From: Zhuoying Cai <zycai@linux.ibm.com>
To: thuth@redhat.com, berrange@redhat.com, jrossi@linux.ibm.com,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org
Cc: richard.henderson@linaro.org, pierrick.bouvier@linaro.org,
david@kernel.org, walling@linux.ibm.com, jjherne@linux.ibm.com,
pasic@linux.ibm.com, borntraeger@linux.ibm.com,
farman@linux.ibm.com, mjrosato@linux.ibm.com, iii@linux.ibm.com,
eblake@redhat.com, armbru@redhat.com, zycai@linux.ibm.com,
alifm@linux.ibm.com, brueckner@linux.ibm.com,
jdaley@linux.ibm.com
Subject: [PATCH v9 12/30] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
Date: Thu, 5 Mar 2026 17:41:27 -0500 [thread overview]
Message-ID: <20260305224146.664053-13-zycai@linux.ibm.com> (raw)
In-Reply-To: <20260305224146.664053-1-zycai@linux.ibm.com>
From: Collin Walling <walling@linux.ibm.com>
DIAG 508 subcode 1 performs signature-verification on signed components.
A signed component may be a Linux kernel image, or any other signed
binary. **Verification of initrd is not supported.**
The instruction call expects two item-pairs: an address of a device
component, an address of the analogous signature file (in PKCS#7 DER format),
and their respective lengths. All of this data should be encapsulated
within a Diag508SigVerifBlock.
The DIAG handler will read from the provided addresses
to retrieve the necessary data, parse the signature file, then
perform the signature-verification. Because there is no way to
correlate a specific certificate to a component, each certificate
in the store is tried until either verification succeeds, or all
certs have been exhausted.
A return code of 1 indicates success, and the index and length of the
corresponding certificate will be set in the Diag508SigVerifBlock.
The following values indicate failure:
0x0102: no certificates are available in the store
0x0202: component data is invalid
0x0302: PKCS#7 format signature is invalid
0x0402: signature-verification failed
0x0502: length of Diag508SigVerifBlock is invalid
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 17 +++++
include/hw/s390x/ipl/diag508.h | 30 +++++++++
target/s390x/diag.c | 111 +++++++++++++++++++++++++++++++-
3 files changed, 157 insertions(+), 1 deletion(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index 9a3decef69..32add09dc1 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -78,3 +78,20 @@ that requires assistance from QEMU.
Subcode 0 - query installed subcodes
Returns a 64-bit mask indicating which subcodes are supported.
+
+Subcode 1 - perform signature verification
+ Perform signature-verification on a signed component, using certificates
+ from the certificate store and leveraging qcrypto libraries to perform
+ this operation.
+
+ Note: verification of initrd is not supported.
+
+ A return code of 1 indicates success, and the index and length of the
+ corresponding certificate will be set in the Diag508SigVerifBlock.
+ The following values indicate failure:
+
+ * ``0x0102``: no certificates are available in the store
+ * ``0x0202``: component data is invalid
+ * ``0x0302``: PKCS#7 format signature is invalid
+ * ``0x0402``: signature-verification failed
+ * ``0x0502``: length of Diag508SigVerifBlock is invalid
diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
index 6281ad8299..8a147f32a0 100644
--- a/include/hw/s390x/ipl/diag508.h
+++ b/include/hw/s390x/ipl/diag508.h
@@ -11,5 +11,35 @@
#define S390X_DIAG508_H
#define DIAG_508_SUBC_QUERY_SUBC 0x0000
+#define DIAG_508_SUBC_SIG_VERIF 0x8000
+
+#define DIAG_508_RC_OK 0x0001
+#define DIAG_508_RC_NO_CERTS 0x0102
+#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
+#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
+#define DIAG_508_RC_FAIL_VERIF 0x0402
+#define DIAG_508_RC_INVAL_LEN 0x0502
+
+/*
+ * Maximum componenet and signature sizes for current secure boot implementation
+ * Not architecturally defined and may need to revisit if increased
+ */
+#define DIAG_508_MAX_COMP_LEN 0x10000000
+#define DIAG_508_MAX_SIG_LEN 4096
+
+struct Diag508SigVerifBlock {
+ uint32_t length;
+ uint8_t reserved0[3];
+ uint8_t version;
+ uint32_t reserved[2];
+ uint8_t cert_store_index;
+ uint8_t reserved1[7];
+ uint64_t cert_len;
+ uint64_t comp_len;
+ uint64_t comp_addr;
+ uint64_t sig_len;
+ uint64_t sig_addr;
+};
+typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 6d9bdee7e3..1dae4ada07 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -642,9 +642,110 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
}
}
+static bool diag_508_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size)
+{
+ g_autofree uint8_t *sig_pem = NULL;
+ size_t sig_size_pem;
+ int rc;
+
+ /*
+ * PKCS#7 signature with DER format
+ * Convert to PEM format for signature verification
+ *
+ * Ignore errors during qcrypto signature format conversion and verification
+ * Return false on any error, treating it as a verification failure
+ */
+ rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
+ if (rc < 0) {
+ return false;
+ }
+
+ rc = qcrypto_x509_verify_sig(cert, cert_size,
+ comp, comp_size,
+ sig_pem, sig_size_pem, NULL);
+ if (rc < 0) {
+ return false;
+ }
+
+ return true;
+}
+
+static int handle_diag508_sig_verif(uint64_t addr)
+{
+ int verified;
+ uint32_t svb_len;
+ uint64_t comp_len, comp_addr;
+ uint64_t sig_len, sig_addr;
+ g_autofree uint8_t *comp = NULL;
+ g_autofree uint8_t *sig = NULL;
+ g_autofree Diag508SigVerifBlock *svb = NULL;
+ size_t svb_size = sizeof(Diag508SigVerifBlock);
