[RFC,v2,3/8] platform.h: add secure variable storage hooks

Message ID	20190411224551.29401-4-erichte@linux.ibm.com
State	RFC
Headers	show Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> Gateway: Authorized Use Only! Violators will be prosecuted for <skiboot@lists.ozlabs.org> from <erichte@linux.ibm.com>; Thu, 11 Apr 2019 23:46:04 +0100 Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 11 Apr 2019 23:46:01 +0100 From: Eric Richter <erichte@linux.ibm.com> To: skiboot@lists.ozlabs.org Date: Thu, 11 Apr 2019 17:45:46 -0500 In-Reply-To: <20190411224551.29401-1-erichte@linux.ibm.com> References: <20190411224551.29401-1-erichte@linux.ibm.com> MIME-Version: 1.0 Message-Id: <20190411224551.29401-4-erichte@linux.ibm.com> Subject: [Skiboot] [RFC v2 3/8] platform.h: add secure variable storage hooks Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	Initial Skiboot Secure Variable Support \| expand [RFC,v2,0/8] Initial Skiboot Secure Variable Support [RFC,v2,1/8] core/flash.c: add SECBOOT read and write support [RFC,v2,2/8] doc: add opal secvar documentation [RFC,v2,3/8] platform.h: add secure variable storage hooks [RFC,v2,4/8] libstb: add secure variable internal abstraction [RFC,v2,5/8] libstb: add opal runtime services for secure boot key management [RFC,v2,6/8] libstb: add secvar flash storage implementation for pnor-based p9 platforms [RFC,v2,7/8] platforms/witherspoon: enable secvar functions for the witherspoon platform [RFC,v2,8/8] secureboot: initialize secure variables on secureboot init

Message ID

20190411224551.29401-4-erichte@linux.ibm.com

State

RFC

Headers

From: Eric Richter <erichte@linux.ibm.com>
To: skiboot@lists.ozlabs.org
Date: Thu, 11 Apr 2019 17:45:46 -0500
In-Reply-To: <20190411224551.29401-1-erichte@linux.ibm.com>
References: <20190411224551.29401-1-erichte@linux.ibm.com>
MIME-Version: 1.0
Message-Id: <20190411224551.29401-4-erichte@linux.ibm.com>
Subject: [Skiboot] [RFC v2 3/8] platform.h: add secure variable storage hooks
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

Initial Skiboot Secure Variable Support | expand

Checks

Context	Check	Description
snowpatch_ozlabs/apply_patch	success	Successfully applied on branch master (ff79070d1c4cdc38f2ecb42e45b8322cb1efb819)
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot	success	Test snowpatch/job/snowpatch-skiboot on branch master
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco	success	Signed-off-by present

Context

Check

Description

snowpatch_ozlabs/apply_patch

success

Successfully applied on branch master (ff79070d1c4cdc38f2ecb42e45b8322cb1efb819)

snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot

success

Test snowpatch/job/snowpatch-skiboot on branch master

snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco

success

Signed-off-by present

Commit Message

Eric Richter April 11, 2019, 10:45 p.m. UTC

Different platforms may support a range of features that can be used for persistent
secure variable storage. This patch adds the following hooks to the platform struct,
to be implemented by platforms that support secure variables:

 - secvar_platform_init
 - secvar_load_bank
 - secvar_write_bank

secvar_platform_init performs any loading or initialization that the platform may
need to prepare the internal banks. This may include initialization or formatting
of a pnor section, TPM, etc.

secvar_load_bank loads a bank from the platform's storage into the in-memory cache.

secvar_write_bank takes an in-memory cache and writes it to the platform's storage.

A subsequent patch will provide an implementation that should be usable for most
p9 systems that use the SECBOOT pnor partition.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
---
 include/platform.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/platform.h b/include/platform.h
index 0cc9c234..c4aa92a0 100644
--- a/include/platform.h
+++ b/include/platform.h
@@ -185,6 +185,11 @@  struct platform {
 	int (*secboot_read)(void *dst, uint32_t src, uint32_t len);
 	int (*secboot_write)(uint32_t dst, void *src, uint32_t len);
 
+	// TODO: Document this
+	int (*secvar_platform_init)(void);
+	int (*secvar_load_bank)(struct list_head *bank, int section);
+	int (*secvar_write_bank)(struct list_head *bank, int section);
+
 	/*
 	 * OCC timeout. This return how long we should wait for the OCC
 	 * before timing out. This lets us use a high value on larger FSP

[RFC,v2,3/8] platform.h: add secure variable storage hooks

Checks

Commit Message

Patch