* [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation
@ 2023-11-21 17:23 Marc Hartmayer
2024-01-09 13:27 ` Marc Hartmayer
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Marc Hartmayer @ 2023-11-21 17:23 UTC (permalink / raw)
To: Janosch Frank, Claudio Imbrenda, Nico Boehr, Thomas Huth; +Cc: kvm, linux-s390
Changes:
+ merge Makefile rules for the generation of the Secure Execution boot
image
+ fix `parmfile` dependency for the `selftest.pv.bin` target
+ rename `genprotimg_pcf` to `GENPROTIMG_PCF` to match the coding style
in the file
+ always provide a customer communication key - not only for the
confidential dump case. Makes the code little easier and doesn't hurt.
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
---
s390x/Makefile | 40 +++++++++++++++++-----------------------
1 file changed, 17 insertions(+), 23 deletions(-)
diff --git a/s390x/Makefile b/s390x/Makefile
index f79fd0098312..be89d8de1cba 100644
--- a/s390x/Makefile
+++ b/s390x/Makefile
@@ -194,33 +194,27 @@ $(comm-key):
%.bin: %.elf
$(OBJCOPY) -O binary $< $@
-# Will only be filled when dump has been enabled
-GENPROTIMG_COMM_KEY =
-# allow PCKMO
-genprotimg_pcf = 0x000000e0
-
-ifeq ($(CONFIG_DUMP),yes)
- # The genprotimg arguments for the cck changed over time so we need to
- # figure out which argument to use in order to set the cck
- GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
- ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
- GENPROTIMG_COMM_KEY = --comm-key $(comm-key)
- else
- GENPROTIMG_COMM_KEY = --x-comm-key $(comm-key)
- endif
-
- # allow dumping + PCKMO
- genprotimg_pcf = 0x200000e0
+# The genprotimg arguments for the cck changed over time so we need to
+# figure out which argument to use in order to set the cck
+GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
+ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
+ GENPROTIMG_COMM_OPTION := --comm-key
+else
+ GENPROTIMG_COMM_OPTION := --x-comm-key
endif
-# use x-pcf to be compatible with old genprotimg versions
-genprotimg_args = --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_KEY) --x-pcf $(genprotimg_pcf)
-
-%selftest.pv.bin: %selftest.bin $(HOST_KEY_DOCUMENT) $(patsubst %.pv.bin,%.parmfile,$@) $(comm-key)
- $(GENPROTIMG) $(genprotimg_args) --parmfile $(patsubst %.pv.bin,%.parmfile,$@) --image $< -o $@
+ifeq ($(CONFIG_DUMP),yes)
+ # allow dumping + PCKMO
+ GENPROTIMG_PCF := 0x200000e0
+else
+ # allow PCKMO
+ GENPROTIMG_PCF := 0x000000e0
+endif
+$(patsubst %.parmfile,%.pv.bin,$(wildcard s390x/*.parmfile)): %.pv.bin: %.parmfile
%.pv.bin: %.bin $(HOST_KEY_DOCUMENT) $(comm-key)
- $(GENPROTIMG) $(genprotimg_args) --image $< -o $@
+ $(eval parmfile_args = $(if $(filter %.parmfile,$^),--parmfile $(filter %.parmfile,$^),))
+ $(GENPROTIMG) --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_OPTION) $(comm-key) --x-pcf $(GENPROTIMG_PCF) $(parmfile_args) --image $(filter %.bin,$^) -o $@
$(snippet_asmlib): $$(patsubst %.o,%.S,$$@) $(asm-offsets)
$(CC) $(CFLAGS) -c -nostdlib -o $@ $<
base-commit: d0891021d5ad244c99290b4515152a1f997a9404
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation
2023-11-21 17:23 [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation Marc Hartmayer
@ 2024-01-09 13:27 ` Marc Hartmayer
2024-01-09 14:59 ` Steffen Eiden
2024-01-10 10:44 ` Janosch Frank
2 siblings, 0 replies; 5+ messages in thread
From: Marc Hartmayer @ 2024-01-09 13:27 UTC (permalink / raw)
To: Janosch Frank, Claudio Imbrenda, Nico Boehr, Thomas Huth; +Cc: kvm, linux-s390
On Tue, Nov 21, 2023 at 06:23 PM +0100, Marc Hartmayer <mhartmay@linux.ibm.com> wrote:
> Changes:
> + merge Makefile rules for the generation of the Secure Execution boot
> image
> + fix `parmfile` dependency for the `selftest.pv.bin` target
> + rename `genprotimg_pcf` to `GENPROTIMG_PCF` to match the coding style
> in the file
> + always provide a customer communication key - not only for the
> confidential dump case. Makes the code little easier and doesn't hurt.
>
> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
> ---
> s390x/Makefile | 40 +++++++++++++++++-----------------------
> 1 file changed, 17 insertions(+), 23 deletions(-)
>
> diff --git a/s390x/Makefile b/s390x/Makefile
> index f79fd0098312..be89d8de1cba 100644
> --- a/s390x/Makefile
> +++ b/s390x/Makefile
> @@ -194,33 +194,27 @@ $(comm-key):
> %.bin: %.elf
> $(OBJCOPY) -O binary $< $@
>
> -# Will only be filled when dump has been enabled
> -GENPROTIMG_COMM_KEY =
> -# allow PCKMO
> -genprotimg_pcf = 0x000000e0
> -
> -ifeq ($(CONFIG_DUMP),yes)
> - # The genprotimg arguments for the cck changed over time so we need to
> - # figure out which argument to use in order to set the cck
> - GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
> - ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
> - GENPROTIMG_COMM_KEY = --comm-key $(comm-key)
> - else
> - GENPROTIMG_COMM_KEY = --x-comm-key $(comm-key)
> - endif
> -
> - # allow dumping + PCKMO
> - genprotimg_pcf = 0x200000e0
> +# The genprotimg arguments for the cck changed over time so we need to
> +# figure out which argument to use in order to set the cck
> +GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
> +ifeq ($(GENPROTIMG_HAS_COMM_KEY),yes)
> + GENPROTIMG_COMM_OPTION := --comm-key
> +else
> + GENPROTIMG_COMM_OPTION := --x-comm-key
> endif
>
> -# use x-pcf to be compatible with old genprotimg versions
> -genprotimg_args = --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_KEY) --x-pcf $(genprotimg_pcf)
> -
> -%selftest.pv.bin: %selftest.bin $(HOST_KEY_DOCUMENT) $(patsubst %.pv.bin,%.parmfile,$@) $(comm-key)
> - $(GENPROTIMG) $(genprotimg_args) --parmfile $(patsubst %.pv.bin,%.parmfile,$@) --image $< -o $@
> +ifeq ($(CONFIG_DUMP),yes)
> + # allow dumping + PCKMO
> + GENPROTIMG_PCF := 0x200000e0
> +else
> + # allow PCKMO
> + GENPROTIMG_PCF := 0x000000e0
> +endif
>
> +$(patsubst %.parmfile,%.pv.bin,$(wildcard s390x/*.parmfile)): %.pv.bin: %.parmfile
> %.pv.bin: %.bin $(HOST_KEY_DOCUMENT) $(comm-key)
> - $(GENPROTIMG) $(genprotimg_args) --image $< -o $@
> + $(eval parmfile_args = $(if $(filter %.parmfile,$^),--parmfile $(filter %.parmfile,$^),))
> + $(GENPROTIMG) --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_OPTION) $(comm-key) --x-pcf $(GENPROTIMG_PCF) $(parmfile_args) --image $(filter %.bin,$^) -o $@
>
> $(snippet_asmlib): $$(patsubst %.o,%.S,$$@) $(asm-offsets)
> $(CC) $(CFLAGS) -c -nostdlib -o $@ $<
>
> base-commit: d0891021d5ad244c99290b4515152a1f997a9404
> --
> 2.34.1
>
>
Polite ping.
--
Kind regards / Beste Grüße
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation
2023-11-21 17:23 [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation Marc Hartmayer
2024-01-09 13:27 ` Marc Hartmayer
@ 2024-01-09 14:59 ` Steffen Eiden
2024-01-10 10:44 ` Janosch Frank
2 siblings, 0 replies; 5+ messages in thread
From: Steffen Eiden @ 2024-01-09 14:59 UTC (permalink / raw)
To: mhartmay; +Cc: frankja, imbrenda, kvm, linux-s390, nrb, thuth
LGTM.
> Changes:
> + merge Makefile rules for the generation of the Secure Execution boot
> image
> + fix `parmfile` dependency for the `selftest.pv.bin` target
> + rename `genprotimg_pcf` to `GENPROTIMG_PCF` to match the coding style
> in the file
> + always provide a customer communication key - not only for the
> confidential dump case. Makes the code little easier and doesn't hurt.
>
> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
> ---
> s390x/Makefile | 40 +++++++++++++++++-----------------------
> 1 file changed, 17 insertions(+), 23 deletions(-)
[...]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation
2023-11-21 17:23 [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation Marc Hartmayer
2024-01-09 13:27 ` Marc Hartmayer
2024-01-09 14:59 ` Steffen Eiden
@ 2024-01-10 10:44 ` Janosch Frank
2024-01-10 16:23 ` Marc Hartmayer
2 siblings, 1 reply; 5+ messages in thread
From: Janosch Frank @ 2024-01-10 10:44 UTC (permalink / raw)
To: Marc Hartmayer, Claudio Imbrenda, Nico Boehr, Thomas Huth; +Cc: kvm, linux-s390
On 11/21/23 18:23, Marc Hartmayer wrote:
> Changes:
> + merge Makefile rules for the generation of the Secure Execution boot
> image
> + fix `parmfile` dependency for the `selftest.pv.bin` target
> + rename `genprotimg_pcf` to `GENPROTIMG_PCF` to match the coding style
> in the file
> + always provide a customer communication key - not only for the
> confidential dump case. Makes the code little easier and doesn't hurt.
>
> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Thanks, I've pushed this to devel for CI coverage
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation
2024-01-10 10:44 ` Janosch Frank
@ 2024-01-10 16:23 ` Marc Hartmayer
0 siblings, 0 replies; 5+ messages in thread
From: Marc Hartmayer @ 2024-01-10 16:23 UTC (permalink / raw)
To: Janosch Frank, Claudio Imbrenda, Nico Boehr, Thomas Huth; +Cc: kvm, linux-s390
On Wed, Jan 10, 2024 at 11:44 AM +0100, Janosch Frank <frankja@linux.ibm.com> wrote:
> On 11/21/23 18:23, Marc Hartmayer wrote:
>> Changes:
>> + merge Makefile rules for the generation of the Secure Execution boot
>> image
>> + fix `parmfile` dependency for the `selftest.pv.bin` target
>> + rename `genprotimg_pcf` to `GENPROTIMG_PCF` to match the coding style
>> in the file
>> + always provide a customer communication key - not only for the
>> confidential dump case. Makes the code little easier and doesn't hurt.
>>
>> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
>
> Thanks, I've pushed this to devel for CI coverage
>
>
Thanks.
--
Kind regards / Beste Grüße
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Wolfgang Wendt
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-10 16:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-21 17:23 [kvm-unit-tests PATCH v1] s390x/Makefile: simplify Secure Execution boot image generation Marc Hartmayer
2024-01-09 13:27 ` Marc Hartmayer
2024-01-09 14:59 ` Steffen Eiden
2024-01-10 10:44 ` Janosch Frank
2024-01-10 16:23 ` Marc Hartmayer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).