+ S390IPLCertificateStore *cs = s390_ipl_get_certificate_store();
+
+ if (!cs->count) {
+ return DIAG_508_RC_NO_CERTS;
+ }
+
+ svb = g_new0(Diag508SigVerifBlock, 1);
+ cpu_physical_memory_read(addr, svb, svb_size);
+
+ svb_len = be32_to_cpu(svb->length);
+ if (svb_len != svb_size) {
+ return DIAG_508_RC_INVAL_LEN;
+ }
+
+ comp_len = be64_to_cpu(svb->comp_len);
+ comp_addr = be64_to_cpu(svb->comp_addr);
+ sig_len = be64_to_cpu(svb->sig_len);
+ sig_addr = be64_to_cpu(svb->sig_addr);
+
+ if (!comp_len || !comp_addr || comp_len > DIAG_508_MAX_COMP_LEN) {
+ if (comp_len > DIAG_508_MAX_COMP_LEN) {
+ warn_report("DIAG 0x508: component length %lu exceeds current maximum %u",
+ comp_len, DIAG_508_MAX_COMP_LEN);
+ }
+ return DIAG_508_RC_INVAL_COMP_DATA;
+ }
+
+ if (!sig_len || !sig_addr || sig_len > DIAG_508_MAX_SIG_LEN) {
+ if (sig_len > DIAG_508_MAX_SIG_LEN) {
+ warn_report("DIAG 0x508: signature length %lu exceeds current maximum %u",
+ sig_len, DIAG_508_MAX_SIG_LEN);
+ }
+ return DIAG_508_RC_INVAL_PKCS7_SIG;
+ }
+
+ comp = g_malloc0(comp_len);
+ cpu_physical_memory_read(comp_addr, comp, comp_len);
+
+ sig = g_malloc0(sig_len);
+ cpu_physical_memory_read(sig_addr, sig, sig_len);
+
+ for (int i = 0; i < cs->count; i++) {
+ verified = diag_508_verify_sig(cs->certs[i].raw,
+ cs->certs[i].size,
+ comp, comp_len,
+ sig, sig_len);
+ if (verified) {
+ svb->cert_store_index = i;
+ svb->cert_len = cpu_to_be64(cs->certs[i].der_size);
+ cpu_physical_memory_write(addr, svb, svb_size);
+ return DIAG_508_RC_OK;
+ }
+ }
+
+ return DIAG_508_RC_FAIL_VERIF;
+}
+
+QEMU_BUILD_BUG_MSG(sizeof(Diag508SigVerifBlock) != 64,
+ "size of Diag508SigVerifBlock is wrong");
+
void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
uint64_t subcode = env->regs[r3];
+ uint64_t addr = env->regs[r1];
int rc;
if (env->psw.mask & PSW_MASK_PSTATE) {
@@ -659,7 +760,15 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
switch (subcode) {
case DIAG_508_SUBC_QUERY_SUBC:
- rc = 0;
+ rc = DIAG_508_SUBC_SIG_VERIF;
+ break;
+ case DIAG_508_SUBC_SIG_VERIF:
+ if (!diag_parm_addr_valid(addr, sizeof(Diag508SigVerifBlock), true)) {
+ s390_program_interrupt(env, PGM_ADDRESSING, ra);
+ return;
+ }
+
+ rc = handle_diag508_sig_verif(addr);
break;
default:
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
--
2.53.0
next prev parent reply other threads:[~2026-03-05 22:45 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 22:41 [PATCH v9 00/30] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 01/30] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 02/30] crypto/x509-utils: Refactor with GNUTLS fallback Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 03/30] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 04/30] hw/s390x/ipl: Create " Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 05/30] s390x/diag: Introduce DIAG 320 for Certificate Store Facility Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 06/30] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 07/30] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 08/30] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 09/30] s390x/diag: Implement " Zhuoying Cai
2026-03-13 19:58 ` Collin Walling
2026-03-16 18:04 ` Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 10/30] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 11/30] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
2026-03-05 22:41 ` Zhuoying Cai [this message]
2026-03-05 22:41 ` [PATCH v9 13/30] s390x/ipl: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
2026-03-13 20:00 ` Collin Walling
2026-03-05 22:41 ` [PATCH v9 14/30] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 15/30] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 16/30] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 17/30] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 18/30] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 19/30] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2026-03-17 3:41 ` Collin Walling
2026-03-25 19:11 ` Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 20/30] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
2026-03-17 4:25 ` Collin Walling
2026-03-05 22:41 ` [PATCH v9 21/30] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 22/30] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2026-03-17 6:54 ` Collin Walling
2026-03-05 22:41 ` [PATCH v9 23/30] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 24/30] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 25/30] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2026-03-17 7:02 ` Collin Walling
2026-03-05 22:41 ` [PATCH v9 26/30] hw/s390x/ipl: Handle secure boot with multiple boot devices Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 27/30] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 28/30] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 29/30] docs/specs: Add secure IPL documentation Zhuoying Cai
2026-03-05 22:41 ` [PATCH v9 30/30] docs/system/s390x: " Zhuoying Cai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305224146.664053-13-zycai@linux.ibm.com \
--to=zycai@linux.ibm.com \
--cc=alifm@linux.ibm.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=brueckner@linux.ibm.com \
--cc=david@kernel.org \
--cc=eblake@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=jdaley@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=jrossi@linux.ibm.com \
--cc=mjrosato@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox