From: Farhan Ali <alifm@linux.ibm.com>
To: Zhuoying Cai <zycai@linux.ibm.com>,
thuth@redhat.com, berrange@redhat.com,
richard.henderson@linaro.org, david@redhat.com,
jrossi@linux.ibm.com, qemu-s390x@nongnu.org,
qemu-devel@nongnu.org
Cc: walling@linux.ibm.com, jjherne@linux.ibm.com,
pasic@linux.ibm.com, borntraeger@linux.ibm.com,
farman@linux.ibm.com, mjrosato@linux.ibm.com, iii@linux.ibm.com,
eblake@redhat.com, armbru@redhat.com
Subject: Re: [PATCH v5 12/29] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
Date: Wed, 27 Aug 2025 15:18:27 -0700 [thread overview]
Message-ID: <b0dc190d-db0e-46a2-8fac-563845e293c1@linux.ibm.com> (raw)
In-Reply-To: <20250818214323.529501-13-zycai@linux.ibm.com>
On 8/18/2025 2:43 PM, Zhuoying Cai wrote:
> From: Collin Walling <walling@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 DER format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SignatureVerificationBlock, with the CertificateStoreInfo
> fields ignored. The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the CertificateStoreInfo
> portion of the SigVerifBlock. The following values indicate failure:
>
> 0x0102: certificate not available
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 5 ++
> include/hw/s390x/ipl/diag508.h | 23 +++++++
> target/s390x/diag.c | 112 +++++++++++++++++++++++++++++++-
> 3 files changed, 139 insertions(+), 1 deletion(-)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 6b3249173f..385f8d85a8 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -64,3 +64,8 @@ that requires assistance from QEMU.
>
> Subcode 0 - query installed subcodes
> Returns a 64-bit mask indicating which subcodes are supported.
> +
> +Subcode 1 - perform signature verification
> + Perform signature-verification on a signed component, using certificates
> + from the certificate store and leveraging qcrypto libraries to perform
> + this operation.
> diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
> index 6281ad8299..c99c6705c0 100644
> --- a/include/hw/s390x/ipl/diag508.h
> +++ b/include/hw/s390x/ipl/diag508.h
> @@ -11,5 +11,28 @@
> #define S390X_DIAG508_H
>
> #define DIAG_508_SUBC_QUERY_SUBC 0x0000
> +#define DIAG_508_SUBC_SIG_VERIF 0x8000
> +
> +#define DIAG_508_RC_OK 0x0001
> +#define DIAG_508_RC_NO_CERTS 0x0102
> +#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
> +#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
> +#define DIAG_508_RC_FAIL_VERIF 0x0402
> +
> +struct Diag508CertificateStoreInfo {
> + uint8_t idx;
> + uint8_t reserved[7];
> + uint64_t len;
> +};
> +typedef struct Diag508CertificateStoreInfo Diag508CertificateStoreInfo;
> +
> +struct Diag508SignatureVerificationBlock {
> + Diag508CertificateStoreInfo csi;
> + uint64_t comp_len;
> + uint64_t comp_addr;
> + uint64_t sig_len;
> + uint64_t sig_addr;
> +};
> +typedef struct Diag508SignatureVerificationBlock Diag508SignatureVerificationBlock;
>
> #endif
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index 6519a3cedc..2fe25a2c66 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -573,9 +573,107 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> }
> }
>
> +static int diag_508_verify_sig(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size)
> +{
> + g_autofree uint8_t *sig_pem = NULL;
> + size_t sig_size_pem;
> + int rc;
> +
> + /*
> + * PKCS#7 signature with DER format
> + * Convert to PEM format for signature verification
> + */
> + rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + /*
> + * Ignore errors from signature format convertion and verification,
> + * because currently in the certificate lookup process.
> + *
> + * Any error is treated as a verification failure,
> + * and the final result (verified or not) will be reported later.
> + */
The comment here seems misleading as we are checking the return code
from qcrypto_x509_verify_sig and not ignoring the error here. Is it
meant for the handle_diag508_sig_verif function where we are looping
through the certs?
