1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright (C) 2022 IBM Corporation 4 * Author: Nayna Jain <nayna@linux.ibm.com> 5 * 6 * Platform keystore for pseries LPAR(PLPKS). 7 */ 8 9 #ifndef _ASM_POWERPC_PLPKS_H 10 #define _ASM_POWERPC_PLPKS_H 11 12 #ifdef CONFIG_PSERIES_PLPKS 13 14 #include <linux/types.h> 15 #include <linux/list.h> 16 17 // Object policy flags from supported_policies 18 #define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce 19 #define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce 20 #define PLPKS_PWSET PPC_BIT32(3) // No access without password set 21 #define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication 22 #define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed 23 #define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot 24 #define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates 25 #define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object 26 27 // Signature algorithm flags from signed_update_algorithms 28 #define PLPKS_ALG_RSA2048 PPC_BIT(0) 29 #define PLPKS_ALG_RSA4096 PPC_BIT(1) 30 31 // Object label OS metadata flags 32 #define PLPKS_VAR_LINUX 0x02 33 #define PLPKS_VAR_COMMON 0x04 34 35 // Flags for which consumer owns an object is owned by 36 #define PLPKS_FW_OWNER 0x1 37 #define PLPKS_BOOTLOADER_OWNER 0x2 38 #define PLPKS_OS_OWNER 0x3 39 40 // Flags for label metadata fields 41 #define PLPKS_LABEL_VERSION 0 42 #define PLPKS_MAX_LABEL_ATTR_SIZE 16 43 #define PLPKS_MAX_NAME_SIZE 239 44 #define PLPKS_MAX_DATA_SIZE 4000 45 46 // Timeouts for PLPKS operations 47 #define PLPKS_MAX_TIMEOUT (5 * USEC_PER_SEC) 48 #define PLPKS_FLUSH_SLEEP 10000 // usec 49 50 struct plpks_var { 51 char *component; 52 u8 *name; 53 u8 *data; 54 u32 policy; 55 u16 namelen; 56 u16 datalen; 57 u8 os; 58 }; 59 60 struct plpks_var_name { 61 u8 *name; 62 u16 namelen; 63 }; 64 65 struct plpks_var_name_list { 66 u32 varcount; 67 struct plpks_var_name varlist[]; 68 }; 69 70 /** 71 * Updates the authenticated variable. It expects NULL as the component. 72 */ 73 int plpks_signed_update_var(struct plpks_var *var, u64 flags); 74 75 /** 76 * Writes the specified var and its data to PKS. 77 * Any caller of PKS driver should present a valid component type for 78 * their variable. 79 */ 80 int plpks_write_var(struct plpks_var var); 81 82 /** 83 * Removes the specified var and its data from PKS. 84 */ 85 int plpks_remove_var(char *component, u8 varos, 86 struct plpks_var_name vname); 87 88 /** 89 * Returns the data for the specified os variable. 90 * 91 * Caller must allocate a buffer in var->data with length in var->datalen. 92 * If no buffer is provided, var->datalen will be populated with the object's 93 * size. 94 */ 95 int plpks_read_os_var(struct plpks_var *var); 96 97 /** 98 * Returns the data for the specified firmware variable. 99 * 100 * Caller must allocate a buffer in var->data with length in var->datalen. 101 * If no buffer is provided, var->datalen will be populated with the object's 102 * size. 103 */ 104 int plpks_read_fw_var(struct plpks_var *var); 105 106 /** 107 * Returns the data for the specified bootloader variable. 108 * 109 * Caller must allocate a buffer in var->data with length in var->datalen. 110 * If no buffer is provided, var->datalen will be populated with the object's 111 * size. 112 */ 113 int plpks_read_bootloader_var(struct plpks_var *var); 114 115 /** 116 * Returns if PKS is available on this LPAR. 117 */ 118 bool plpks_is_available(void); 119 120 /** 121 * Returns version of the Platform KeyStore. 122 */ 123 u8 plpks_get_version(void); 124 125 /** 126 * Returns hypervisor storage overhead per object, not including the size of 127 * the object or label. Only valid for config version >= 2 128 */ 129 u16 plpks_get_objoverhead(void); 130 131 /** 132 * Returns maximum password size. Must be >= 32 bytes 133 */ 134 u16 plpks_get_maxpwsize(void); 135 136 /** 137 * Returns maximum object size supported by Platform KeyStore. 138 */ 139 u16 plpks_get_maxobjectsize(void); 140 141 /** 142 * Returns maximum object label size supported by Platform KeyStore. 143 */ 144 u16 plpks_get_maxobjectlabelsize(void); 145 146 /** 147 * Returns total size of the configured Platform KeyStore. 148 */ 149 u32 plpks_get_totalsize(void); 150 151 /** 152 * Returns used space from the total size of the Platform KeyStore. 153 */ 154 u32 plpks_get_usedspace(void); 155 156 /** 157 * Returns bitmask of policies supported by the hypervisor. 158 */ 159 u32 plpks_get_supportedpolicies(void); 160 161 /** 162 * Returns maximum byte size of a single object supported by the hypervisor. 163 * Only valid for config version >= 3 164 */ 165 u32 plpks_get_maxlargeobjectsize(void); 166 167 /** 168 * Returns bitmask of signature algorithms supported for signed updates. 169 * Only valid for config version >= 3 170 */ 171 u64 plpks_get_signedupdatealgorithms(void); 172 173 /** 174 * Returns the length of the PLPKS password in bytes. 175 */ 176 u16 plpks_get_passwordlen(void); 177 178 /** 179 * Called in early init to retrieve and clear the PLPKS password from the DT. 180 */ 181 void plpks_early_init_devtree(void); 182 183 /** 184 * Populates the FDT with the PLPKS password to prepare for kexec. 185 */ 186 int plpks_populate_fdt(void *fdt); 187 #else // CONFIG_PSERIES_PLPKS plpks_is_available(void)188static inline bool plpks_is_available(void) { return false; } plpks_get_passwordlen(void)189static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); } plpks_early_init_devtree(void)190static inline void plpks_early_init_devtree(void) { } plpks_populate_fdt(void * fdt)191static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); } 192 #endif // CONFIG_PSERIES_PLPKS 193 194 #endif // _ASM_POWERPC_PLPKS_H 195