From: Srish Srinivasan <ssrish@linux.ibm.com>
To: Andrew Donnellan <ajd@linux.ibm.com>,
linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Cc: maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com,
christophe.leroy@csgroup.eu, naveen@kernel.org,
zohar@linux.ibm.com, nayna@linux.ibm.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/3] powerpc/pseries: Correct secvar format representation for static key management
Date: Wed, 7 May 2025 21:18:44 +0530 [thread overview]
Message-ID: <e80c83a1-77db-452e-8a5d-d435e61bd544@linux.ibm.com> (raw)
In-Reply-To: <24106430db9693f580c3765206257677c10e4375.camel@linux.ibm.com>
On 5/7/25 11:47 AM, Andrew Donnellan wrote:
> On Wed, 2025-05-07 at 00:29 +0530, Srish Srinivasan wrote:
>>>> + rc = plpks_read_fw_var(&var);
>>>> + if (rc) {
>>>> + pr_info("Error %ld reading SB_VERSION from
>>>> firmware\n", rc);
>>> We need to check for -ENOENT, otherwise this message is going to be
>>> printed every time you boot a machine in static mode.
>> Yes, I agree with your concern. I just want to add that, as per my
>> understanding, we need to check for both -ENOENT and -EPERM,
>> as explained below:
>>
>> As per H_PKS_READ_OBJECT semantics described in the PAPR v10.60
>> (https://files.openpower.foundation/s/XFgfMaqLMD5Bcm8),
>>
>> * If the object is not world readable, verify that the consumer
>> password
>> matches the stored value in the hypervisor. Else return H_AUTHORITY.
>> * Verify if the object exists, else return H_NOT_FOUND.
>> * Verify if the policy for the object is met, else return
>> H_AUTHORITY.
>>
>> So, the hypervisor returns H_NOT_FOUND only for the authenticated
>> consumer. For unauthenticated consumers, which is the case here,
>> it would return H_AUTHORITY.
> We expect SB_VERSION to always be world-readable, I think? In which
> case it shouldn't return H_AUTHORITY / -EPERM, ever, and if it does
> that's an error which should be handled as an error. Or am I
> misinterpreting the spec here?
Yes, SB_VERSION is world-readable and should not return H_AUTHORITY in
the case of dynamic key management mode. However, in
the case of static key management mode, when SB_VERSION does not exist,
the hypervisor tries to authenticate the consumer. If the
authentication is successful, H_NOT_FOUND is returned, else H_AUTHORITY
is returned. The intention behind authenticating the
consumer when the object is not found is to ensure that a
non-authenticated consumer is unable to conclude on the absence of
the object. Here, when the kernel tries to read the non-existent
SB_VERSION, it fails the authentication check and therefore,
gets the H_AUTHORITY error code.
>
>
next prev parent reply other threads:[~2025-05-07 15:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 9:03 [PATCH 0/3] Enhancements to the secvar interface in static key management mode Srish Srinivasan
2025-04-30 9:03 ` [PATCH 1/3] powerpc/pseries: Correct secvar format representation for static key management Srish Srinivasan
2025-04-30 15:20 ` Nayna Jain
2025-05-05 8:36 ` Andrew Donnellan
2025-05-06 18:59 ` Srish Srinivasan
2025-05-07 6:17 ` Andrew Donnellan
2025-05-07 15:48 ` Srish Srinivasan [this message]
2025-05-12 9:51 ` Andrew Donnellan
2025-05-12 9:55 ` Andrew Donnellan
2025-05-12 10:16 ` Srish Srinivasan
2025-05-06 19:27 ` Nayna Jain
2025-05-07 6:03 ` Andrew Donnellan
2025-04-30 9:03 ` [PATCH 2/3] powerpc/secvar: Expose secvars relevant to the key management mode Srish Srinivasan
2025-04-30 15:22 ` Nayna Jain
2025-05-05 7:23 ` Andrew Donnellan
2025-05-06 19:00 ` Srish Srinivasan
2025-04-30 9:03 ` [PATCH 3/3] integrity/platform_certs: Allow loading of keys in static " Srish Srinivasan
2025-04-30 15:22 ` Nayna Jain
2025-05-05 7:55 ` Andrew Donnellan
2025-05-06 19:00 ` Srish Srinivasan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e80c83a1-77db-452e-8a5d-d435e61bd544@linux.ibm.com \
--to=ssrish@linux.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=christophe.leroy@csgroup.eu \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=naveen@kernel.org \
--cc=nayna@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.