linux/types.h>
> +#include <asm/hvcall.h>
> +
> +#include "plpks.h"
> +
> +#define PKS_FW_OWNER 0x1
> +#define PKS_BOOTLOADER_OWNER 0x2
> +#define PKS_OS_OWNER 0x3
> +
> +#define LABEL_VERSION 0
> +#define MAX_LABEL_ATTR_SIZE 16
> +#define MAX_NAME_SIZE 239
> +#define MAX_DATA_SIZE 4000
> +
> +#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec
> +#define PKS_FLUSH_SLEEP 10 //msec
> +#define PKS_FLUSH_SLEEP_RANGE 400
> +
> +static u8 *ospassword;
> +static u16 ospasswordlength;
> +
> +// Retrieved with H_PKS_GET_CONFIG
> +static u16 maxpwsize;
> +static u16 maxobjsize;
> +
> +struct plpks_auth {
> + u8 version;
> + u8 consumer;
> + __be64 rsvd0;
> + __be32 rsvd1;
> + __be16 passwordlength;
> + u8 password[];
> +} __packed __aligned(16);
> +
> +struct label_attr {
> + u8 prefix[8];
> + u8 version;
> + u8 os;
> + u8 length;
> + u8 reserved[5];
> +};
> +
> +struct label {
> + struct label_attr attr;
> + u8 name[MAX_NAME_SIZE];
> + size_t size;
> +};
> +
> +static int pseries_status_to_err(int rc)
> +{
> + int err;
> +
> + switch (rc) {
> + case H_SUCCESS:
> + err = 0;
> + break;
> + case H_FUNCTION:
> + err = -ENXIO;
> + break;
> + case H_P1:
> + case H_P2:
> + case H_P3:
> + case H_P4:
> + case H_P5:
> + case H_P6:
> + err = -EINVAL;
> + break;
> + case H_NOT_FOUND:
> + err = -ENOENT;
> + break;
> + case H_BUSY:
> + err = -EBUSY;
> + break;
> + case H_AUTHORITY:
> + err = -EPERM;
> + break;
> + case H_NO_MEM:
> + err = -ENOMEM;
> + break;
> + case H_RESOURCE:
> + err = -EEXIST;
> + break;
> + case H_TOO_BIG:
> + err = -EFBIG;
> + break;
> + case H_STATE:
> + err = -EIO;
> + break;
> + case H_R_STATE:
> + err = -EIO;
> + break;
> + case H_IN_USE:
> + err = -EEXIST;
> + break;
> + case H_ABORTED:
> + err = -EINTR;
> + break;
> + default:
> + err = -EINVAL;
> + }
> +
> + return err;
> +}
> +
> +static int plpks_gen_password(void)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + u8 *password, consumer = PKS_OS_OWNER;
> + int rc;
> +
> + password = kzalloc(maxpwsize, GFP_KERNEL);
> + if (!password)
> + return -ENOMEM;
> +
> + rc = plpar_hcall(H_PKS_GEN_PASSWORD, retbuf, consumer, 0,
> + virt_to_phys(password), maxpwsize);
> +
> + if (!rc) {
> + ospasswordlength = maxpwsize;
> + ospassword = kzalloc(maxpwsize, GFP_KERNEL);
> + if (!ospassword) {
> + kfree(password);
> + return -ENOMEM;
> + }
> + memcpy(ospassword, password, ospasswordlength);
> + } else {
> + if (rc == H_IN_USE) {
> + pr_warn("Password is already set for POWER LPAR
> Platform KeyStore\n");
> + rc = 0;
> + } else {
> + goto out;
> + }
> + }
> +out:
> + kfree(password);
> +
> + return pseries_status_to_err(rc);
> +}
> +
> +static struct plpks_auth *construct_auth(u8 consumer)
> +{
> + struct plpks_auth *auth;
> +
> + if (consumer > PKS_OS_OWNER)
> + return ERR_PTR(-EINVAL);
> +
> + auth = kmalloc(struct_size(auth, password, maxpwsize),
> GFP_KERNEL);
> + if (!auth)
> + return ERR_PTR(-ENOMEM);
> +
> + auth->version = 1;
> + auth->consumer = consumer;
> + auth->rsvd0 = 0;
> + auth->rsvd1 = 0;
> +
> + if (consumer == PKS_FW_OWNER || consumer ==
> PKS_BOOTLOADER_OWNER) {
> + auth->passwordlength = 0;
> + return auth;
> + }
> +
> + memcpy(auth->password, ospassword, ospasswordlength);
> +
> + auth->passwordlength = cpu_to_be16(ospasswordlength);
> +
> + return auth;
> +}
> +
> +/**
> + * Label is combination of label attributes + name.
> + * Label attributes are used internally by kernel and not exposed to
> the user.
