From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFC23C3A59E for ; Wed, 21 Aug 2019 16:46:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B2EF72339E for ; Wed, 21 Aug 2019 16:46:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1566406004; bh=WQ2BlRv9mAl/kq+zQd+AH1qq87Y+Uvy3hDKIZvT8V28=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=fkQtb13laD8JJI30MfKRS1b/c/4fA++o29QSEb4da4jEmlcOkTakUlTym3LqEqthP tIgE6ahG30w6d3sXKgREc/H2XbkVnAUIZAS4uHTIK2lCRItm/MjZHl4HrJY3hAdrMO asmNo1juSwDFKUb9M3iC9oCayO1nlKWDn/sAbVmk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729197AbfHUQqo (ORCPT ); Wed, 21 Aug 2019 12:46:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:59620 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727862AbfHUQqo (ORCPT ); Wed, 21 Aug 2019 12:46:44 -0400 Received: from localhost (wsip-184-188-36-2.sd.sd.cox.net [184.188.36.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3487D22D6D; Wed, 21 Aug 2019 16:46:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1566406003; bh=WQ2BlRv9mAl/kq+zQd+AH1qq87Y+Uvy3hDKIZvT8V28=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=V+bfxgzitOAgmD3JoQz1FwTEvVsSra+bN8CblJi8UOvJ1nxyg0FOHGtPtAo758uIN b0c1KihRa1iKO2CDB3W4YkzKzYugI9s0tXhUxYuWu8tkx5bHWcqAyWfxUaerqSwdWL DwkJKMGD+XsH0HINst1IbsxbD8j3b5Ykc9ZEMbqg= Date: Wed, 21 Aug 2019 09:32:24 -0700 From: Greg Kroah-Hartman To: Nayna Jain Cc: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Mimi Zohar , Claudio Carvalho , George Wilson , Elaine Palmer , Eric Ricther , Oliver O'Halloran Subject: Re: [PATCH v2 4/4] powerpc: load firmware trusted keys into kernel keyring Message-ID: <20190821163224.GC28571@kroah.com> References: <1566400103-18201-1-git-send-email-nayna@linux.ibm.com> <1566400103-18201-5-git-send-email-nayna@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1566400103-18201-5-git-send-email-nayna@linux.ibm.com> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org On Wed, Aug 21, 2019 at 11:08:23AM -0400, Nayna Jain wrote: > The keys used to verify the Host OS kernel are managed by OPAL as secure > variables. This patch loads the verification keys into the .platform > keyring and revocation keys into .blacklist keyring. This enables > verification and loading of the kernels signed by the boot time keys which > are trusted by firmware. > > Signed-off-by: Nayna Jain > --- > security/integrity/Kconfig | 9 ++ > security/integrity/Makefile | 3 + > .../integrity/platform_certs/load_powerpc.c | 94 +++++++++++++++++++ > 3 files changed, 106 insertions(+) > create mode 100644 security/integrity/platform_certs/load_powerpc.c > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index 0bae6adb63a9..2b4109c157e2 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -72,6 +72,15 @@ config LOAD_IPL_KEYS > depends on S390 > def_bool y > > +config LOAD_PPC_KEYS > + bool "Enable loading of platform and revocation keys for POWER" > + depends on INTEGRITY_PLATFORM_KEYRING > + depends on PPC_SECURE_BOOT > + def_bool y def_bool y only for things that the system will not boot if it is not enabled because you added a new feature. Otherwise just do not set the default. > + help > + Enable loading of db keys to the .platform keyring and dbx keys to > + the .blacklist keyring for powerpc based platforms. > + > config INTEGRITY_AUDIT > bool "Enables integrity auditing support " > depends on AUDIT > diff --git a/security/integrity/Makefile b/security/integrity/Makefile > index 525bf1d6e0db..9eeb6b053de3 100644 > --- a/security/integrity/Makefile > +++ b/security/integrity/Makefile > @@ -14,6 +14,9 @@ integrity-$(CONFIG_LOAD_UEFI_KEYS) += platform_certs/efi_parser.o \ > platform_certs/load_uefi.o \ > platform_certs/keyring_handler.o > integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o > +integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \ > + platform_certs/load_powerpc.o \ > + platform_certs/keyring_handler.o > $(obj)/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar > subdir-$(CONFIG_IMA) += ima > diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c > new file mode 100644 > index 000000000000..f4d869171062 > --- /dev/null > +++ b/security/integrity/platform_certs/load_powerpc.c > @@ -0,0 +1,94 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (C) 2019 IBM Corporation > + * Author: Nayna Jain > + * > + * load_powernv.c That's not the name of this file :( And the perfect example of why you NEVER have the name of the file in the file itself, as it's not needed and easy to get wrong :) thanks, greg k-h From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.1 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A608C3A59E for ; Wed, 21 Aug 2019 16:49:59 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9183122D6D for ; Wed, 21 Aug 2019 