We have information about the supported attestation header version
and plaintext attestation flag bits.
Let's expose it via the sysfs files.
Signed-off-by: Steffen Eiden <[email protected]>
---
arch/s390/boot/uv.c | 2 ++
arch/s390/include/asm/uv.h | 7 ++++++-
arch/s390/kernel/uv.c | 20 ++++++++++++++++++++
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/arch/s390/boot/uv.c b/arch/s390/boot/uv.c
index 67c737c1e580..a5fa667160b2 100644
--- a/arch/s390/boot/uv.c
+++ b/arch/s390/boot/uv.c
@@ -45,6 +45,8 @@ void uv_query_info(void)
uv_info.supp_se_hdr_pcf = uvcb.supp_se_hdr_pcf;
uv_info.conf_dump_storage_state_len = uvcb.conf_dump_storage_state_len;
uv_info.conf_dump_finalize_len = uvcb.conf_dump_finalize_len;
+ uv_info.supp_att_req_hdr_ver = uvcb.supp_att_req_hdr_ver;
+ uv_info.supp_att_pflags = uvcb.supp_att_pflags;
}
#ifdef CONFIG_PROTECTED_VIRTUALIZATION_GUEST
diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
index 3e597bb634bd..18fe04c8547e 100644
--- a/arch/s390/include/asm/uv.h
+++ b/arch/s390/include/asm/uv.h
@@ -124,7 +124,10 @@ struct uv_cb_qui {
u64 reservedc0; /* 0x00c0 */
u64 conf_dump_storage_state_len; /* 0x00c8 */
u64 conf_dump_finalize_len; /* 0x00d0 */
- u8 reservedd8[256 - 216]; /* 0x00d8 */
+ u64 reservedd8; /* 0x00d8 */
+ u64 supp_att_req_hdr_ver; /* 0x00e0 */
+ u64 supp_att_pflags; /* 0x00e8 */
+ u8 reservedf0[256 - 240]; /* 0x00f0 */
} __packed __aligned(8);
/* Initialize Ultravisor */
@@ -350,6 +353,8 @@ struct uv_info {
unsigned long supp_se_hdr_pcf;
unsigned long conf_dump_storage_state_len;
unsigned long conf_dump_finalize_len;
+ unsigned long supp_att_req_hdr_ver;
+ unsigned long supp_att_pflags;
};
extern struct uv_info uv_info;
diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
index 84fe33b6af4d..c13d5a7b71f0 100644
--- a/arch/s390/kernel/uv.c
+++ b/arch/s390/kernel/uv.c
@@ -479,6 +479,24 @@ static ssize_t uv_query_max_guest_addr(struct kobject *kobj,
static struct kobj_attribute uv_query_max_guest_addr_attr =
__ATTR(max_address, 0444, uv_query_max_guest_addr, NULL);
+static ssize_t uv_query_supp_att_req_hdr_ver(struct kobject *kobj,
+ struct kobj_attribute *attr, char *page)
+{
+ return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_req_hdr_ver);
+}
+
+static struct kobj_attribute uv_query_supp_att_req_hdr_ver_attr =
+ __ATTR(supp_att_req_hdr_ver, 0444, uv_query_supp_att_req_hdr_ver, NULL);
+
+static ssize_t uv_query_supp_att_pflags(struct kobject *kobj,
+ struct kobj_attribute *attr, char *page)
+{
+ return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_pflags);
+}
+
+static struct kobj_attribute uv_query_supp_att_pflags_attr =
+ __ATTR(supp_att_pflags, 0444, uv_query_supp_att_pflags, NULL);
+
static struct attribute *uv_query_attrs[] = {
&uv_query_facilities_attr.attr,
&uv_query_feature_indications_attr.attr,
@@ -490,6 +508,8 @@ static struct attribute *uv_query_attrs[] = {
&uv_query_dump_storage_state_len_attr.attr,
&uv_query_dump_finalize_len_attr.attr,
&uv_query_dump_cpu_len_attr.attr,
+ &uv_query_supp_att_req_hdr_ver_attr.attr,
+ &uv_query_supp_att_pflags_attr.attr,
NULL,
};
--
2.30.2
On 5/18/22 15:59, Steffen Eiden wrote:
> We have information about the supported attestation header version
> and plaintext attestation flag bits.
> Let's expose it via the sysfs files.
