plpks-secvar.c source code [linux/arch/powerpc/platforms/pseries/plpks-secvar.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2
3	// Secure variable implementation using the PowerVM LPAR Platform KeyStore (PLPKS)
4	//
5	// Copyright 2022, 2023 IBM Corporation
6	// Authors: Russell Currey
7	// Andrew Donnellan
8	// Nayna Jain
9
10	#define pr_fmt(fmt) "secvar: "fmt
11
12	#include <linux/printk.h>
13	#include <linux/init.h>
14	#include <linux/types.h>
15	#include <linux/slab.h>
16	#include <linux/string.h>
17	#include <linux/kobject.h>
18	#include <linux/nls.h>
19	#include <asm/machdep.h>
20	#include <asm/secvar.h>
21	#include <asm/plpks.h>
22
23	// Config attributes for sysfs
24	#define PLPKS_CONFIG_ATTR(name, fmt, func) \
25	static ssize_t name##_show(struct kobject *kobj, \
26	struct kobj_attribute *attr, \
27	char *buf) \
28	{ \
29	return sysfs_emit(buf, fmt, func()); \
30	} \
31	static struct kobj_attribute attr_##name = __ATTR_RO(name)
32
33	PLPKS_CONFIG_ATTR(version, "%u\n", plpks_get_version);
34	PLPKS_CONFIG_ATTR(max_object_size, "%u\n", plpks_get_maxobjectsize);
35	PLPKS_CONFIG_ATTR(total_size, "%u\n", plpks_get_totalsize);
36	PLPKS_CONFIG_ATTR(used_space, "%u\n", plpks_get_usedspace);
37	PLPKS_CONFIG_ATTR(supported_policies, "%08x\n", plpks_get_supportedpolicies);
38	PLPKS_CONFIG_ATTR(signed_update_algorithms, "%016llx\n", plpks_get_signedupdatealgorithms);
39
40	static const struct attribute *config_attrs[] = {
41	&attr_version.attr,
42	&attr_max_object_size.attr,
43	&attr_total_size.attr,
44	&attr_used_space.attr,
45	&attr_supported_policies.attr,
46	&attr_signed_update_algorithms.attr,
47	NULL,
48	};
49
50	static u32 get_policy(const char *name)
51	{
52	if ((strcmp(name, "db") == `0`) \|\|
53	(strcmp(name, "dbx") == `0`) \|\|
54	(strcmp(name, "grubdb") == `0`) \|\|
55	(strcmp(name, "grubdbx") == `0`) \|\|
56	(strcmp(name, "sbat") == `0`))
57	return (PLPKS_WORLDREADABLE \| PLPKS_SIGNEDUPDATE);
58	else
59	return PLPKS_SIGNEDUPDATE;
60	}
61
62	static const char * const plpks_var_names[] = {
63	"PK",
64	"KEK",
65	"db",
66	"dbx",
67	"grubdb",
68	"grubdbx",
69	"sbat",
70	"moduledb",
71	"trustedcadb",
72	NULL,
73	};
74
75	static int plpks_get_variable(const char key, u64 key_len, u8 data,
76	u64 *data_size)
77	{
78	struct plpks_var var = {`0`};
79	int rc = `0`;
80
81	// We subtract 1 from key_len because we don't need to include the
82	// null terminator at the end of the string
83	var.name = kcalloc(n: key_len - `1`, size: sizeof(wchar_t), GFP_KERNEL);
84	if (!var.name)
85	return -ENOMEM;
86	rc = utf8s_to_utf16s(s: key, len: key_len - `1`, endian: UTF16_LITTLE_ENDIAN, pwcs: (wchar_t *)var.name,
87	maxlen: key_len - `1`);
88	if (rc < `0`)
89	goto err;
90	var.namelen = rc * `2`;
91
92	var.os = PLPKS_VAR_LINUX;
93	if (data) {
94	var.data = data;
95	var.datalen = *data_size;
96	}
97	rc = plpks_read_os_var(&var);
98
99	if (rc)
100	goto err;
101
102	*data_size = var.datalen;
103
104	err:
105	kfree(objp: var.name);
106	if (rc && rc != -ENOENT) {
107	pr_err("Failed to read variable '%s': %d\n", key, rc);
108	// Return -EIO since userspace probably doesn't care about the
109	// specific error
110	rc = -EIO;
111	}
112	return rc;
113	}
114
115	static int plpks_set_variable(const char key, u64 key_len, u8 data,
116	u64 data_size)
117	{
118	struct plpks_var var = {`0`};
119	int rc = `0`;
120	u64 flags;
121
122	// Secure variables need to be prefixed with 8 bytes of flags.