16:49:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="V+bfxgzi" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9183122D6D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46DDD41XknzDqwh for ; Thu, 22 Aug 2019 02:49:56 +1000 (AEST) Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46DD8T3r7KzDqXl for ; Thu, 22 Aug 2019 02:46:49 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="V+bfxgzi"; dkim-atps=neutral Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) by bilbo.ozlabs.org (Postfix) with ESMTP id 46DD8R75MYz8tQW for ; Thu, 22 Aug 2019 02:46:47 +1000 (AEST) Received: by ozlabs.org (Postfix) id 46DD8R6NWYz9sN1; Thu, 22 Aug 2019 02:46:47 +1000 (AEST) Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linuxfoundation.org (client-ip=198.145.29.99; helo=mail.kernel.org; envelope-from=gregkh@linuxfoundation.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="V+bfxgzi"; dkim-atps=neutral Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46DD8R29Gnz9sBp; Thu, 22 Aug 2019 02:46:45 +1000 (AEST) Received: from localhost (wsip-184-188-36-2.sd.sd.cox.net [184.188.36.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3487D22D6D; Wed, 21 Aug 2019 16:46:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1566406003; bh=WQ2BlRv9mAl/kq+zQd+AH1qq87Y+Uvy3hDKIZvT8V28=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=V+bfxgzitOAgmD3JoQz1FwTEvVsSra+bN8CblJi8UOvJ1nxyg0FOHGtPtAo758uIN b0c1KihRa1iKO2CDB3W4YkzKzYugI9s0tXhUxYuWu8tkx5bHWcqAyWfxUaerqSwdWL DwkJKMGD+XsH0HINst1IbsxbD8j3b5Ykc9ZEMbqg= Date: Wed, 21 Aug 2019 09:32:24 -0700 From: Greg Kroah-Hartman To: Nayna Jain Subject: Re: [PATCH v2 4/4] powerpc: load firmware trusted keys into kernel keyring Message-ID: <20190821163224.GC28571@kroah.com> References: <1566400103-18201-1-git-send-email-nayna@linux.ibm.com> <1566400103-18201-5-git-send-email-nayna@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1566400103-18201-5-git-send-email-nayna@linux.ibm.com> User-Agent: Mutt/1.12.1 (2019-06-15) X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Eric Ricther , linux-kernel@vger.kernel.org, Mimi Zohar , Claudio Carvalho , Matthew Garret , linuxppc-dev@ozlabs.org, Paul Mackerras , Jeremy Kerr , Elaine Palmer , Oliver O'Halloran , linux-integrity@vger.kernel.org, George Wilson Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Wed, Aug 21, 2019 at 11:08:23AM -0400, Nayna Jain wrote: > The keys used to verify the Host OS kernel are managed by OPAL as secure > variables. This patch loads the verification keys into the .platform > keyring and revocation keys into .blacklist keyring. This enables > verification and loading of the kernels signed by the boot time keys which > are trusted by firmware. > > Signed-off-by: Nayna Jain > --- > security/integrity/Kconfig | 9 ++ > security/integrity/Makefile | 3 + > .../integrity/platform_certs/load_powerpc.c | 94 +++++++++++++++++++ > 3 files changed, 106 insertions(+) > create mode 100644 security/integrity/platform_certs/load_powerpc.c > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index 0bae6adb63a9..2b4109c157e2 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -72,6 +72,15 @@ config LOAD_IPL_KEYS > depends on S390 > def_bool y > > +config LOAD_PPC_KEYS > + bool "Enable loading of platform and revocation keys for POWER" > + depends on INTEGRITY_PLATFORM_KEYRING > + depends on PPC_SECURE_BOOT > + def_bool y def_bool y only for things that the system will not boot if it is not enabled because you added a new feature. Otherwise just do not set the default. > + help > + Enable loading of db keys to the .platform keyring and dbx keys to > + the .blacklist keyring for powerpc based platforms. > + > config INTEGRITY_AUDIT > bool "Enables integrity auditing support " > depends on AUDIT > diff --git a/security/integrity/Makefile b/security/integrity/Makefile > index 525bf1d6e0db..9eeb6b053de3 100644 > --- a/security/integrity/Makefile > +++ b/security/integrity/Makefile > @@ -14,6 +14,9 @@ integrity-$(CONFIG_LOAD_UEFI_KEYS) += platform_certs/efi_parser.o \ > platform_certs/load_uefi.o \ > platform_certs/keyring_handler.o > integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o > +integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \ > + platform_certs/load_powerpc.o \ > + platform_certs/keyring_handler.o > $(obj)/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar > subdir-$(CONFIG_IMA) += ima > diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c > new file mode 100644 > index 000000000000..f4d869171062 > --- /dev/null > +++ b/security/integrity/platform_certs/load_powerpc.c > @@ -0,0 +1,94 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (C) 2019 IBM Corporation > + * Author: Nayna Jain > + * > + * load_powernv.c That's not the name of this file :( And the perfect example of why you NEVER have the name of the file in the file itself, as it's not needed and easy to get wrong :) thanks, greg k-h