>
> Signed-off-by: Steffen Eiden <[email protected]>
When Heiko's nit for the commit message is fixed:
Reviewed-by: Janosch Frank <[email protected]>
> ---
> arch/s390/boot/uv.c | 2 ++
> arch/s390/include/asm/uv.h | 7 ++++++-
> arch/s390/kernel/uv.c | 20 ++++++++++++++++++++
> 3 files changed, 28 insertions(+), 1 deletion(-)
>
> diff --git a/arch/s390/boot/uv.c b/arch/s390/boot/uv.c
> index 67c737c1e580..a5fa667160b2 100644
> --- a/arch/s390/boot/uv.c
> +++ b/arch/s390/boot/uv.c
> @@ -45,6 +45,8 @@ void uv_query_info(void)
> uv_info.supp_se_hdr_pcf = uvcb.supp_se_hdr_pcf;
> uv_info.conf_dump_storage_state_len = uvcb.conf_dump_storage_state_len;
> uv_info.conf_dump_finalize_len = uvcb.conf_dump_finalize_len;
> + uv_info.supp_att_req_hdr_ver = uvcb.supp_att_req_hdr_ver;
> + uv_info.supp_att_pflags = uvcb.supp_att_pflags;
> }
>
> #ifdef CONFIG_PROTECTED_VIRTUALIZATION_GUEST
> diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
> index 3e597bb634bd..18fe04c8547e 100644
> --- a/arch/s390/include/asm/uv.h
> +++ b/arch/s390/include/asm/uv.h
> @@ -124,7 +124,10 @@ struct uv_cb_qui {
> u64 reservedc0; /* 0x00c0 */
> u64 conf_dump_storage_state_len; /* 0x00c8 */
> u64 conf_dump_finalize_len; /* 0x00d0 */
> - u8 reservedd8[256 - 216]; /* 0x00d8 */
> + u64 reservedd8; /* 0x00d8 */
> + u64 supp_att_req_hdr_ver; /* 0x00e0 */
> + u64 supp_att_pflags; /* 0x00e8 */
> + u8 reservedf0[256 - 240]; /* 0x00f0 */
> } __packed __aligned(8);
>
> /* Initialize Ultravisor */
> @@ -350,6 +353,8 @@ struct uv_info {
> unsigned long supp_se_hdr_pcf;
> unsigned long conf_dump_storage_state_len;
> unsigned long conf_dump_finalize_len;
> + unsigned long supp_att_req_hdr_ver;
> + unsigned long supp_att_pflags;
> };
>
> extern struct uv_info uv_info;
> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
> index 84fe33b6af4d..c13d5a7b71f0 100644
> --- a/arch/s390/kernel/uv.c
> +++ b/arch/s390/kernel/uv.c
> @@ -479,6 +479,24 @@ static ssize_t uv_query_max_guest_addr(struct kobject *kobj,
> static struct kobj_attribute uv_query_max_guest_addr_attr =
> __ATTR(max_address, 0444, uv_query_max_guest_addr, NULL);
>
> +static ssize_t uv_query_supp_att_req_hdr_ver(struct kobject *kobj,
> + struct kobj_attribute *attr, char *page)
> +{
> + return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_req_hdr_ver);
> +}
> +
> +static struct kobj_attribute uv_query_supp_att_req_hdr_ver_attr =
> + __ATTR(supp_att_req_hdr_ver, 0444, uv_query_supp_att_req_hdr_ver, NULL);
> +
> +static ssize_t uv_query_supp_att_pflags(struct kobject *kobj,
> + struct kobj_attribute *attr, char *page)
> +{
> + return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_pflags);
> +}
> +
> +static struct kobj_attribute uv_query_supp_att_pflags_attr =
> + __ATTR(supp_att_pflags, 0444, uv_query_supp_att_pflags, NULL);
> +
> static struct attribute *uv_query_attrs[] = {
> &uv_query_facilities_attr.attr,
> &uv_query_feature_indications_attr.attr,
> @@ -490,6 +508,8 @@ static struct attribute *uv_query_attrs[] = {
> &uv_query_dump_storage_state_len_attr.attr,
> &uv_query_dump_finalize_len_attr.attr,
> &uv_query_dump_cpu_len_attr.attr,
> + &uv_query_supp_att_req_hdr_ver_attr.attr,
> + &uv_query_supp_att_pflags_attr.attr,
> NULL,
> };
>
On Wed, 18 May 2022 13:59:08 +0000
Steffen Eiden <[email protected]> wrote:
> We have information about the supported attestation header version
> and plaintext attestation flag bits.
> Let's expose it via the sysfs files.
