1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright (C) 2022 IBM Corporation 4 * Author: Nayna Jain <nayna@linux.ibm.com> 5 * 6 * Platform keystore for pseries LPAR(PLPKS). 7 */ 8 9 #ifndef _ASM_POWERPC_PLPKS_H 10 #define _ASM_POWERPC_PLPKS_H 11 12 #ifdef CONFIG_PSERIES_PLPKS 13 14 #include <linux/types.h> 15 #include <linux/list.h> 16 #include <linux/kobject.h> 17 18 // Object policy flags from supported_policies 19 #define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce 20 #define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce 21 #define PLPKS_PWSET PPC_BIT32(3) // No access without password set 22 #define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication 23 #define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed 24 #define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot 25 #define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates 26 #define PLPKS_WRAPPINGKEY PPC_BIT32(8) // Object contains a wrapping key 27 #define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object 28 29 // Signature algorithm flags from signed_update_algorithms 30 #define PLPKS_ALG_RSA2048 PPC_BIT(0) 31 #define PLPKS_ALG_RSA4096 PPC_BIT(1) 32 33 // Object label OS metadata flags 34 #define PLPKS_VAR_LINUX 0x02 35 #define PLPKS_VAR_COMMON 0x04 36 37 // Flags for which consumer owns an object is owned by 38 #define PLPKS_FW_OWNER 0x1 39 #define PLPKS_BOOTLOADER_OWNER 0x2 40 #define PLPKS_OS_OWNER 0x3 41 42 // Flags for label metadata fields 43 #define PLPKS_LABEL_VERSION 0 44 #define PLPKS_MAX_LABEL_ATTR_SIZE 16 45 #define PLPKS_MAX_NAME_SIZE 239 46 #define PLPKS_MAX_DATA_SIZE 4000 47 48 // Timeouts for PLPKS operations 49 #define PLPKS_MAX_TIMEOUT (5 * USEC_PER_SEC) 50 #define PLPKS_FLUSH_SLEEP 10000 // usec 51 52 struct plpks_var { 53 char *component; 54 u8 *name; 55 u8 *data; 56 u32 policy; 57 u16 namelen; 58 u16 datalen; 59 u8 os; 60 }; 61 62 struct plpks_var_name { 63 u8 *name; 64 u16 namelen; 65 }; 66 67 struct plpks_var_name_list { 68 u32 varcount; 69 struct plpks_var_name varlist[]; 70 }; 71 72 int plpks_signed_update_var(struct plpks_var *var, u64 flags); 73 74 int plpks_write_var(struct plpks_var var); 75 76 int plpks_remove_var(char *component, u8 varos, 77 struct plpks_var_name vname); 78 79 int plpks_read_os_var(struct plpks_var *var); 80 81 int plpks_read_fw_var(struct plpks_var *var); 82 83 int plpks_read_bootloader_var(struct plpks_var *var); 84 85 bool plpks_is_available(void); 86 87 u8 plpks_get_version(void); 88 89 u16 plpks_get_objoverhead(void); 90 91 u16 plpks_get_maxpwsize(void); 92 93 u16 plpks_get_maxobjectsize(void); 94 95 u16 plpks_get_maxobjectlabelsize(void); 96 97 u32 plpks_get_totalsize(void); 98 99 u32 plpks_get_usedspace(void); 100 101 u32 plpks_get_supportedpolicies(void); 102 103 u32 plpks_get_maxlargeobjectsize(void); 104 105 u64 plpks_get_signedupdatealgorithms(void); 106 107 u64 plpks_get_wrappingfeatures(void); 108 109 u16 plpks_get_passwordlen(void); 110 111 void plpks_early_init_devtree(void); 112 113 int plpks_populate_fdt(void *fdt); 114 115 int plpks_config_create_softlink(struct kobject *from); 116 117 bool plpks_wrapping_is_supported(void); 118 119 int plpks_gen_wrapping_key(void); 120 121 int plpks_wrap_object(u8 **input_buf, u32 input_len, u16 wrap_flags, 122 u8 **output_buf, u32 *output_len); 123 124 int plpks_unwrap_object(u8 **input_buf, u32 input_len, 125 u8 **output_buf, u32 *output_len); 126 #else // CONFIG_PSERIES_PLPKS 127 static inline bool plpks_is_available(void) { return false; } 128 static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); } 129 static inline void plpks_early_init_devtree(void) { } 130 static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); } 131 static inline int plpks_config_create_softlink(struct kobject *from) 132 { return 0; } 133 #endif // CONFIG_PSERIES_PLPKS 134 135 #endif // _ASM_POWERPC_PLPKS_H 136