Thanks Farhan
> + rc = qcrypto_x509_verify_sig(cert, cert_size,
> + comp, comp_size,
> + sig_pem, sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +static int handle_diag508_sig_verif(uint64_t addr, size_t csi_size, size_t svb_size,
> + S390IPLCertificateStore *qcs)
> +{
> + int rc;
> + int verified;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + g_autofree uint8_t *svb_comp = NULL;
> + g_autofree uint8_t *svb_sig = NULL;
> + g_autofree Diag508SignatureVerificationBlock *svb = NULL;
> +
> + if (!qcs || !qcs->count) {
> + return DIAG_508_RC_NO_CERTS;
> + }
> +
> + svb = g_new0(Diag508SignatureVerificationBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + return DIAG_508_RC_INVAL_COMP_DATA;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + return DIAG_508_RC_INVAL_PKCS7_SIG;
> + }
> +
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + */
> + for (int i = 0; i < qcs->count; i++) {
> + verified = diag_508_verify_sig(qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len);
> + if (verified == 0) {
> + svb->csi.idx = i;
> + svb->csi.len = cpu_to_be64(qcs->certs[i].der_size);
> + cpu_physical_memory_write(addr, &svb->csi, be32_to_cpu(csi_size));
> + rc = DIAG_508_RC_OK;
> + break;
> + }
> + }
> +
> + return rc;
> +}
> +
> +QEMU_BUILD_BUG_MSG(sizeof(Diag508SignatureVerificationBlock) != 48,
> + "size of Diag508SignatureVerificationBlock is wrong");
> +
> void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> {
> + S390IPLCertificateStore *qcs = s390_ipl_get_certificate_store();
> uint64_t subcode = env->regs[r3];
> + uint64_t addr = env->regs[r1];
> int rc;
>
> if (env->psw.mask & PSW_MASK_PSTATE) {
> @@ -590,7 +688,19 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
>
> switch (subcode) {
> case DIAG_508_SUBC_QUERY_SUBC:
> - rc = 0;
> + rc = DIAG_508_SUBC_SIG_VERIF;
> + break;
> + case DIAG_508_SUBC_SIG_VERIF:
> + size_t csi_size = sizeof(Diag508CertificateStoreInfo);
> + size_t svb_size = sizeof(Diag508SignatureVerificationBlock);
> +
> + if (!diag_parm_addr_valid(addr, svb_size, false) ||
> + !diag_parm_addr_valid(addr, csi_size, true)) {
> + s390_program_interrupt(env, PGM_ADDRESSING, ra);
> + return;
> + }
> +
> + rc = handle_diag508_sig_verif(addr, csi_size, svb_size, qcs);
> break;
> default:
> s390_program_interrupt(env, PGM_SPECIFICATION, ra);
next prev parent reply other threads:[~2025-08-27 22:19 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-18 21:42 [PATCH v5 00/29] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2025-08-18 21:42 ` [PATCH v5 01/29] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
2025-09-11 7:24 ` Markus Armbruster
2025-09-11 19:03 ` Zhuoying Cai
2025-09-12 6:42 ` Markus Armbruster
2025-09-12 18:05 ` Zhuoying Cai
2025-09-15 6:44 ` Markus Armbruster
2025-09-15 16:14 ` Zhuoying Cai
2025-09-15 17:18 ` Daniel P. Berrangé
2025-09-16 5:59 ` Markus Armbruster
2025-08-18 21:42 ` [PATCH v5 02/29] crypto/x509-utils: Refactor with GNUTLS fallback Zhuoying Cai
2025-08-18 21:42 ` [PATCH v5 03/29] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
2025-08-27 17:28 ` Daniel P. Berrangé
2025-08-27 20:13 ` Zhuoying Cai
2025-08-18 21:42 ` [PATCH v5 04/29] hw/s390x/ipl: Create " Zhuoying Cai
2025-08-26 13:40 ` Jared Rossi
2025-08-28 14:31 ` Zhuoying Cai
2025-08-27 23:14 ` Farhan Ali
2025-08-28 14:46 ` Zhuoying Cai
2025-09-02 15:15 ` Jared Rossi
2025-09-02 17:55 ` Zhuoying Cai
2025-09-09 0:54 ` Collin Walling
2025-09-10 20:43 ` Zhuoying Cai
2025-08-18 21:42 ` [PATCH v5 05/29] s390x/diag: Introduce DIAG 320 for Certificate Store Facility Zhuoying Cai
2025-09-09 14:42 ` Collin Walling
2025-08-18 21:42 ` [PATCH v5 06/29] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 07/29] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
2025-08-26 22:30 ` Jared Rossi
2025-08-27 14:35 ` Zhuoying Cai
2025-08-27 18:14 ` Collin Walling
2025-08-27 21:49 ` Farhan Ali
2025-08-27 22:01 ` Thomas Huth
2025-08-18 21:43 ` [PATCH v5 08/29] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
2025-08-27 17:36 ` Daniel P. Berrangé
2025-08-18 21:43 ` [PATCH v5 09/29] s390x/diag: Implement " Zhuoying Cai
2025-08-27 14:35 ` Jared Rossi
2025-08-28 15:12 ` Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 10/29] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 11/29] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
2025-08-27 17:44 ` Daniel P. Berrangé
2025-08-18 21:43 ` [PATCH v5 12/29] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
2025-08-27 14:55 ` Jared Rossi
2025-08-27 18:08 ` Collin Walling
2025-08-27 22:18 ` Farhan Ali [this message]
2025-08-28 15:01 ` Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 13/29] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 14/29] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 15/29] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
2025-08-27 16:30 ` Jared Rossi
2025-08-18 21:43 ` [PATCH v5 16/29] hw/s390x/ipl: Set iplb->len to maximum length of " Zhuoying Cai
2025-08-27 16:33 ` Jared Rossi
2025-08-18 21:43 ` [PATCH v5 17/29] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 18/29] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 19/29] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 20/29] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 21/29] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 22/29] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 23/29] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 24/29] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 25/29] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 26/29] pc-bios/s390-ccw: Handle secure boot with multiple boot devices Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 27/29] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 28/29] docs/specs: Add secure IPL documentation Zhuoying Cai
2025-08-18 21:43 ` [PATCH v5 29/29] docs/system/s390x: " Zhuoying Cai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b0dc190d-db0e-46a2-8fac-563845e293c1@linux.ibm.com \
--to=alifm@linux.ibm.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=jrossi@linux.ibm.com \
--cc=mjrosato@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
--cc=zycai@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).