> + */
> +static struct label *construct_label(char *component, u8 varos, u8
> *name,
> + u16 namelen)
> +{
> + struct label *label;
> + size_t slen;
> +
> + if (!name || namelen > MAX_NAME_SIZE)
> + return ERR_PTR(-EINVAL);
> +
> + slen = strlen(component);
> + if (component && slen > sizeof(label->attr.prefix))
> + return ERR_PTR(-EINVAL);
> +
> + label = kzalloc(sizeof(*label), GFP_KERNEL);
> + if (!label)
> + return ERR_PTR(-ENOMEM);
> +
> + if (component)
> + memcpy(&label->attr.prefix, component, slen);
> +
> + label->attr.version = LABEL_VERSION;
> + label->attr.os = varos;
> + label->attr.length = MAX_LABEL_ATTR_SIZE;
> + memcpy(&label->name, name, namelen);
> +
> + label->size = sizeof(struct label_attr) + namelen;
> +
> + return label;
> +}
> +
> +static int _plpks_get_config(void)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + struct {
> + u8 version;
> + u8 flags;
> + __be32 rsvd0;
> + __be16 maxpwsize;
> + __be16 maxobjlabelsize;
> + __be16 maxobjsize;
> + __be32 totalsize;
> + __be32 usedspace;
> + __be32 supportedpolicies;
> + __be64 rsvd1;
> + } __packed config;
> + size_t size;
> + int rc;
> +
> + size = sizeof(config);
> +
> + rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf,
> virt_to_phys(&config), size);
> +
> + if (rc != H_SUCCESS)
> + return pseries_status_to_err(rc);
> +
> + maxpwsize = be16_to_cpu(config.maxpwsize);
> + maxobjsize = be16_to_cpu(config.maxobjsize);
> +
> + return 0;
> +}
> +
> +static int plpks_confirm_object_flushed(struct label *label,
> + struct plpks_auth *auth)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + u64 timeout = 0;
> + u8 status;
> + int rc;
> +
> + do {
> + rc = plpar_hcall(H_PKS_CONFIRM_OBJECT_FLUSHED, retbuf,
> + virt_to_phys(auth),
> virt_to_phys(label),
> + label->size);
> +
> + status = retbuf[0];
> + if (rc) {
> + if (rc == H_NOT_FOUND && status == 1)
> + rc = 0;
> + break;
> + }
> +
> + if (!rc && status == 1)
> + break;
> +
> + usleep_range(PKS_FLUSH_SLEEP,
> + PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE);
> + timeout = timeout + PKS_FLUSH_SLEEP;
> + } while (timeout < PKS_FLUSH_MAX_TIMEOUT);
> +
> + rc = pseries_status_to_err(rc);
> +
> + return rc;
> +}
> +
> +int plpks_write_var(struct plpks_var var)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + struct plpks_auth *auth;
> + struct label *label;
> + int rc;
> +
> + if (!var.component || !var.data || var.datalen <= 0 ||
> + var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE)
> + return -EINVAL;
> +
> + if (var.policy & SIGNEDUPDATE)
> + return -EINVAL;
> +
> + auth = construct_auth(PKS_OS_OWNER);
> + if (IS_ERR(auth))
> + return PTR_ERR(auth);
> +
> + label = construct_label(var.component, var.os, var.name,
> var.namelen);
> + if (IS_ERR(label)) {
> + rc = PTR_ERR(label);
> + goto out;
> + }
> +
> + rc = plpar_hcall(H_PKS_WRITE_OBJECT, retbuf,
> virt_to_phys(auth),
> + virt_to_phys(label), label->size, var.policy,
> + virt_to_phys(var.data), var.datalen);
> +
> + if (!rc)
> + rc = plpks_confirm_object_flushed(label, auth);
> +
> + if (rc)
> + pr_err("Failed to write variable %s for component %s
> with error %d\n",
> + var.name, var.component, rc);
> +
> + rc = pseries_status_to_err(rc);
> + kfree(label);
> +out:
> + kfree(auth);
> +
> + return rc;
> +}
> +
> +int plpks_remove_var(char *component, u8 varos, struct
> plpks_var_name vname)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + struct plpks_auth *auth;
> + struct label *label;
> + int rc;
> +
> + if (!component || vname.namelen > MAX_NAME_SIZE)
> + return -EINVAL;
> +
> + auth = construct_auth(PKS_OS_OWNER);
> + if (IS_ERR(auth))
> + return PTR_ERR(auth);
> +
> + label = construct_label(component, varos, vname.name,
> vname.namelen);
> + if (IS_ERR(label)) {
> + rc = PTR_ERR(label);
> + goto out;
> + }
> +
> + rc = plpar_hcall(H_PKS_REMOVE_OBJECT, retbuf,
> virt_to_phys(auth),
> + virt_to_phys(label), label->size);
> +
> + if (!rc)
> + rc = plpks_confirm_object_flushed(label, auth);
> +
> + if (rc)
> + pr_err("Failed to remove variable %s for component %s
> with error %d\n",
> + vname.name, component, rc);
> +
> + rc = pseries_status_to_err(rc);
> + kfree(label);
