1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * PowerNV code for secure variables 4 * 5 * Copyright (C) 2019 IBM Corporation 6 * Author: Claudio Carvalho 7 * Nayna Jain 8 * 9 * APIs to access secure variables managed by OPAL. 10 */ 11 12 #define pr_fmt(fmt) "secvar: "fmt 13 14 #include <linux/types.h> 15 #include <linux/platform_device.h> 16 #include <linux/of_platform.h> 17 #include <asm/opal.h> 18 #include <asm/secvar.h> 19 #include <asm/secure_boot.h> 20 21 static int opal_status_to_err(int rc) 22 { 23 int err; 24 25 switch (rc) { 26 case OPAL_SUCCESS: 27 err = 0; 28 break; 29 case OPAL_UNSUPPORTED: 30 err = -ENXIO; 31 break; 32 case OPAL_PARAMETER: 33 err = -EINVAL; 34 break; 35 case OPAL_RESOURCE: 36 err = -ENOSPC; 37 break; 38 case OPAL_HARDWARE: 39 err = -EIO; 40 break; 41 case OPAL_NO_MEM: 42 err = -ENOMEM; 43 break; 44 case OPAL_EMPTY: 45 err = -ENOENT; 46 break; 47 case OPAL_PARTIAL: 48 err = -EFBIG; 49 break; 50 default: 51 err = -EINVAL; 52 } 53 54 return err; 55 } 56 57 static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize) 58 { 59 int rc; 60 61 if (!key || !dsize) 62 return -EINVAL; 63 64 *dsize = cpu_to_be64(*dsize); 65 66 rc = opal_secvar_get(key, ksize, data, dsize); 67 68 *dsize = be64_to_cpu(*dsize); 69 70 return opal_status_to_err(rc); 71 } 72 73 static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize) 74 { 75 int rc; 76 77 if (!key || !keylen) 78 return -EINVAL; 79 80 *keylen = cpu_to_be64(*keylen); 81 82 rc = opal_secvar_get_next(key, keylen, keybufsize); 83 84 *keylen = be64_to_cpu(*keylen); 85 86 return opal_status_to_err(rc); 87 } 88 89 static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) 90 { 91 int rc; 92 93 if (!key || !data) 94 return -EINVAL; 95 96 rc = opal_secvar_enqueue_update(key, ksize, data, dsize); 97 98 return opal_status_to_err(rc); 99 } 100 101 static ssize_t opal_secvar_format(char *buf, size_t bufsize) 102 { 103 ssize_t rc = 0; 104 struct device_node *node; 105 const char *format; 106 107 node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); 108 if (!of_device_is_available(node)) { 109 rc = -ENODEV; 110 goto out; 111 } 112 113 rc = of_property_read_string(node, "format", &format); 114 if (rc) 115 goto out; 116 117 rc = snprintf(buf, bufsize, "%s", format); 118 119 out: 120 of_node_put(node); 121 122 return rc; 123 } 124 125 static int opal_secvar_max_size(u64 *max_size) 126 { 127 int rc; 128 struct device_node *node; 129 130 node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); 131 if (!node) 132 return -ENODEV; 133 134 if (!of_device_is_available(node)) { 135 rc = -ENODEV; 136 goto out; 137 } 138 139 rc = of_property_read_u64(node, "max-var-size", max_size); 140 141 out: 142 of_node_put(node); 143 return rc; 144 } 145 146 static const struct secvar_operations opal_secvar_ops = { 147 .get = opal_get_variable, 148 .get_next = opal_get_next_variable, 149 .set = opal_set_variable, 150 .format = opal_secvar_format, 151 .max_size = opal_secvar_max_size, 152 }; 153 154 static int opal_secvar_probe(struct platform_device *pdev) 155 { 156 if (!opal_check_token(OPAL_SECVAR_GET) 157 || !opal_check_token(OPAL_SECVAR_GET_NEXT) 158 || !opal_check_token(OPAL_SECVAR_ENQUEUE_UPDATE)) { 159 pr_err("OPAL doesn't support secure variables\n"); 160 return -ENODEV; 161 } 162 163 return set_secvar_ops(&opal_secvar_ops); 164 } 165 166 static const struct of_device_id opal_secvar_match[] = { 167 { .compatible = "ibm,secvar-backend",}, 168 {}, 169 }; 170 171 static struct platform_driver opal_secvar_driver = { 172 .driver = { 173 .name = "secvar", 174 .of_match_table = opal_secvar_match, 175 }, 176 }; 177 178 static int __init opal_secvar_init(void) 179 { 180 return platform_driver_probe(&opal_secvar_driver, opal_secvar_probe); 181 } 182 device_initcall(opal_secvar_init); 183