Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp264427rwb; Wed, 18 Jan 2023 17:24:15 -0800 (PST) X-Google-Smtp-Source: AMrXdXuQUUIc8siwMB2tux2liK7h2gvLKcxxwh0Vnu2sAaPEtdvL3Up9n+IA7tGmn5Ys4ZhsBgae X-Received: by 2002:a05:6a20:8e18:b0:ad:97cc:e957 with SMTP id y24-20020a056a208e1800b000ad97cce957mr42737468pzj.39.1674091455280; Wed, 18 Jan 2023 17:24:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674091455; cv=none; d=google.com; s=arc-20160816; b=kObOg2eZAYBBHfi+cHLj9KOK37pymMJZkZhR7bO7u7EbJBPQ9JXRvZYC2EfacUe+6V zs2u7H7CyQYcDnOwLID5cFb9okGXHw/UKaDBTStFga52nbqc6P580HHtXLjl3/qahlGi PGFm2G2ctYMVD31aOTQzcftZBbXO/ZZsOxg6w1LuaC/aKnP2NH2uBZXR6Vh/Iy8stSfC i2/0y524OWli5xD1LVUEHQ/KvL+4/UOSAvEOWfsDcLuJ8GM1+kexx5vXYZPnwRVgLszt d45rRUkFHah0AMvFLjqWI1mpdpFTaQlMFg9CA2maHbsmqxndJ6Pqb6+14ApFik4gVTd2 4QFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:references:to:from:subject:cc :message-id:date:content-transfer-encoding:mime-version :dkim-signature; bh=trQ8wPDdZRnOhR09mO+bG/KeF7fjbj/nqEQErtarT5c=; b=wvvJQGgtM9VuaidV9cePd1qsguxTdmEWIrjPprXFyL+bilAtkoKdjSVUSGrfVC6h2L M4un+kGRaI1PwI+XXrdL0FqPt1CtQuXFDyji9URE3bpaCdS8gbmGah8kLBmmwANsRt9G WnU6NF4RFb+DfsZQZk+p/5Q2Z0Y0fYlQXdxFv/8l3MEI22I2Xm0DiX7zCuEt1JWAPEfe 2Vh0NhUZkgJWGuo/hkIsACMeKbrVVShl/dQeDCzAu8iFroR2iGcz8CM6iH81IvuDG9hF WkcTeFrUUvJY6EFej6jZJRp5U3/7A8ybKTWwJ2UPIFGi6+H6HjdavONQrTtVhicVteWo fyWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iedPpwf5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 82-20020a630255000000b004780e2b6fc6si38607145pgc.626.2023.01.18.17.24.08; Wed, 18 Jan 2023 17:24:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iedPpwf5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229546AbjASBNT (ORCPT + 46 others); Wed, 18 Jan 2023 20:13:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229916AbjASBNJ (ORCPT ); Wed, 18 Jan 2023 20:13:09 -0500 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD5856843B; Wed, 18 Jan 2023 17:13:07 -0800 (PST) Received: by mail-pl1-x634.google.com with SMTP id v23so879843plo.1; Wed, 18 Jan 2023 17:13:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=trQ8wPDdZRnOhR09mO+bG/KeF7fjbj/nqEQErtarT5c=; b=iedPpwf5nA+2keWvD77tT1QHT2acngdr0fxuAbMcmef4fExDwXZU8yzdvJCxhpT2ym mq2SWTKZN8VkEL1mCgymWRb/aODT6vdXJ2OhQNWKI1eQMQeVnu3gz0WFxHYMFwydsOjx 2/W05BJEfDQjIy3JZXoaQCcJhjrfYpJmuh5iFYvhHXr3Z6jgbchYnFCzBsxcCdNTZdeF uB7Dnjl5+7QtYFW8tfqC74mpu8BS5VZCJNZ7LytWzt3Rim3m0WZ1iAd21BhwhZQX3KDt ouzBsmDpWRIvzUVq3beb+KIenmmnAf6jNHWJNN+pMiHLw6aKFM2vJbFS5VRKj2iaFoNL WXSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=trQ8wPDdZRnOhR09mO+bG/KeF7fjbj/nqEQErtarT5c=; b=gdmXwXWstN0t63Q9Mz7k3kO+ki3oBLAirw9GF86uQwdEU+nyR6LcYDyuJxJCtp+w29 t4CYQmV/I4YA8WLzH9zLwKPip6BeQ2q0S6ViBaPUbX3wOhzFAUNfe9HCUIIzAW6Mw+Je izqc2VQE0Vgc18GeSFkE9qH4zD9ULdmYDuDiv0dYScQLXw3G+F2qBw7sxGCxcr9QKhgH BwHX+/dSUB07W7HVQdOMmF/3kf0O62W7Odmf4fP0FFyOtVrR7vHMDSTBR5As8fQfun2+ N41WPDW0fupp0z2I4Gk6Inv67j9YQU3hDBb4ycZCEieuVHHLtTuR9LF6/CC3K1nkULuC Il7g== X-Gm-Message-State: AFqh2kpRwaz82eh9X5mpHyD8qvQ25rBKJ3c508Vkjk2pUFoObx/ooY0+ 9kGwjtmEHU6XoFF5mWCwexM= X-Received: by 2002:a17:902:a9c5:b0:194:60c3:482f with SMTP id b5-20020a170902a9c500b0019460c3482fmr23642700plr.26.1674090787240; Wed, 18 Jan 2023 17:13:07 -0800 (PST) Received: from localhost (193-116-102-45.tpgi.com.au. [193.116.102.45]) by smtp.gmail.com with ESMTPSA id y8-20020a17090322c800b00186f0f59c85sm2511649plg.235.2023.01.18.17.13.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 18 Jan 2023 17:13:06 -0800 (PST) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 19 Jan 2023 11:12:57 +1000 Message-Id: Cc: , , , , , , , , Subject: Re: [PATCH v3 16/24] powerpc/pseries: Implement signed update for PLPKS objects From: "Nicholas Piggin" To: "Andrew Donnellan" , , X-Mailer: aerc 0.13.0 References: <20230118061049.1006141-1-ajd@linux.ibm.com> <20230118061049.1006141-17-ajd@linux.ibm.com> In-Reply-To: <20230118061049.1006141-17-ajd@linux.ibm.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed Jan 18, 2023 at 4:10 PM AEST, Andrew Donnellan wrote: > From: Nayna Jain > > The Platform Keystore provides a signed update interface which can be use= d > to create, replace or append to certain variables in the PKS in a secure > fashion, with the hypervisor requiring that the update be signed using th= e > Platform Key. > > Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks > driver to allow signed updates to PKS objects. > > (The plpks driver doesn't need to do any cryptography or otherwise handle > the actual signed variable contents - that will be handled by userspace > tooling.) > > Signed-off-by: Nayna Jain > [ajd: split patch, add timeout handling and misc cleanups] > Co-developed-by: Andrew Donnellan > Signed-off-by: Andrew Donnellan > Signed-off-by: Russell Currey > > --- > > v3: Merge plpks fixes and signed update series with secvar series > > Fix error code handling in plpks_confirm_object_flushed() (ruscur) > > Pass plpks_var struct to plpks_signed_update_var() by reference (mpe) > > Consistent constant naming scheme (ruscur) > --- > arch/powerpc/include/asm/hvcall.h | 3 +- > arch/powerpc/include/asm/plpks.h | 5 ++ > arch/powerpc/platforms/pseries/plpks.c | 71 ++++++++++++++++++++++++-- > 3 files changed, 73 insertions(+), 6 deletions(-) > > diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm= /hvcall.h > index 95fd7f9485d5..33b26c0cb69b 100644 > --- a/arch/powerpc/include/asm/hvcall.h > +++ b/arch/powerpc/include/asm/hvcall.h > @@ -336,7 +336,8 @@ > #define H_SCM_FLUSH 0x44C > #define H_GET_ENERGY_SCALE_INFO 0x450 > #define H_WATCHDOG 0x45C > -#define MAX_HCALL_OPCODE H_WATCHDOG > +#define H_PKS_SIGNED_UPDATE 0x454 > +#define MAX_HCALL_OPCODE H_PKS_SIGNED_UPDATE ^ Bad rebase. Thanks, Nick