Commit 40850c90 authored by Srish Srinivasan's avatar Srish Srinivasan Committed by Madhavan Srinivasan
Browse files

powerpc/pseries: move the PLPKS config inside its own sysfs directory 



The /sys/firmware/secvar/config directory represents Power LPAR Platform
KeyStore (PLPKS) configuration properties such as max_object_size, signed_
update_algorithms, supported_policies, total_size, used_space, and version.
These attributes describe the PLPKS, and not the secure boot variables
(secvars).

Create /sys/firmware/plpks directory and move the PLPKS config inside this
directory. For backwards compatibility, create a soft link from the secvar
sysfs directory to this config and emit a warning stating that the older
sysfs path has been deprecated. Separate out the plpks specific
documentation from secvar.

Signed-off-by: default avatarSrish Srinivasan <ssrish@linux.ibm.com>
Tested-by: default avatarNayna Jain <nayna@linux.ibm.com>
Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: default avatarNayna Jain <nayna@linux.ibm.com>
Signed-off-by: default avatarMadhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20260127145228.48320-3-ssrish@linux.ibm.com
parent 88372ad4

Documentation/ABI/testing/sysfs-firmware-plpks

0 → 100644
+50 −0
Original line number Diff line number Diff line 
What:		/sys/firmware/plpks/config

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	This optional directory contains read-only config attributes as

		defined by the PLPKS implementation. All data is in ASCII

		format.



What:		/sys/firmware/plpks/config/version

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Config version as reported by the hypervisor in ASCII decimal

		format.



What:		/sys/firmware/plpks/config/max_object_size

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Maximum allowed size of	objects in the keystore in bytes,

		represented in ASCII decimal format.



		This is not necessarily the same as the max size that can be

		written to an update file as writes can contain more than

		object data, you should use the size of the update file for

		that purpose.



What:		/sys/firmware/plpks/config/total_size

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Total size of the PLPKS in bytes, represented in ASCII decimal

		format.



What:		/sys/firmware/plpks/config/used_space

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Current space consumed by the key store, in bytes, represented

		in ASCII decimal format.



What:		/sys/firmware/plpks/config/supported_policies

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Bitmask of supported policy flags by the hypervisor, represented

		as an 8 byte hexadecimal ASCII string. Consult the hypervisor

		documentation for what these flags are.



What:		/sys/firmware/plpks/config/signed_update_algorithms

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Bitmask of flags indicating which algorithms the hypervisor

		supports for signed update of objects, represented as a 16 byte

		hexadecimal ASCII string. Consult the hypervisor documentation

		for what these flags mean.

Documentation/ABI/testing/sysfs-secvar

+0 −65
Original line number Diff line number Diff line
@@ -63,68 +63,3 @@ Contact: Nayna Jain <nayna@linux.ibm.com> 
Description:	A write-only file that is used to submit the new value for the

		variable. The size of the file represents the maximum size of

		the variable data that can be written.
 


What:		/sys/firmware/secvar/config

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	This optional directory contains read-only config attributes as

		defined by the secure variable implementation.  All data is in

		ASCII format. The directory is only created if the backing

		implementation provides variables to populate it, which at

		present is only PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/version

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Config version as reported by the hypervisor in ASCII decimal

		format.



		Currently only provided by PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/max_object_size

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Maximum allowed size of	objects in the keystore in bytes,

		represented in ASCII decimal format.



		This is not necessarily the same as the max size that can be

		written to an update file as writes can contain more than

		object data, you should use the size of the update file for

		that purpose.



		Currently only provided by PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/total_size

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Total size of the PLPKS in bytes, represented in ASCII decimal

		format.



		Currently only provided by PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/used_space

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Current space consumed by the key store, in bytes, represented

		in ASCII decimal format.



		Currently only provided by PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/supported_policies

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Bitmask of supported policy flags by the hypervisor,

		represented as an 8 byte hexadecimal ASCII string. Consult the

		hypervisor documentation for what these flags are.



		Currently only provided by PLPKS on the pseries platform.



What:		/sys/firmware/secvar/config/signed_update_algorithms

Date:		February 2023

Contact:	Nayna Jain <nayna@linux.ibm.com>

Description:	Bitmask of flags indicating which algorithms the hypervisor

		supports for signed update of objects, represented as a 16 byte

		hexadecimal ASCII string. Consult the hypervisor documentation

		for what these flags mean.



		Currently only provided by PLPKS on the pseries platform.

arch/powerpc/include/asm/plpks.h

+5 −0
Original line number Diff line number Diff line
@@ -13,6 +13,7 @@ 


#include <linux/types.h>

#include <linux/list.h>

#include <linux/kobject.h>



// Object policy flags from supported_policies

#define PLPKS_OSSECBOOTAUDIT	PPC_BIT32(1) // OS secure boot must be audit/enforce
@@ -107,11 +108,15 @@ u16 plpks_get_passwordlen(void); 
void plpks_early_init_devtree(void);



int plpks_populate_fdt(void *fdt);



int plpks_config_create_softlink(struct kobject *from);

#else // CONFIG_PSERIES_PLPKS

static inline bool plpks_is_available(void) { return false; }

static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); }

static inline void plpks_early_init_devtree(void) { }

static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); }

static inline int plpks_config_create_softlink(struct kobject *from)

						{ return 0; }

#endif // CONFIG_PSERIES_PLPKS



#endif // _ASM_POWERPC_PLPKS_H

arch/powerpc/include/asm/secvar.h

+0 −1
Original line number Diff line number Diff line
@@ -20,7 +20,6 @@ struct secvar_operations { 
	int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size);

	ssize_t (*format)(char *buf, size_t bufsize);

	int (*max_size)(u64 *max_size);

	const struct attribute **config_attrs;



	// NULL-terminated array of fixed variable names

	// Only used if get_next() isn't provided

arch/powerpc/kernel/secvar-sysfs.c

+6 −15
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ 
#include <linux/string.h>

#include <linux/of.h>

#include <asm/secvar.h>

#include <asm/plpks.h>



#define NAME_MAX_SIZE	   1024
@@ -145,19 +146,6 @@ static __init int update_kobj_size(void) 
	return 0;

}



static __init int secvar_sysfs_config(struct kobject *kobj)

{

	struct attribute_group config_group = {

		.name = "config",

		.attrs = (struct attribute **)secvar_ops->config_attrs,

	};



	if (secvar_ops->config_attrs)

		return sysfs_create_group(kobj, &config_group);



	return 0;

}



static __init int add_var(const char *name)

{

	struct kobject *kobj;
@@ -260,12 +248,15 @@ static __init int secvar_sysfs_init(void) 
		goto err;

	}



	rc = secvar_sysfs_config(secvar_kobj);

	rc = plpks_config_create_softlink(secvar_kobj);

	if (rc) {

		pr_err("Failed to create config directory\n");

		pr_err("Failed to create softlink to PLPKS config directory");

		goto err;

	}



	pr_info("/sys/firmware/secvar/config is now deprecated.\n");

	pr_info("Will be removed in future versions.\n");



	if (secvar_ops->get_next)

		rc = secvar_sysfs_load();

	else