From: Andrew Donnellan <ajd@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org
Cc: sudhakar@linux.ibm.com, bgray@linux.ibm.com,
erichte@linux.ibm.com, gregkh@linuxfoundation.org,
nayna@linux.ibm.com, linux-kernel@vger.kernel.org,
zohar@linux.ibm.com, gjoyce@linux.ibm.com, ruscur@russell.cc,
gcwilson@linux.ibm.com, joel@jms.id.au
Subject: [PATCH v4 21/24] powerpc/pseries: Pass PLPKS password on kexec
Date: Fri, 20 Jan 2023 18:43:03 +1100 [thread overview]
Message-ID: <20230120074306.1326298-22-ajd@linux.ibm.com> (raw)
In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com>
From: Russell Currey <ruscur@russell.cc>
Before interacting with the PLPKS, we ask the hypervisor to generate a
password for the current boot, which is then required for most further
PLPKS operations.
If we kexec into a new kernel, the new kernel will try and fail to
generate a new password, as the password has already been set.
Pass the password through to the new kernel via the device tree, in
/chosen/plpks-pw. Check for the presence of this property before trying
to generate a new password - if it exists, use the existing password and
remove it from the device tree.
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
---
v3: New patch
v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch)
Fix error handling on fdt_path_offset() call (ruscur)
---
arch/powerpc/kexec/file_load_64.c | 18 ++++++++++++++++++
arch/powerpc/platforms/pseries/plpks.c | 18 +++++++++++++++++-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c
index af8854f9eae3..0c9130af60cc 100644
--- a/arch/powerpc/kexec/file_load_64.c
+++ b/arch/powerpc/kexec/file_load_64.c
@@ -27,6 +27,7 @@
#include <asm/kexec_ranges.h>
#include <asm/crashdump-ppc64.h>
#include <asm/prom.h>
+#include <asm/plpks.h>
struct umem_info {
u64 *buf; /* data buffer for usable-memory property */
@@ -1156,6 +1157,9 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt,
{
struct crash_mem *umem = NULL, *rmem = NULL;
int i, nr_ranges, ret;
+#ifdef CONFIG_PSERIES_PLPKS
+ int chosen_offset;
+#endif
/*
* Restrict memory usage for kdump kernel by setting up
@@ -1230,6 +1234,20 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt,
}
}
+#ifdef CONFIG_PSERIES_PLPKS
+ // If we have PLPKS active, we need to provide the password
+ if (plpks_is_available()) {
+ chosen_offset = fdt_path_offset(fdt, "/chosen");
+ if (chosen_offset < 0) {
+ pr_err("Can't find chosen node: %s\n",
+ fdt_strerror(chosen_offset));
+ goto out;
+ }
+ ret = fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw",
+ plpks_get_password(), plpks_get_passwordlen());
+ }
+#endif // CONFIG_PSERIES_PLPKS
+
out:
kfree(rmem);
kfree(umem);
diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c
index b3c7410a4f13..0350f10e1755 100644
--- a/arch/powerpc/platforms/pseries/plpks.c
+++ b/arch/powerpc/platforms/pseries/plpks.c
@@ -16,6 +16,7 @@
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/types.h>
+#include <linux/of.h>
#include <asm/hvcall.h>
#include <asm/machdep.h>
#include <asm/plpks.h>
@@ -126,7 +127,22 @@ static int plpks_gen_password(void)
{
unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
u8 *password, consumer = PLPKS_OS_OWNER;
- int rc;
+ struct property *prop;
+ int rc, len;
+
+ // Before we generate the password, we may have been booted by kexec and
+ // provided with a previous password. Check for that first.