>
> Signed-off-by: Steffen Eiden <[email protected]>
when you have fixed the commit message as indicated by Heiko:
Reviewed-by: Claudio Imbrenda <[email protected]>
> ---
> arch/s390/boot/uv.c | 2 ++
> arch/s390/include/asm/uv.h | 7 ++++++-
> arch/s390/kernel/uv.c | 20 ++++++++++++++++++++
> 3 files changed, 28 insertions(+), 1 deletion(-)
>
> diff --git a/arch/s390/boot/uv.c b/arch/s390/boot/uv.c
> index 67c737c1e580..a5fa667160b2 100644
> --- a/arch/s390/boot/uv.c
> +++ b/arch/s390/boot/uv.c
> @@ -45,6 +45,8 @@ void uv_query_info(void)
> uv_info.supp_se_hdr_pcf = uvcb.supp_se_hdr_pcf;
> uv_info.conf_dump_storage_state_len = uvcb.conf_dump_storage_state_len;
> uv_info.conf_dump_finalize_len = uvcb.conf_dump_finalize_len;
> + uv_info.supp_att_req_hdr_ver = uvcb.supp_att_req_hdr_ver;
> + uv_info.supp_att_pflags = uvcb.supp_att_pflags;
> }
>
> #ifdef CONFIG_PROTECTED_VIRTUALIZATION_GUEST
> diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
> index 3e597bb634bd..18fe04c8547e 100644
> --- a/arch/s390/include/asm/uv.h
> +++ b/arch/s390/include/asm/uv.h
> @@ -124,7 +124,10 @@ struct uv_cb_qui {
> u64 reservedc0; /* 0x00c0 */
> u64 conf_dump_storage_state_len; /* 0x00c8 */
> u64 conf_dump_finalize_len; /* 0x00d0 */
> - u8 reservedd8[256 - 216]; /* 0x00d8 */
> + u64 reservedd8; /* 0x00d8 */
> + u64 supp_att_req_hdr_ver; /* 0x00e0 */
> + u64 supp_att_pflags; /* 0x00e8 */
> + u8 reservedf0[256 - 240]; /* 0x00f0 */
> } __packed __aligned(8);
>
> /* Initialize Ultravisor */
> @@ -350,6 +353,8 @@ struct uv_info {
> unsigned long supp_se_hdr_pcf;
> unsigned long conf_dump_storage_state_len;
> unsigned long conf_dump_finalize_len;
> + unsigned long supp_att_req_hdr_ver;
> + unsigned long supp_att_pflags;
> };
>
> extern struct uv_info uv_info;
> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
> index 84fe33b6af4d..c13d5a7b71f0 100644
> --- a/arch/s390/kernel/uv.c
> +++ b/arch/s390/kernel/uv.c
> @@ -479,6 +479,24 @@ static ssize_t uv_query_max_guest_addr(struct kobject *kobj,
> static struct kobj_attribute uv_query_max_guest_addr_attr =
> __ATTR(max_address, 0444, uv_query_max_guest_addr, NULL);
>
> +static ssize_t uv_query_supp_att_req_hdr_ver(struct kobject *kobj,
> + struct kobj_attribute *attr, char *page)
> +{
> + return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_req_hdr_ver);
> +}
> +
> +static struct kobj_attribute uv_query_supp_att_req_hdr_ver_attr =
> + __ATTR(supp_att_req_hdr_ver, 0444, uv_query_supp_att_req_hdr_ver, NULL);
> +
> +static ssize_t uv_query_supp_att_pflags(struct kobject *kobj,
> + struct kobj_attribute *attr, char *page)
> +{
> + return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_pflags);
> +}
> +
> +static struct kobj_attribute uv_query_supp_att_pflags_attr =
> + __ATTR(supp_att_pflags, 0444, uv_query_supp_att_pflags, NULL);
> +
> static struct attribute *uv_query_attrs[] = {
> &uv_query_facilities_attr.attr,
> &uv_query_feature_indications_attr.attr,
> @@ -490,6 +508,8 @@ static struct attribute *uv_query_attrs[] = {
> &uv_query_dump_storage_state_len_attr.attr,
> &uv_query_dump_finalize_len_attr.attr,
> &uv_query_dump_cpu_len_attr.attr,
> + &uv_query_supp_att_req_hdr_ver_attr.attr,
> + &uv_query_supp_att_pflags_attr.attr,
> NULL,
> };
>
By design the uv-device does not check whether an incoming attestation
measurement request only specifies valid plain text flags or has the
right request version, as these values are verified by the Ultravisor
anyway. However, the userspace program that generates these requests
might want to know which flags/versions are supported in order to
create requests without trial and error. Therefore, expose the
supported plain text flags and versions to userspace via sysfs.
