From patchwork Wed Oct 30 22:48:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1187037 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 473Ntt5QYfz9sPj for ; Thu, 31 Oct 2019 09:49:42 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 473Ntt3SlHzF4mV for ; Thu, 31 Oct 2019 09:49:42 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 473Nsx0PYDzF4lg for ; Thu, 31 Oct 2019 09:48:52 +1100 (AEDT) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9UMl5eH098223 for ; Wed, 30 Oct 2019 18:48:47 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2vyggjwvew-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 30 Oct 2019 18:48:47 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 30 Oct 2019 22:48:45 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 30 Oct 2019 22:48:43 -0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x9UMmfxi54657084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2019 22:48:41 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8B1C45204E; Wed, 30 Oct 2019 22:48:41 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.237.177]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id CE8AC5204F; Wed, 30 Oct 2019 22:48:40 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 30 Oct 2019 17:48:35 -0500 X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19103022-0028-0000-0000-000003B14255 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19103022-0029-0000-0000-000024738949 Message-Id: <20191030224839.28057-1-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-30_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910300203 Subject: [Skiboot] [PATCH v5 0/4] Add Secure Variable Support X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This version of the set is focused on revising the device tree nodes and properties to be exposed for secure variables. The set has been trimmed to only contain the core code needed for base secure variable support, and the storage/backend drivers have been removed for sake of brevity. Changes in V5: - rewrote the device tree bindings document - removed storage child of secvar node - adjusted the code to use new device tree layout - removed unused, or old code that is no longer needed Eric Richter (4): doc: add opal secure variable documentation libstb/secvar: add secure variable internal abstraction libstb/secvar: add secvar api implementation secvar/test: add rudimentary secvar API unit testing ccan/list/list.h | 38 ++++ core/init.c | 4 + doc/device-tree/ibm,opal/secvar/binding.rst | 205 ++++++++++++++++++++ doc/opal-api/opal-secvar.rst | 192 ++++++++++++++++++ include/opal-api.h | 5 +- include/platform.h | 2 + include/secvar.h | 29 +++ libstb/Makefile.inc | 3 +- libstb/secvar/Makefile.inc | 15 ++ libstb/secvar/backend/Makefile.inc | 11 ++ libstb/secvar/secvar.h | 55 ++++++ libstb/secvar/secvar_api.c | 158 +++++++++++++++ libstb/secvar/secvar_devtree.c | 67 +++++++ libstb/secvar/secvar_devtree.h | 10 + libstb/secvar/secvar_main.c | 87 +++++++++ libstb/secvar/secvar_util.c | 105 ++++++++++ libstb/secvar/storage/Makefile.inc | 11 ++ libstb/secvar/test/Makefile.check | 46 +++++ libstb/secvar/test/secvar-test-enqueue.c | 160 +++++++++++++++ libstb/secvar/test/secvar-test-getvar.c | 112 +++++++++++ libstb/secvar/test/secvar-test-nextvar.c | 132 +++++++++++++ libstb/secvar/test/secvar-test-void.c | 24 +++ libstb/secvar/test/secvar_api_test.c | 92 +++++++++ libstb/secvar/test/secvar_common_test.c | 64 ++++++ 24 files changed, 1625 insertions(+), 2 deletions(-) create mode 100644 doc/device-tree/ibm,opal/secvar/binding.rst create mode 100644 doc/opal-api/opal-secvar.rst create mode 100644 include/secvar.h create mode 100644 libstb/secvar/Makefile.inc create mode 100644 libstb/secvar/backend/Makefile.inc create mode 100644 libstb/secvar/secvar.h create mode 100644 libstb/secvar/secvar_api.c create mode 100644 libstb/secvar/secvar_devtree.c create mode 100644 libstb/secvar/secvar_devtree.h create mode 100644 libstb/secvar/secvar_main.c create mode 100644 libstb/secvar/secvar_util.c create mode 100644 libstb/secvar/storage/Makefile.inc create mode 100644 libstb/secvar/test/Makefile.check create mode 100644 libstb/secvar/test/secvar-test-enqueue.c create mode 100644 libstb/secvar/test/secvar-test-getvar.c create mode 100644 libstb/secvar/test/secvar-test-nextvar.c create mode 100644 libstb/secvar/test/secvar-test-void.c create mode 100644 libstb/secvar/test/secvar_api_test.c create mode 100644 libstb/secvar/test/secvar_common_test.c