+ prop = of_find_property(of_chosen, "ibm,plpks-pw", &len);
+ if (prop) {
+ ospasswordlength = (u16)len;
+ ospassword = kzalloc(ospasswordlength, GFP_KERNEL);
+ if (!ospassword) {
+ of_remove_property(of_chosen, prop);
+ return -ENOMEM;
+ }
+ memcpy(ospassword, prop->value, len);
+ return of_remove_property(of_chosen, prop);
+ }
// The password must not cross a page boundary, so we align to the next power of 2
password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL);
--
2.39.0
next prev parent reply other threads:[~2023-01-20 8:01 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-20 7:42 [PATCH v4 00/24] pSeries dynamic secure boot secvar interface + platform keyring loading Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 01/24] powerpc/pseries: Fix handling of PLPKS object flushing timeout Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 02/24] powerpc/pseries: Fix alignment of PLPKS structures and buffers Andrew Donnellan
2023-01-25 13:09 ` Michael Ellerman
2023-01-26 17:19 ` Segher Boessenkool
2023-01-26 17:31 ` David Laight
2023-01-27 3:20 ` Andrew Donnellan
2023-01-27 9:05 ` David Laight
2023-01-27 11:08 ` Michael Ellerman
2023-01-27 10:52 ` Michael Ellerman
2023-01-20 7:42 ` [PATCH v4 03/24] powerpc/secvar: Use u64 in secvar_operations Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 04/24] powerpc/secvar: Warn and error if multiple secvar ops are set Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 05/24] powerpc/secvar: Use sysfs_emit() instead of sprintf() Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 06/24] powerpc/secvar: Handle format string in the consumer Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 07/24] powerpc/secvar: Handle max object size " Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 08/24] powerpc/secvar: Clean up init error messages Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 09/24] powerpc/secvar: Extend sysfs to include config vars Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 10/24] powerpc/secvar: Allow backend to populate static list of variable names Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 11/24] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 12/24] powerpc/secvar: Don't print error on ENOENT when reading variables Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 13/24] powerpc/pseries: Move plpks.h to include directory Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 14/24] powerpc/pseries: Move PLPKS constants to header file Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 15/24] powerpc/pseries: Expose PLPKS config values, support additional fields Andrew Donnellan
2023-01-20 7:42 ` [PATCH v4 16/24] powerpc/pseries: Implement signed update for PLPKS objects Andrew Donnellan
2023-01-24 4:16 ` Nicholas Piggin
2023-01-30 4:43 ` Andrew Donnellan
2023-01-31 4:23 ` Russell Currey
2023-01-20 7:42 ` [PATCH v4 17/24] powerpc/pseries: Log hcall return codes for PLPKS debug Andrew Donnellan
2023-01-20 7:43 ` [PATCH v4 18/24] powerpc/pseries: Make caller pass buffer to plpks_read_var() Andrew Donnellan
2023-01-20 7:43 ` [PATCH v4 19/24] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Andrew Donnellan
2023-01-24 4:26 ` Nicholas Piggin
2023-01-20 7:43 ` [PATCH v4 20/24] powerpc/pseries: Add helpers to get PLPKS password Andrew Donnellan
2023-01-20 7:43 ` Andrew Donnellan [this message]
2023-01-24 4:36 ` [PATCH v4 21/24] powerpc/pseries: Pass PLPKS password on kexec Nicholas Piggin
2023-01-24 4:40 ` Andrew Donnellan
2023-01-25 3:59 ` Michael Ellerman
2023-01-31 2:43 ` Russell Currey
2023-01-20 7:43 ` [PATCH v4 22/24] powerpc/pseries: Implement secvars for dynamic secure boot Andrew Donnellan
2023-01-24 5:17 ` Nicholas Piggin
2023-01-31 2:54 ` Andrew Donnellan
2023-01-31 4:25 ` Andrew Donnellan
2023-01-31 8:55 ` Nicholas Piggin
2023-02-01 2:15 ` Andrew Donnellan
2023-01-20 7:43 ` [PATCH v4 23/24] integrity/powerpc: Improve error handling & reporting when loading certs Andrew Donnellan
2023-01-24 15:42 ` Mimi Zohar
2023-01-20 7:43 ` [PATCH v4 24/24] integrity/powerpc: Support loading keys from pseries secvar Andrew Donnellan
2023-01-24 5:24 ` Nicholas Piggin
2023-01-24 15:14 ` Mimi Zohar
2023-01-25 0:45 ` Andrew Donnellan
2023-01-25 2:23 ` Russell Currey
2023-01-25 2:47 ` Mimi Zohar
2023-01-31 1:03 ` Andrew Donnellan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230120074306.1326298-22-ajd@linux.ibm.com \
--to=ajd@linux.ibm.com \
--cc=bgray@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gjoyce@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=joel@jms.id.au \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=nayna@linux.ibm.com \
--cc=ruscur@russell.cc \
--cc=sudhakar@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).