~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/arch/powerpc/platforms/pseries/plpks_sed_ops.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0-only
  2 /*
  3  * POWER Platform specific code for non-volatile SED key access
  4  * Copyright (C) 2022 IBM Corporation
  5  *
  6  * Define operations for SED Opal to read/write keys
  7  * from POWER LPAR Platform KeyStore(PLPKS).
  8  *
  9  * Self Encrypting Drives(SED) key storage using PLPKS
 10  */
 11 
 12 #include <linux/kernel.h>
 13 #include <linux/slab.h>
 14 #include <linux/string.h>
 15 #include <linux/ioctl.h>
 16 #include <linux/sed-opal-key.h>
 17 #include <asm/plpks.h>
 18 
 19 static bool plpks_sed_initialized = false;
 20 static bool plpks_sed_available = false;
 21 
 22 /*
 23  * structure that contains all SED data
 24  */
 25 struct plpks_sed_object_data {
 26         u_char version;
 27         u_char pad1[7];
 28         u_long authority;
 29         u_long range;
 30         u_int  key_len;
 31         u_char key[32];
 32 };
 33 
 34 #define PLPKS_SED_OBJECT_DATA_V0        0
 35 #define PLPKS_SED_MANGLED_LABEL         "/default/pri"
 36 #define PLPKS_SED_COMPONENT             "sed-opal"
 37 #define PLPKS_SED_KEY                   "opal-boot-pin"
 38 
 39 /*
 40  * authority is admin1 and range is global
 41  */
 42 #define PLPKS_SED_AUTHORITY  0x0000000900010001
 43 #define PLPKS_SED_RANGE      0x0000080200000001
 44 
 45 static void plpks_init_var(struct plpks_var *var, char *keyname)
 46 {
 47         if (!plpks_sed_initialized) {
 48                 plpks_sed_initialized = true;
 49                 plpks_sed_available = plpks_is_available();
 50                 if (!plpks_sed_available)
 51                         pr_err("SED: plpks not available\n");
 52         }
 53 
 54         var->name = keyname;
 55         var->namelen = strlen(keyname);
 56         if (strcmp(PLPKS_SED_KEY, keyname) == 0) {
 57                 var->name = PLPKS_SED_MANGLED_LABEL;
 58                 var->namelen = strlen(keyname);
 59         }
 60         var->policy = PLPKS_WORLDREADABLE;
 61         var->os = PLPKS_VAR_COMMON;
 62         var->data = NULL;
 63         var->datalen = 0;
 64         var->component = PLPKS_SED_COMPONENT;
 65 }
 66 
 67 /*
 68  * Read the SED Opal key from PLPKS given the label
 69  */
 70 int sed_read_key(char *keyname, char *key, u_int *keylen)
 71 {
 72         struct plpks_var var;
 73         struct plpks_sed_object_data data;
 74         int ret;
 75         u_int len;
 76 
 77         plpks_init_var(&var, keyname);
 78 
 79         if (!plpks_sed_available)
 80                 return -EOPNOTSUPP;
 81 
 82         var.data = (u8 *)&data;
 83         var.datalen = sizeof(data);
 84 
 85         ret = plpks_read_os_var(&var);
 86         if (ret != 0)
 87                 return ret;
 88 
 89         len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
 90         memcpy(key, data.key, len);
 91         key[len] = '\0';
 92         *keylen = len;
 93 
 94         return 0;
 95 }
 96 
 97 /*
 98  * Write the SED Opal key to PLPKS given the label
 99  */
100 int sed_write_key(char *keyname, char *key, u_int keylen)
101 {
102         struct plpks_var var;
103         struct plpks_sed_object_data data;
104         struct plpks_var_name vname;
105 
106         plpks_init_var(&var, keyname);
107 
108         if (!plpks_sed_available)
109                 return -EOPNOTSUPP;
110 
111         var.datalen = sizeof(struct plpks_sed_object_data);
112         var.data = (u8 *)&data;
113 
114         /* initialize SED object */
115         data.version = PLPKS_SED_OBJECT_DATA_V0;
116         data.authority = cpu_to_be64(PLPKS_SED_AUTHORITY);
117         data.range = cpu_to_be64(PLPKS_SED_RANGE);
118         memset(&data.pad1, '\0', sizeof(data.pad1));
119         data.key_len = cpu_to_be32(keylen);
120         memcpy(data.key, (char *)key, keylen);
121 
122         /*
123          * Key update requires remove first. The return value
124          * is ignored since it's okay if the key doesn't exist.
125          */
126         vname.namelen = var.namelen;
127         vname.name = var.name;
128         plpks_remove_var(var.component, var.os, vname);
129 
130         return plpks_write_var(var);
131 }
132
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php