> +out:
> + kfree(auth);
> +
> + return rc;
> +}
> +
> +static int plpks_read_var(u8 consumer, struct plpks_var *var)
> +{
> + unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
> + struct plpks_auth *auth;
> + struct label *label;
> + u8 *output;
> + int rc;
> +
> + if (var->namelen > MAX_NAME_SIZE)
> + return -EINVAL;
> +
> + auth = construct_auth(PKS_OS_OWNER);
> + if (IS_ERR(auth))
> + return PTR_ERR(auth);
> +
> + label = construct_label(var->component, var->os, var->name,
> + var->namelen);
> + if (IS_ERR(label)) {
> + rc = PTR_ERR(label);
> + goto out_free_auth;
> + }
> +
> + output = kzalloc(maxobjsize, GFP_KERNEL);
> + if (!output) {
> + rc = -ENOMEM;
> + goto out_free_label;
> + }
> +
> + rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
> + virt_to_phys(label), label->size,
> virt_to_phys(output),
> + maxobjsize);
> +
> + if (rc != H_SUCCESS) {
> + pr_err("Failed to read variable %s for component %s
> with error %d\n",
> + var->name, var->component, rc);
> + rc = pseries_status_to_err(rc);
> + goto out_free_output;
> + }
> +
> + if (var->datalen == 0 || var->datalen > retbuf[0])
> + var->datalen = retbuf[0];
> +
> + var->data = kzalloc(var->datalen, GFP_KERNEL);
> + if (!var->data) {
> + rc = -ENOMEM;
> + goto out_free_output;
> + }
> + var->policy = retbuf[1];
> +
> + memcpy(var->data, output, var->datalen);
> + rc = 0;
> +
> +out_free_output:
> + kfree(output);
> +out_free_label:
> + kfree(label);
> +out_free_auth:
> + kfree(auth);
> +
> + return rc;
> +}
> +
> +int plpks_read_os_var(struct plpks_var *var)
> +{
> + return plpks_read_var(PKS_OS_OWNER, var);
> +}
> +
> +int plpks_read_fw_var(struct plpks_var *var)
> +{
> + return plpks_read_var(PKS_FW_OWNER, var);
> +}
> +
> +int plpks_read_bootloader_var(struct plpks_var *var)
> +{
> + return plpks_read_var(PKS_BOOTLOADER_OWNER, var);
> +}
> +
> +static __init int pseries_plpks_init(void)
> +{
> + int rc;
> +
> + rc = _plpks_get_config();
> +
> + if (rc) {
> + pr_err("POWER LPAR Platform KeyStore is not supported
> or enabled\n");
> + return rc;
> + }
> +
> + rc = plpks_gen_password();
> + if (rc)
> + pr_err("Failed setting POWER LPAR Platform KeyStore
> Password\n");
> + else
> + pr_info("POWER LPAR Platform KeyStore initialized
> successfully\n");
> +
> + return rc;
> +}
> +arch_initcall(pseries_plpks_init);
> diff --git a/arch/powerpc/platforms/pseries/plpks.h
> b/arch/powerpc/platforms/pseries/plpks.h
> new file mode 100644
> index 000000000000..c6a291367bb1
> --- /dev/null
> +++ b/arch/powerpc/platforms/pseries/plpks.h
> @@ -0,0 +1,71 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright (C) 2022 IBM Corporation
> + * Author: Nayna Jain <na...@linux.ibm.com>
> + *
> + * Platform keystore for pseries LPAR(PLPKS).
> + */
> +
> +#ifndef _PSERIES_PLPKS_H
> +#define _PSERIES_PLPKS_H
> +
> +#include <linux/types.h>
> +#include <linux/list.h>
> +
> +#define OSSECBOOTAUDIT 0x40000000
> +#define OSSECBOOTENFORCE 0x20000000
> +#define WORLDREADABLE 0x08000000
> +#define SIGNEDUPDATE 0x01000000
> +
> +#define PLPKS_VAR_LINUX 0x01
> +#define PLPKS_VAR_COMMON 0x04
> +
> +struct plpks_var {
> + char *component;
> + u8 *name;
> + u8 *data;
> + u32 policy;
> + u16 namelen;
> + u16 datalen;
> + u8 os;
> +};
> +
> +struct plpks_var_name {
> + u8 *name;
> + u16 namelen;
> +};
> +
> +struct plpks_var_name_list {
> + u32 varcount;
> + struct plpks_var_name varlist[];
> +};
> +
> +/**
> + * Writes the specified var and its data to PKS.
> + * Any caller of PKS driver should present a valid component type
> for
> + * their variable.
> + */
> +int plpks_write_var(struct plpks_var var);
> +
> +/**
> + * Removes the specified var and its data from PKS.
> + */
> +int plpks_remove_var(char *component, u8 varos,
> + struct plpks_var_name vname);
> +
> +/**
> + * Returns the data for the specified os variable.
> + */
> +int plpks_read_os_var(struct plpks_var *var);
> +
> +/**
> + * Returns the data for the specified firmware variable.
> + */
> +int plpks_read_fw_var(struct plpks_var *var);
> +
> +/**
> + * Returns the data for the specified bootloader variable.
> + */
> +int plpks_read_bootloader_var(struct plpks_var *var);
> +
> +#endif
