Loading...
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright (C) 2022 IBM Corporation
4 * Author: Nayna Jain <nayna@linux.ibm.com>
5 *
6 * Platform keystore for pseries LPAR(PLPKS).
7 */
8
9#ifndef _ASM_POWERPC_PLPKS_H
10#define _ASM_POWERPC_PLPKS_H
11
12#ifdef CONFIG_PSERIES_PLPKS
13
14#include <linux/types.h>
15#include <linux/list.h>
16
17// Object policy flags from supported_policies
18#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce
19#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce
20#define PLPKS_PWSET PPC_BIT32(3) // No access without password set
21#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication
22#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed
23#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot
24#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates
25#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object
26
27// Signature algorithm flags from signed_update_algorithms
28#define PLPKS_ALG_RSA2048 PPC_BIT(0)
29#define PLPKS_ALG_RSA4096 PPC_BIT(1)
30
31// Object label OS metadata flags
32#define PLPKS_VAR_LINUX 0x02
33#define PLPKS_VAR_COMMON 0x04
34
35// Flags for which consumer owns an object is owned by
36#define PLPKS_FW_OWNER 0x1
37#define PLPKS_BOOTLOADER_OWNER 0x2
38#define PLPKS_OS_OWNER 0x3
39
40// Flags for label metadata fields
41#define PLPKS_LABEL_VERSION 0
42#define PLPKS_MAX_LABEL_ATTR_SIZE 16
43#define PLPKS_MAX_NAME_SIZE 239
44#define PLPKS_MAX_DATA_SIZE 4000
45
46// Timeouts for PLPKS operations
47#define PLPKS_MAX_TIMEOUT (5 * USEC_PER_SEC)
48#define PLPKS_FLUSH_SLEEP 10000 // usec
49
50struct plpks_var {
51 char *component;
52 u8 *name;
53 u8 *data;
54 u32 policy;
55 u16 namelen;
56 u16 datalen;
57 u8 os;
58};
59
60struct plpks_var_name {
61 u8 *name;
62 u16 namelen;
63};
64
65struct plpks_var_name_list {
66 u32 varcount;
67 struct plpks_var_name varlist[];
68};
69
70/**
71 * Updates the authenticated variable. It expects NULL as the component.
72 */
73int plpks_signed_update_var(struct plpks_var *var, u64 flags);
74
75/**
76 * Writes the specified var and its data to PKS.
77 * Any caller of PKS driver should present a valid component type for
78 * their variable.
79 */
80int plpks_write_var(struct plpks_var var);
81
82/**
83 * Removes the specified var and its data from PKS.
84 */
85int plpks_remove_var(char *component, u8 varos,
86 struct plpks_var_name vname);
87
88/**
89 * Returns the data for the specified os variable.
90 *
91 * Caller must allocate a buffer in var->data with length in var->datalen.
92 * If no buffer is provided, var->datalen will be populated with the object's
93 * size.
94 */
95int plpks_read_os_var(struct plpks_var *var);
96
97/**
98 * Returns the data for the specified firmware variable.
99 *
100 * Caller must allocate a buffer in var->data with length in var->datalen.
101 * If no buffer is provided, var->datalen will be populated with the object's
102 * size.
103 */
104int plpks_read_fw_var(struct plpks_var *var);
105
106/**
107 * Returns the data for the specified bootloader variable.
108 *
109 * Caller must allocate a buffer in var->data with length in var->datalen.
110 * If no buffer is provided, var->datalen will be populated with the object's
111 * size.
112 */
113int plpks_read_bootloader_var(struct plpks_var *var);
114
115/**
116 * Returns if PKS is available on this LPAR.
117 */
118bool plpks_is_available(void);
119
120/**
121 * Returns version of the Platform KeyStore.
122 */
123u8 plpks_get_version(void);
124
125/**
126 * Returns hypervisor storage overhead per object, not including the size of
127 * the object or label. Only valid for config version >= 2
128 */
129u16 plpks_get_objoverhead(void);
130
131/**
132 * Returns maximum password size. Must be >= 32 bytes
133 */
134u16 plpks_get_maxpwsize(void);
135
136/**
137 * Returns maximum object size supported by Platform KeyStore.
138 */
139u16 plpks_get_maxobjectsize(void);
140
141/**
142 * Returns maximum object label size supported by Platform KeyStore.
143 */
144u16 plpks_get_maxobjectlabelsize(void);
145
146/**
147 * Returns total size of the configured Platform KeyStore.
148 */
149u32 plpks_get_totalsize(void);
150
151/**
152 * Returns used space from the total size of the Platform KeyStore.
153 */
154u32 plpks_get_usedspace(void);
155
156/**
157 * Returns bitmask of policies supported by the hypervisor.
158 */
159u32 plpks_get_supportedpolicies(void);
160
161/**
162 * Returns maximum byte size of a single object supported by the hypervisor.
163 * Only valid for config version >= 3
164 */
165u32 plpks_get_maxlargeobjectsize(void);
166
167/**
168 * Returns bitmask of signature algorithms supported for signed updates.
169 * Only valid for config version >= 3
170 */
171u64 plpks_get_signedupdatealgorithms(void);
172
173/**
174 * Returns the length of the PLPKS password in bytes.
175 */
176u16 plpks_get_passwordlen(void);
177
178/**
179 * Called in early init to retrieve and clear the PLPKS password from the DT.
180 */
181void plpks_early_init_devtree(void);
182
183/**
184 * Populates the FDT with the PLPKS password to prepare for kexec.
185 */
186int plpks_populate_fdt(void *fdt);
187#else // CONFIG_PSERIES_PLPKS
188static inline bool plpks_is_available(void) { return false; }
189static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); }
190static inline void plpks_early_init_devtree(void) { }
191static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); }
192#endif // CONFIG_PSERIES_PLPKS
193
194#endif // _ASM_POWERPC_PLPKS_H