Signed-off-by: Steffen Eiden <[email protected]>
Reviewed-by: Janosch Frank <[email protected]
Reviewed-by: Claudio Imbrenda <[email protected]>
---
arch/s390/boot/uv.c | 2 ++
arch/s390/include/asm/uv.h | 7 ++++++-
arch/s390/kernel/uv.c | 20 ++++++++++++++++++++
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/arch/s390/boot/uv.c b/arch/s390/boot/uv.c
index 67c737c1e580..a5fa667160b2 100644
--- a/arch/s390/boot/uv.c
+++ b/arch/s390/boot/uv.c
@@ -45,6 +45,8 @@ void uv_query_info(void)
uv_info.supp_se_hdr_pcf = uvcb.supp_se_hdr_pcf;
uv_info.conf_dump_storage_state_len = uvcb.conf_dump_storage_state_len;
uv_info.conf_dump_finalize_len = uvcb.conf_dump_finalize_len;
+ uv_info.supp_att_req_hdr_ver = uvcb.supp_att_req_hdr_ver;
+ uv_info.supp_att_pflags = uvcb.supp_att_pflags;
}
#ifdef CONFIG_PROTECTED_VIRTUALIZATION_GUEST
diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
index 3e597bb634bd..18fe04c8547e 100644
--- a/arch/s390/include/asm/uv.h
+++ b/arch/s390/include/asm/uv.h
@@ -124,7 +124,10 @@ struct uv_cb_qui {
u64 reservedc0; /* 0x00c0 */
u64 conf_dump_storage_state_len; /* 0x00c8 */
u64 conf_dump_finalize_len; /* 0x00d0 */
- u8 reservedd8[256 - 216]; /* 0x00d8 */
+ u64 reservedd8; /* 0x00d8 */
+ u64 supp_att_req_hdr_ver; /* 0x00e0 */
+ u64 supp_att_pflags; /* 0x00e8 */
+ u8 reservedf0[256 - 240]; /* 0x00f0 */
} __packed __aligned(8);
/* Initialize Ultravisor */
@@ -350,6 +353,8 @@ struct uv_info {
unsigned long supp_se_hdr_pcf;
unsigned long conf_dump_storage_state_len;
unsigned long conf_dump_finalize_len;
+ unsigned long supp_att_req_hdr_ver;
+ unsigned long supp_att_pflags;
};
extern struct uv_info uv_info;
diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
index 84fe33b6af4d..c13d5a7b71f0 100644
--- a/arch/s390/kernel/uv.c
+++ b/arch/s390/kernel/uv.c
@@ -479,6 +479,24 @@ static ssize_t uv_query_max_guest_addr(struct kobject *kobj,
static struct kobj_attribute uv_query_max_guest_addr_attr =
__ATTR(max_address, 0444, uv_query_max_guest_addr, NULL);
+static ssize_t uv_query_supp_att_req_hdr_ver(struct kobject *kobj,
+ struct kobj_attribute *attr, char *page)
+{
+ return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_req_hdr_ver);
+}
+
+static struct kobj_attribute uv_query_supp_att_req_hdr_ver_attr =
+ __ATTR(supp_att_req_hdr_ver, 0444, uv_query_supp_att_req_hdr_ver, NULL);
+
+static ssize_t uv_query_supp_att_pflags(struct kobject *kobj,
+ struct kobj_attribute *attr, char *page)
+{
+ return scnprintf(page, PAGE_SIZE, "%lx\n", uv_info.supp_att_pflags);
+}
+
+static struct kobj_attribute uv_query_supp_att_pflags_attr =
+ __ATTR(supp_att_pflags, 0444, uv_query_supp_att_pflags, NULL);
+
static struct attribute *uv_query_attrs[] = {
&uv_query_facilities_attr.attr,
&uv_query_feature_indications_attr.attr,
@@ -490,6 +508,8 @@ static struct attribute *uv_query_attrs[] = {
&uv_query_dump_storage_state_len_attr.attr,
&uv_query_dump_finalize_len_attr.attr,
&uv_query_dump_cpu_len_attr.attr,
+ &uv_query_supp_att_req_hdr_ver_attr.attr,
+ &uv_query_supp_att_pflags_attr.attr,
NULL,
};
--
2.30.2
On 6/1/22 12:02, Steffen Eiden wrote:
> By design the uv-device does not check whether an incoming attestation
> measurement request only specifies valid plain text flags or has the
> right request version, as these values are verified by the Ultravisor
> anyway. However, the userspace program that generates these requests
> might want to know which flags/versions are supported in order to
> create requests without trial and error. Therefore, expose the
> supported plain text flags and versions to userspace via sysfs.
>
> Signed-off-by: Steffen Eiden <[email protected]>
> Reviewed-by: Janosch Frank <[email protected]
> Reviewed-by: Claudio Imbrenda <[email protected]>
Thanks, queued