123	// We only want to perform the write if we have at least one byte of data.
124	if (data_size <= sizeof(flags))
125	return -EINVAL;
126
127	// We subtract 1 from key_len because we don't need to include the
128	// null terminator at the end of the string
129	var.name = kcalloc(n: key_len - `1`, size: sizeof(wchar_t), GFP_KERNEL);
130	if (!var.name)
131	return -ENOMEM;
132	rc = utf8s_to_utf16s(s: key, len: key_len - `1`, endian: UTF16_LITTLE_ENDIAN, pwcs: (wchar_t *)var.name,
133	maxlen: key_len - `1`);
134	if (rc < `0`)
135	goto err;
136	var.namelen = rc * `2`;
137
138	// Flags are contained in the first 8 bytes of the buffer, and are always big-endian
139	flags = be64_to_cpup(p: (__be64 *)data);
140
141	var.datalen = data_size - sizeof(flags);
142	var.data = data + sizeof(flags);
143	var.os = PLPKS_VAR_LINUX;
144	var.policy = get_policy(name: key);
145
146	// Unlike in the read case, the plpks error code can be useful to
147	// userspace on write, so we return it rather than just -EIO
148	rc = plpks_signed_update_var(&var, flags);
149
150	err:
151	kfree(objp: var.name);
152	return rc;
153	}
154
155	// PLPKS dynamic secure boot doesn't give us a format string in the same way OPAL does.
156	// Instead, report the format using the SB_VERSION variable in the keystore.
157	// The string is made up by us, and takes the form "ibm,plpks-sb-v<n>" (or "ibm,plpks-sb-unknown"
158	// if the SB_VERSION variable doesn't exist). Hypervisor defines the SB_VERSION variable as a
159	// "1 byte unsigned integer value".
160	static ssize_t plpks_secvar_format(char *buf, size_t bufsize)
161	{
162	struct plpks_var var = {`0`};
163	ssize_t ret;
164	u8 version;
165
166	var.component = NULL;
167	// Only the signed variables have null bytes in their names, this one doesn't
168	var.name = "SB_VERSION";
169	var.namelen = strlen(var.name);
170	var.datalen = `1`;
171	var.data = &version;
172
173	// Unlike the other vars, SB_VERSION is owned by firmware instead of the OS
174	ret = plpks_read_fw_var(&var);
175	if (ret) {
176	if (ret == -ENOENT) {
177	ret = snprintf(buf, size: bufsize, fmt: "ibm,plpks-sb-unknown");
178	} else {
179	pr_err("Error %ld reading SB_VERSION from firmware\n", ret);
180	ret = -EIO;
181	}
182	goto err;
183	}
184
185	ret = snprintf(buf, size: bufsize, fmt: "ibm,plpks-sb-v%hhu", version);
186	err:
187	return ret;
188	}
189
190	static int plpks_max_size(u64 *max_size)
191	{
192	// The max object size reported by the hypervisor is accurate for the
193	// object itself, but we use the first 8 bytes of data on write as the
194	// signed update flags, so the max size a user can write is larger.
195	max_size = (u64)plpks_get_maxobjectsize() + sizeof*(u64);
196
197	return `0`;
198	}
199
200
201	static const struct secvar_operations plpks_secvar_ops = {
202	.get = plpks_get_variable,
203	.set = plpks_set_variable,
204	.format = plpks_secvar_format,
205	.max_size = plpks_max_size,
206	.config_attrs = config_attrs,
207	.var_names = plpks_var_names,
208	};
209
210	static int plpks_secvar_init(void)
211	{
212	if (!plpks_is_available())
213	return -ENODEV;
214
215	return set_secvar_ops(&plpks_secvar_ops);
216	}
217	machine_device_initcall(pseries, plpks_secvar_init);
218

source code of linux/arch/powerpc/platforms/pseries/plpks-secvar.c