File: plpks.h

package info (click to toggle)
linux 6.1.139-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 1,495,880 kB
  • sloc: ansic: 23,469,452; asm: 266,614; sh: 110,522; makefile: 49,887; python: 36,990; perl: 36,834; cpp: 6,056; yacc: 4,908; lex: 2,725; awk: 1,440; ruby: 25; sed: 5
file content (163 lines) | stat: -rw-r--r-- 4,062 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
/* SPDX-License-Identifier: GPL-2.0 */
/*
 * Copyright (C) 2022 IBM Corporation
 * Author: Nayna Jain <nayna@linux.ibm.com>
 *
 * Platform keystore for pseries LPAR(PLPKS).
 */

#ifndef _ASM_POWERPC_PLPKS_H
#define _ASM_POWERPC_PLPKS_H

#ifdef CONFIG_PSERIES_PLPKS

#include <linux/types.h>
#include <linux/list.h>

// Object policy flags from supported_policies
#define PLPKS_OSSECBOOTAUDIT	PPC_BIT32(1) // OS secure boot must be audit/enforce
#define PLPKS_OSSECBOOTENFORCE	PPC_BIT32(2) // OS secure boot must be enforce
#define PLPKS_PWSET		PPC_BIT32(3) // No access without password set
#define PLPKS_WORLDREADABLE	PPC_BIT32(4) // Readable without authentication
#define PLPKS_IMMUTABLE		PPC_BIT32(5) // Once written, object cannot be removed
#define PLPKS_TRANSIENT		PPC_BIT32(6) // Object does not persist through reboot
#define PLPKS_SIGNEDUPDATE	PPC_BIT32(7) // Object can only be modified by signed updates
#define PLPKS_HVPROVISIONED	PPC_BIT32(28) // Hypervisor has provisioned this object

// Signature algorithm flags from signed_update_algorithms
#define PLPKS_ALG_RSA2048	PPC_BIT(0)
#define PLPKS_ALG_RSA4096	PPC_BIT(1)

// Object label OS metadata flags
#define PLPKS_VAR_LINUX		0x02
#define PLPKS_VAR_COMMON	0x04

// Flags for which consumer owns an object is owned by
#define PLPKS_FW_OWNER			0x1
#define PLPKS_BOOTLOADER_OWNER		0x2
#define PLPKS_OS_OWNER			0x3

// Flags for label metadata fields
#define PLPKS_LABEL_VERSION		0
#define PLPKS_MAX_LABEL_ATTR_SIZE	16
#define PLPKS_MAX_NAME_SIZE		239
#define PLPKS_MAX_DATA_SIZE		4000

// Timeouts for PLPKS operations
#define PLPKS_MAX_TIMEOUT		(5 * USEC_PER_SEC)
#define PLPKS_FLUSH_SLEEP		10000 // usec

struct plpks_var {
	char *component;
	u8 *name;
	u8 *data;
	u32 policy;
	u16 namelen;
	u16 datalen;
	u8 os;
};

struct plpks_var_name {
	u8  *name;
	u16 namelen;
};

struct plpks_var_name_list {
	u32 varcount;
	struct plpks_var_name varlist[];
};

/**
 * Writes the specified var and its data to PKS.
 * Any caller of PKS driver should present a valid component type for
 * their variable.
 */
int plpks_write_var(struct plpks_var var);

/**
 * Removes the specified var and its data from PKS.
 */
int plpks_remove_var(char *component, u8 varos,
		     struct plpks_var_name vname);

/**
 * Returns the data for the specified os variable.
 */
int plpks_read_os_var(struct plpks_var *var);

/**
 * Returns the data for the specified firmware variable.
 */
int plpks_read_fw_var(struct plpks_var *var);

/**
 * Returns the data for the specified bootloader variable.
 */
int plpks_read_bootloader_var(struct plpks_var *var);

/**
 * Returns if PKS is available on this LPAR.
 */
bool plpks_is_available(void);

/**
 * Returns version of the Platform KeyStore.
 */
u8 plpks_get_version(void);

/**
 * Returns hypervisor storage overhead per object, not including the size of
 * the object or label. Only valid for config version >= 2
 */
u16 plpks_get_objoverhead(void);

/**
 * Returns maximum password size. Must be >= 32 bytes
 */
u16 plpks_get_maxpwsize(void);

/**
 * Returns maximum object size supported by Platform KeyStore.
 */
u16 plpks_get_maxobjectsize(void);

/**
 * Returns maximum object label size supported by Platform KeyStore.
 */
u16 plpks_get_maxobjectlabelsize(void);

/**
 * Returns total size of the configured Platform KeyStore.
 */
u32 plpks_get_totalsize(void);

/**
 * Returns used space from the total size of the Platform KeyStore.
 */
u32 plpks_get_usedspace(void);

/**
 * Returns bitmask of policies supported by the hypervisor.
 */
u32 plpks_get_supportedpolicies(void);

/**
 * Returns maximum byte size of a single object supported by the hypervisor.
 * Only valid for config version >= 3
 */
u32 plpks_get_maxlargeobjectsize(void);

/**
 * Returns bitmask of signature algorithms supported for signed updates.
 * Only valid for config version >= 3
 */
u64 plpks_get_signedupdatealgorithms(void);

/**
 * Returns the length of the PLPKS password in bytes.
 */
u16 plpks_get_passwordlen(void);

#endif // CONFIG_PSERIES_PLPKS

#endif // _ASM_POWERPC_PLPKS_H