Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1423334pxb; Wed, 2 Feb 2022 04:49:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJzODFfHBL94ewq3vCoP3Fg43rdvaJG4W6UUY6lWvX7PDxheFN85/zgqUvmwJiD4Vn1vG++h X-Received: by 2002:a17:903:41c6:: with SMTP id u6mr24653516ple.6.1643806182664; Wed, 02 Feb 2022 04:49:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643806182; cv=none; d=google.com; s=arc-20160816; b=k/c03GHwoPYecaXfAnfBw/YOsPUPyJYvlsMbcBNhErhIN7W+iPON3ErzXrqLlawDzi ubhh4SxQjGpcF4SwLC10baRGhl9KiFzGsWs/sUl7iCG4p0S3xANvqP2jxAifPEVN4RGM ZNFXWOsLfOMPpMqxA5CeA2CYZja+HtfOVRwlJGQ/eBL3+0n//bCNkHHuzeKJpQva1dFp JXmKBIOgh3rftxcPnrmVATkYpcxdVNXqzj60OyD1R5qiBoV6hiyV6PQ+7wWFD802o+ar pQrQyWy9tKjVGNprHTkZjrKHm14yeq9N2uPQ5R19brrXBpSV/An+w2YuxeqHxfRStytT 4nog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qr6w+9Go4ffAfn2H/NvB8DQxAGDSCIRAxCSq97uPHxo=; b=dyCUvW4kMROWXp/YErASlyoPFFWq4zh0TgnB+29VvCZdVQ1IVl/pDYtFYhwNJlVbDs B2yr2b6kr4t6gO7JOm3lBwfV6VE+pxWj/BKj1ZwEmIPj0M7houIluwlQ01W8wgLTX/9i 04BaX/c+PCOjIIQz016EYNSAKEVn0PC3NZufu523gYPNyxqXf0fwi5anu6Yaa+/vzVjM sBTyRg7GvG9VWy/4pvusCJ9P4tfoeGy1jNI1PxM3b74Vwyu4g512HLVVquZ+zkuQ2udz ialrd9Otm64FBMgp3ubdfdtUElNYM9qZ0KTkEVfqETxHypxjCtHlTYC36P18a1eJ+3Vi JXEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IED3C+Bc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q192si19751527pgq.163.2022.02.02.04.49.30; Wed, 02 Feb 2022 04:49:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IED3C+Bc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238891AbiBANt7 (ORCPT + 99 others); Tue, 1 Feb 2022 08:49:59 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:42810 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230073AbiBANt6 (ORCPT ); Tue, 1 Feb 2022 08:49:58 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 583F561583 for ; Tue, 1 Feb 2022 13:49:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 306EDC340ED; Tue, 1 Feb 2022 13:49:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643723397; bh=/Hg8E9Pk4hej0EhFBXxNBNhhet6Vx2vqNwjmgDpTRT4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IED3C+BcZFpGUJ6n5jyXgyP7/J2rum9VuGPj0zhpf00AMfFEFgDm0qqNj6jNinT0i ACxR7aryfmVWeWnN2QwtkFUap/gzab7t1c/Elv0ElIe7+adv7yHEBQhwbCGAsIMFJk zJW0ih3DwBlb5Q20OSCQhW4UYvDUoUbi4obnqG+M= Date: Tue, 1 Feb 2022 14:49:54 +0100 From: Greg KH To: Daniel Axtens Cc: Nayna Jain , linuxppc-dev@lists.ozlabs.org, Michael Ellerman , George Wilson , Douglas Miller , gjoyce@ibm.com, linux-kernel@vger.kernel.org, mjg59@srcf.ucam.org Subject: Re: [RFC PATCH 0/2] powerpc/pseries: add support for local secure storage called Platform Keystore(PKS) Message-ID: References: <20220122005637.28199-1-nayna@linux.ibm.com> <87sftec74i.fsf@dja-thinkpad.axtens.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87sftec74i.fsf@dja-thinkpad.axtens.net> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 24, 2022 at 11:25:17AM +1100, Daniel Axtens wrote: > Hi Greg, > > > Ok, this is like the 3rd or 4th different platform-specific proposal for > > this type of functionality. I think we need to give up on > > platform-specific user/kernel apis on this (random sysfs/securityfs > > files scattered around the tree), and come up with a standard place for > > all of this. > > I agree that we do have a number of platforms exposing superficially > similar functionality. Indeed, back in 2019 I had a crack at a unified > approach: [1] [2]. > > Looking back at it now, I am not sure it ever would have worked because > the semantics of the underlying firmware stores are quite > different. Here are the ones I know about: > > - OpenPower/PowerNV Secure Variables: > > * Firmware semantics: > - flat variable space > - variables are fixed in firmware, can neither be created nor > destroyed > - variable names are ASCII > - no concept of policy/attributes > > * Current kernel interface semantics: > - names are case sensitive > - directory per variable > > > - (U)EFI variables: > > * Firmware semantics: > - flat variable space > - variables can be created/destroyed but the semantics are fiddly > [3] > - variable names are UTF-16 + UUID > - variables have 32-bit attributes > > * efivarfs interface semantics: > - file per variable > - attributes are the first 4 bytes of the file > - names are partially case-insensitive (UUID part) and partially > case-sensitive ('name' part) > > * sysfs interface semantics (as used by CONFIG_GOOGLE_SMI) > - directory per variable > - attributes are a separate sysfs file > - to create a variable you write a serialised structure to > `/sys/firmware/efi/vars/new_var`, to delete a var you write > to `.../del_var` > - names are case-sensitive including the UUID > > > - PowerVM Partition Key Store Variables: > > * Firmware semantics: > - _not_ a flat space, there are 3 domains ("consumers"): firmware, > bootloader and OS (not yet supported by the patch set) > - variables can be created and destroyed but the semantics are > fiddly and fiddly in different ways to UEFI [4] > - variable names are arbitrary byte strings: the hypervisor permits > names to contain nul and /. > - variables have 32-bit attributes ("policy") that don't align with > UEFI attributes > > * No stable kernel interface yet > > Even if we could come up with some stable kernel interface features > (e.g. decide if we want file per variable vs directory per variable), I > don't know how easy it would be to deal with the underlying semantic > differences - I think userspace would still need substantial > per-platform knowledge. > > Or have I misunderstood what you're asking for? (If you want them all to > live under /sys/firmware, these ones all already do...) I want them to be unified in some way, right now there are lots of proposals for the same type of thing, but in different places (sysfs, securityfs, somewhere else), and with different names. Please work together. thanks, greg k-h