From: Steffen Eiden <seiden@linux.ibm.com>
To: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Ingo Franzki <ifranzki@linux.ibm.com>,
Harald Freudenberger <freude@linux.ibm.com>,
Christoph Schlameuss <schlameuss@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>
Subject: [PATCH v1 0/6] s390/uv: Retrieve Secrets Ultravisor Call support
Date: Mon, 30 Sep 2024 15:19:03 +0200 [thread overview]
Message-ID: <20240930131909.2079965-1-seiden@linux.ibm.com> (raw)
A new secret type (group) allows SE-guests to retrieve the secret value
from the UV secret store. All retrieved secrets (but plaintext) are
retrieved as a PCMKO-wrapped key so that they will never appear in
plaintext in the secure guest. Supported key/secret types are:
AES, AES-XTS, HMAC, and EC. Add support for an in-kernel API and an UAPI
to retrieve a previously added secret. If the Hardware supports it,
adding secrets works with the same infrastructure that is used by
associate secrets introduced with AP-pass-through support.
With this addition List Secret UVCs can report more-data now and may
expect a starting index different to zero. This requires the addition of
LIST_SECRET_EXT IOCTL that works the same as the non_EXT variant but
additionally accepts an index (u16) as input.
Steffen Eiden (6):
s390/boot/uv.c: Use a constant for more-data rc
s390/uv: Retrieve UV secrets support
s390/uvdevice: Add Retrieve Secret IOCTL
s390/uvdevice: Increase indent in IOCTL definitions
s390/uvdevice: Add List Secrets Ext IOCTL
s390/uv: Retrieve UV secrets sysfs support
arch/s390/boot/uv.c | 7 +-
arch/s390/include/asm/uv.h | 140 +++++++++++++++++++++++-
arch/s390/include/uapi/asm/uvdevice.h | 34 +++---
arch/s390/kernel/uv.c | 148 ++++++++++++++++++++++++-
drivers/s390/char/uvdevice.c | 152 +++++++++++++++++++++-----
5 files changed, 435 insertions(+), 46 deletions(-)
--
2.43.0
next reply other threads:[~2024-09-30 13:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-30 13:19 Steffen Eiden [this message]
2024-09-30 13:19 ` [PATCH v1 1/6] s390/boot/uv.c: Use a constant for more-data rc Steffen Eiden
2024-10-01 12:10 ` Claudio Imbrenda
2024-10-01 13:56 ` Janosch Frank
2024-09-30 13:19 ` [PATCH v1 2/6] s390/uv: Retrieve UV secrets support Steffen Eiden
2024-10-01 16:06 ` Christoph Schlameuss
2024-10-02 7:51 ` Janosch Frank
2024-09-30 13:19 ` [PATCH v1 3/6] s390/uvdevice: Add Retrieve Secret IOCTL Steffen Eiden
2024-10-01 16:09 ` Christoph Schlameuss
2024-09-30 13:19 ` [PATCH v1 4/6] s390/uvdevice: Increase indent in IOCTL definitions Steffen Eiden
2024-09-30 13:19 ` [PATCH v1 5/6] s390/uvdevice: Add List Secrets Ext IOCTL Steffen Eiden
2024-10-01 16:19 ` Christoph Schlameuss
2024-09-30 13:19 ` [PATCH v1 6/6] s390/uv: Retrieve UV secrets sysfs support Steffen Eiden
2024-10-01 17:42 ` Christoph Schlameuss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240930131909.2079965-1-seiden@linux.ibm.com \
--to=seiden@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=ifranzki@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=schlameuss@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.