* [PATCH v3 0/2] s390/uv: Provide host-key hashes in sysfs @ 2024-10-15 11:39 Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 1/2] s390/uv: Refactor uv-sysfs creation Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden 0 siblings, 2 replies; 4+ messages in thread From: Steffen Eiden @ 2024-10-15 11:39 UTC (permalink / raw) To: linux-kernel, linux-s390 Cc: Ingo Franzki, Harald Freudenberger, Christoph Schlameuss, Janosch Frank, Claudio Imbrenda List the installed host-keys in the sysfs if the machine supports the Query Ultravisor Keys UVC. As of now, two types of host-keys are available: The used/primary host key, and the backup host-key both hastes are available in a sysfs file. For forwards compatibility an `all` file is also available that displays the whole payload (15*32 bytes) and therefore future key hashes. Sice v2: * add rb from Janosch (& fix nits) * slightly refactor sysfs directory creation (Heiko) Since v1: * add r-b's from Janoch & Christoph * fix minor issues (Janosch) * remove an unnecessary UVC availability-check in uv_query_keys -> remove Christoph's r-b from patch 2 Steffen Eiden (2): s390/uv: Refactor uv-sysfs creation s390/uv: Provide host-key hashes in sysfs arch/s390/include/asm/uv.h | 17 ++++++ arch/s390/kernel/uv.c | 103 +++++++++++++++++++++++++++++++++---- 2 files changed, 110 insertions(+), 10 deletions(-) -- 2.43.0 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v3 1/2] s390/uv: Refactor uv-sysfs creation 2024-10-15 11:39 [PATCH v3 0/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden @ 2024-10-15 11:39 ` Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden 1 sibling, 0 replies; 4+ messages in thread From: Steffen Eiden @ 2024-10-15 11:39 UTC (permalink / raw) To: linux-kernel, linux-s390 Cc: Ingo Franzki, Harald Freudenberger, Christoph Schlameuss, Janosch Frank, Claudio Imbrenda Streamline the sysfs generation to make it more extensible. Add a function to create a sysfs entry in the uv-sysfs dir. Use this function for the query directory. Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Christoph Schlameuss <schlameuss@linux.ibm.com> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com> --- arch/s390/kernel/uv.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c index 9646f773208a..ba514b9dca6a 100644 --- a/arch/s390/kernel/uv.c +++ b/arch/s390/kernel/uv.c @@ -753,7 +753,24 @@ static const struct attribute *uv_prot_virt_attrs[] = { static struct kset *uv_query_kset; static struct kobject *uv_kobj; -static int __init uv_info_init(void) +static int __init uv_sysfs_dir_init(const struct attribute_group *grp, + struct kset **uv_dir_kset, const char *name) +{ + struct kset *kset; + int rc; + + kset = kset_create_and_add(name, NULL, uv_kobj); + if (!kset) + return -ENOMEM; + *uv_dir_kset = kset; + + rc = sysfs_create_group(&kset->kobj, grp); + if (rc) + kset_unregister(kset); + return rc; +} + +static int __init uv_sysfs_init(void) { int rc = -ENOMEM; @@ -768,17 +785,12 @@ static int __init uv_info_init(void) if (rc) goto out_kobj; - uv_query_kset = kset_create_and_add("query", NULL, uv_kobj); - if (!uv_query_kset) { - rc = -ENOMEM; + rc = uv_sysfs_dir_init(&uv_query_attr_group, &uv_query_kset, "query"); + if (rc) goto out_ind_files; - } - rc = sysfs_create_group(&uv_query_kset->kobj, &uv_query_attr_group); - if (!rc) - return 0; + return 0; - kset_unregister(uv_query_kset); out_ind_files: sysfs_remove_files(uv_kobj, uv_prot_virt_attrs); out_kobj: @@ -786,4 +798,4 @@ static int __init uv_info_init(void) kobject_put(uv_kobj); return rc; } -device_initcall(uv_info_init); +device_initcall(uv_sysfs_init); -- 2.43.