blob: e87f90e40d4e74d25687ded237f5d54947eca853 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2022 IBM Corporation
* Author: Nayna Jain <nayna@linux.ibm.com>
*
* Platform keystore for pseries LPAR(PLPKS).
*/
#ifndef _ASM_POWERPC_PLPKS_H
#define _ASM_POWERPC_PLPKS_H
#ifdef CONFIG_PSERIES_PLPKS
#include <linux/types.h>
#include <linux/list.h>
#include <linux/kobject.h>
// Object policy flags from supported_policies
#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce
#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce
#define PLPKS_PWSET PPC_BIT32(3) // No access without password set
#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication
#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed
#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot
#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates
#define PLPKS_WRAPPINGKEY PPC_BIT32(8) // Object contains a wrapping key
#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object
// Signature algorithm flags from signed_update_algorithms
#define PLPKS_ALG_RSA2048 PPC_BIT(0)
#define PLPKS_ALG_RSA4096 PPC_BIT(1)
// Object label OS metadata flags
#define PLPKS_VAR_LINUX 0x02
#define PLPKS_VAR_COMMON 0x04
// Flags for which consumer owns an object is owned by
#define PLPKS_FW_OWNER 0x1
#define PLPKS_BOOTLOADER_OWNER 0x2
#define PLPKS_OS_OWNER 0x3
// Flags for label metadata fields
#define PLPKS_LABEL_VERSION 0
#define PLPKS_MAX_LABEL_ATTR_SIZE 16
#define PLPKS_MAX_NAME_SIZE 239
#define PLPKS_MAX_DATA_SIZE 4000
// Timeouts for PLPKS operations
#define PLPKS_MAX_TIMEOUT (5 * USEC_PER_SEC)
#define PLPKS_FLUSH_SLEEP 10000 // usec
struct plpks_var {
char *component;
u8 *name;
u8 *data;
u32 policy;
u16 namelen;
u16 datalen;
u8 os;
};
struct plpks_var_name {
u8 *name;
u16 namelen;
};
struct plpks_var_name_list {
u32 varcount;
struct plpks_var_name varlist[];
};
int plpks_signed_update_var(struct plpks_var *var, u64 flags);
int plpks_write_var(struct plpks_var var);
int plpks_remove_var(char *component, u8 varos,
struct plpks_var_name vname);
int plpks_read_os_var(struct plpks_var *var);
int plpks_read_fw_var(struct plpks_var *var);
int plpks_read_bootloader_var(struct plpks_var *var);
bool plpks_is_available(void);
u8 plpks_get_version(void);
u16 plpks_get_objoverhead(void);
u16 plpks_get_maxpwsize(void);
u16 plpks_get_maxobjectsize(void);
u16 plpks_get_maxobjectlabelsize(void);
u32 plpks_get_totalsize(void);
u32 plpks_get_usedspace(void);
u32 plpks_get_supportedpolicies(void);
u32 plpks_get_maxlargeobjectsize(void);
u64 plpks_get_signedupdatealgorithms(void);
u64 plpks_get_wrappingfeatures(void);
u16 plpks_get_passwordlen(void);
void plpks_early_init_devtree(void);
int plpks_populate_fdt(void *fdt);
int plpks_config_create_softlink(struct kobject *from);
bool plpks_wrapping_is_supported(void);
int plpks_gen_wrapping_key(void);
int plpks_wrap_object(u8 **input_buf, u32 input_len, u16 wrap_flags,
u8 **output_buf, u32 *output_len);
int plpks_unwrap_object(u8 **input_buf, u32 input_len,
u8 **output_buf, u32 *output_len);
#else // CONFIG_PSERIES_PLPKS
static inline bool plpks_is_available(void) { return false; }
static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); }
static inline void plpks_early_init_devtree(void) { }
static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); }
static inline int plpks_config_create_softlink(struct kobject *from)
{ return 0; }
#endif // CONFIG_PSERIES_PLPKS
#endif // _ASM_POWERPC_PLPKS_H
|