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs 2024-10-15 11:39 [PATCH v3 0/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 1/2] s390/uv: Refactor uv-sysfs creation Steffen Eiden @ 2024-10-15 11:39 ` Steffen Eiden 2024-10-23 7:55 ` Steffen Eiden 1 sibling, 1 reply; 4+ messages in thread From: Steffen Eiden @ 2024-10-15 11:39 UTC (permalink / raw) To: linux-kernel, linux-s390 Cc: Ingo Franzki, Harald Freudenberger, Christoph Schlameuss, Janosch Frank, Claudio Imbrenda Utilize the new Query Ultravisor Keys UVC to give user space the information which host-keys are installed on the system. Create a new sysfs directory 'firmware/uv/keys' that contains the hash of the host-key and the backup host-key of that system. Additionally, the file 'all' contains the response from the UVC possibly containing more key-hashes than currently known. Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com> --- arch/s390/include/asm/uv.h | 17 +++++++++ arch/s390/kernel/uv.c | 71 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h index 153d93468b77..6dab9757419b 100644 --- a/arch/s390/include/asm/uv.h +++ b/arch/s390/include/asm/uv.h @@ -31,6 +31,7 @@ #define UVC_RC_NEED_DESTROY 0x8000 #define UVC_CMD_QUI 0x0001 +#define UVC_CMD_QUERY_KEYS 0x0002 #define UVC_CMD_INIT_UV 0x000f #define UVC_CMD_CREATE_SEC_CONF 0x0100 #define UVC_CMD_DESTROY_SEC_CONF 0x0101 @@ -94,6 +95,7 @@ enum uv_cmds_inst { BIT_UVC_CMD_ADD_SECRET = 29, BIT_UVC_CMD_LIST_SECRETS = 30, BIT_UVC_CMD_LOCK_SECRETS = 31, + BIT_UVC_CMD_QUERY_KEYS = 34, }; enum uv_feat_ind { @@ -145,6 +147,21 @@ struct uv_cb_qui { u8 reserved112[0x120 - 0x112]; /* 0x0112 */ } __packed __aligned(8); +struct uv_key_hash { + u64 dword[4]; +} __packed __aligned(8); + +#define UVC_QUERY_KEYS_IDX_HK 0 +#define UVC_QUERY_KEYS_IDX_BACK_HK 1 + +/* Query Ultravisor Keys */ +struct uv_cb_query_keys { + struct uv_cb_header header; /* 0x0000 */ + u64 reserved08[3]; /* 0x0008 */ + struct uv_key_hash key_hashes[15]; /* 0x0020 */ +} __packed __aligned(8); +static_assert(sizeof(struct uv_cb_query_keys) == 0x200); + /* Initialize Ultravisor */ struct uv_cb_init { struct uv_cb_header header; diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c index ba514b9dca6a..3c74e6179cdc 100644 --- a/arch/s390/kernel/uv.c +++ b/arch/s390/kernel/uv.c @@ -722,10 +722,76 @@ static struct attribute *uv_query_attrs[] = { NULL, }; +static inline struct uv_cb_query_keys uv_query_keys(void) +{ + struct uv_cb_query_keys uvcb = { + .header.cmd = UVC_CMD_QUERY_KEYS, + .header.len = sizeof(uvcb) + }; + + uv_call(0, (uint64_t)&uvcb); + return uvcb; +} + +static inline ssize_t emit_hash(struct uv_key_hash *hash, char *buf, int at) +{ + return sysfs_emit_at(buf, at, "%016llx%016llx%016llx%016llx\n", + hash->dword[0], hash->dword[1], hash->dword[2], hash->dword[3]); +} + +static ssize_t uv_keys_host_key(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + + return emit_hash(&uvcb.key_hashes[UVC_QUERY_KEYS_IDX_HK], buf, 0); +} + +static struct kobj_attribute uv_keys_host_key_attr = + __ATTR(host_key, 0444, uv_keys_host_key, NULL); + +static ssize_t uv_keys_backup_host_key(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + + return emit_hash(&uvcb.key_hashes[UVC_QUERY_KEYS_IDX_BACK_HK], buf, 0); +} + +static struct kobj_attribute uv_keys_backup_host_key_attr = + __ATTR(backup_host_key, 0444, uv_keys_backup_host_key, NULL); + +static ssize_t uv_keys_all(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + ssize_t len = 0; + int i; + + for (i = 0; i < ARRAY_SIZE(uvcb.key_hashes); i++) + len += emit_hash(uvcb.key_hashes + i, buf, len); + + return len; +} + +static struct kobj_attribute uv_keys_all_attr = + __ATTR(all, 0444, uv_keys_all, NULL); + static struct attribute_group uv_query_attr_group = { .attrs = uv_query_attrs, }; +static struct attribute *uv_keys_attrs[] = { + &uv_keys_host_key_attr.attr, + &uv_keys_backup_host_key_attr.attr, + &uv_keys_all_attr.attr, + NULL, +}; + +static struct attribute_group uv_keys_attr_group = { + .attrs = uv_keys_attrs, +}; + static ssize_t uv_is_prot_virt_guest(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -751,6 +817,7 @@ static const struct attribute *uv_prot_virt_attrs[] = { }; static struct kset *uv_query_kset; +static struct kset *uv_keys_kset; static struct kobject *uv_kobj; static int __init uv_sysfs_dir_init(const struct attribute_group *grp, @@ -789,6 +856,10 @@ static int __init uv_sysfs_init(void) if (rc) goto out_ind_files; + /* Get installed key hashes if available, ignore any errors */ + if (test_bit_inv(BIT_UVC_CMD_QUERY_KEYS, uv_info.inst_calls_list)) + uv_sysfs_dir_init(&uv_keys_attr_group, &uv_keys_kset, "keys"); + return 0; out_ind_files: -- 2.43.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs 2024-10-15 11:39 ` [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden @ 2024-10-23 7:55 ` Steffen Eiden 0 siblings, 0 replies; 4+ messages in thread From: Steffen Eiden @ 2024-10-23 7:55 UTC (permalink / raw) To: frankja Cc: seiden, freude, ifranzki, imbrenda, linux-kernel, linux-s390, schlameuss Utilize the new Query Ultravisor Keys UVC to give user space the information which host-keys are installed on the system. Create a new sysfs directory 'firmware/uv/keys' that contains the hash of the host-key and the backup host-key of that system. Additionally, the file 'all' contains the response from the UVC possibly containing more key-hashes than currently known. Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com> --- arch/s390/include/asm/uv.h | 17 +++++++++ arch/s390/kernel/uv.c | 71 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h index 153d93468b77..cce2568cfadd 100644 --- a/arch/s390/include/asm/uv.h +++ b/arch/s390/include/asm/uv.h @@ -31,6 +31,7 @@ #define UVC_RC_NEED_DESTROY 0x8000 #define UVC_CMD_QUI 0x0001 +#define UVC_CMD_QUERY_KEYS 0x0002 #define UVC_CMD_INIT_UV 0x000f #define UVC_CMD_CREATE_SEC_CONF 0x0100 #define UVC_CMD_DESTROY_SEC_CONF 0x0101 @@ -94,6 +95,7 @@ enum uv_cmds_inst { BIT_UVC_CMD_ADD_SECRET = 29, BIT_UVC_CMD_LIST_SECRETS = 30, BIT_UVC_CMD_LOCK_SECRETS = 31, + BIT_UVC_CMD_QUERY_KEYS = 34, }; enum uv_feat_ind { @@ -145,6 +147,21 @@ struct uv_cb_qui { u8 reserved112[0x120 - 0x112]; /* 0x0112 */ } __packed __aligned(8); +struct uv_key_hash { + u64 dword[4]; +} __packed __aligned(8); + +#define UVC_QUERY_KEYS_IDX_HK 0 +#define UVC_QUERY_KEYS_IDX_BACK_HK 1 + +/* Query Ultravisor Keys */ +struct uv_cb_query_keys { + struct uv_cb_header header; /* 0x0000 */ + u64 reserved08[3]; /* 0x0008 */ + struct uv_key_hash key_hashes[15]; /* 0x0020 */ +} __packed __aligned(8); +static_assert(sizeof(struct uv_cb_query_keys) == 0x200); + /* Initialize Ultravisor */ struct uv_cb_init { struct uv_cb_header header; diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c index ba514b9dca6a..3c74e6179cdc 100644 --- a/arch/s390/kernel/uv.c +++ b/arch/s390/kernel/uv.c @@ -722,10 +722,76 @@ static struct attribute *uv_query_attrs[] = { NULL, }; +static inline struct uv_cb_query_keys uv_query_keys(void) +{ + struct uv_cb_query_keys uvcb = { + .header.cmd = UVC_CMD_QUERY_KEYS, + .header.len = sizeof(uvcb) + }; + + uv_call(0, (uint64_t)&uvcb); + return uvcb; +} + +static inline ssize_t emit_hash(struct uv_key_hash *hash, char *buf, int at) +{ + return sysfs_emit_at(buf, at, "%016llx%016llx%016llx%016llx\n", + hash->dword[0], hash->dword[1], hash->dword[2], hash->dword[3]); +} + +static ssize_t uv_keys_host_key(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + + return emit_hash(&uvcb.key_hashes[UVC_QUERY_KEYS_IDX_HK], buf, 0); +} + +static struct kobj_attribute uv_keys_host_key_attr = + __ATTR(host_key, 0444, uv_keys_host_key, NULL); + +static ssize_t uv_keys_backup_host_key(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + + return emit_hash(&uvcb.key_hashes[UVC_QUERY_KEYS_IDX_BACK_HK], buf, 0); +} + +static struct kobj_attribute uv_keys_backup_host_key_attr = + __ATTR(backup_host_key, 0444, uv_keys_backup_host_key, NULL); + +static ssize_t uv_keys_all(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + struct uv_cb_query_keys uvcb = uv_query_keys(); + ssize_t len = 0; + int i; + + for (i = 0; i < ARRAY_SIZE(uvcb.key_hashes); i++) + len += emit_hash(uvcb.key_hashes + i, buf, len); + + return len; +} + +static struct kobj_attribute uv_keys_all_attr = + __ATTR(all, 0444, uv_keys_all, NULL); + static struct attribute_group uv_query_attr_group = { .attrs = uv_query_attrs, }; +static struct attribute *uv_keys_attrs[] = { + &uv_keys_host_key_attr.attr, + &uv_keys_backup_host_key_attr.attr, + &uv_keys_all_attr.attr, + NULL, +}; + +static struct attribute_group uv_keys_attr_group = { + .attrs = uv_keys_attrs, +}; + static ssize_t uv_is_prot_virt_guest(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -751,6 +817,7 @@ static const struct attribute *uv_prot_virt_attrs[] = { }; static struct kset *uv_query_kset; +static struct kset *uv_keys_kset; static struct kobject *uv_kobj; static int __init uv_sysfs_dir_init(const struct attribute_group *grp, @@ -789,6 +856,10 @@ static int __init uv_sysfs_init(void) if (rc) goto out_ind_files; + /* Get installed key hashes if available, ignore any errors */ + if (test_bit_inv(BIT_UVC_CMD_QUERY_KEYS, uv_info.inst_calls_list)) + uv_sysfs_dir_init(&uv_keys_attr_group, &uv_keys_kset, "keys"); + return 0; out_ind_files: -- 2.45.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-10-23 7:55 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-10-15 11:39 [PATCH v3 0/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 1/2] s390/uv: Refactor uv-sysfs creation Steffen Eiden 2024-10-15 11:39 ` [PATCH v3 2/2] s390/uv: Provide host-key hashes in sysfs Steffen Eiden 2024-10-23 7:55 ` Steffen Eiden
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox