From patchwork Wed Dec 4 00:03:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1203921 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47SJxb3m3Bz9sP3 for ; Wed, 4 Dec 2019 11:04:35 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47SJxb1WcCzDqM3 for ; Wed, 4 Dec 2019 11:04:35 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47SJwy2pZpzDqLc for ; Wed, 4 Dec 2019 11:04:01 +1100 (AEDT) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB3NWE4s068402 for ; Tue, 3 Dec 2019 19:03:58 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2wntc7fkws-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 03 Dec 2019 19:03:58 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 4 Dec 2019 00:03:56 -0000 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 4 Dec 2019 00:03:54 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xB403qtL44368246 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 4 Dec 2019 00:03:52 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 70E4D4203F; Wed, 4 Dec 2019 00:03:52 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8C43242041; Wed, 4 Dec 2019 00:03:51 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.225.147]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 4 Dec 2019 00:03:51 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 3 Dec 2019 18:03:47 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191204000349.28397-1-erichte@linux.ibm.com> References: <20191204000349.28397-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19120400-0008-0000-0000-0000033CA260 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19120400-0009-0000-0000-00004A5BBF85 Message-Id: <20191204000349.28397-2-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-12-03_07:2019-12-02, 2019-12-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 mlxscore=0 adultscore=0 clxscore=1015 priorityscore=1501 suspectscore=1 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912030171 Subject: [Skiboot] [PATCH 1/3] secvar_devtree: add generic compatible, and new format device tree property X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds a generic compatible entry to the secvar/compatible device tree property for kernels, etc to match for basic secvar information (e.g. the linux secvar-sysfs implementation). The new "format" property exposes the expected format for data passing in and out of the secvar API. In most cases, this should be the same as the backend-specific compatible entry. Signed-off-by: Eric Richter --- doc/device-tree/ibm,opal/secvar/binding.rst | 21 ++++++++++++++++++++- libstb/secvar/secvar_devtree.c | 3 ++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/doc/device-tree/ibm,opal/secvar/binding.rst b/doc/device-tree/ibm,opal/secvar/binding.rst index bc86fb2b..0956e49c 100644 --- a/doc/device-tree/ibm,opal/secvar/binding.rst +++ b/doc/device-tree/ibm,opal/secvar/binding.rst @@ -42,6 +42,25 @@ Properties: all further images to require signature validations. See the "On Enforcing Secure Mode" section below. + This property also contains a generic "ibm,secvar-backend" compatible, + which defines the basic-level compatibility of the secvar implementation. + This includes the basic behavior of the API (excluding the data format), + and the expected device tree properties contained in this node. + +- format + + Usage: + required + Value type: + string + + This property defines the format of data passed in and out of the secvar + API. In most cases, this should be the same string as the backend-specific + string in compatible. + + The format defined by this string should be documented by the corresponding + backend. + - status Usage: @@ -119,7 +138,7 @@ Example .. code-block:: dts /ibm,opal/secvar { - compatible = "ibm,edk2-compat-v1"; + compatible = "ibm,secvar-backend" "ibm,edk2-compat-v1"; status = "okay"; max-var-size = <0x1000>; diff --git a/libstb/secvar/secvar_devtree.c b/libstb/secvar/secvar_devtree.c index 5489db76..4bff1392 100644 --- a/libstb/secvar/secvar_devtree.c +++ b/libstb/secvar/secvar_devtree.c @@ -37,7 +37,8 @@ void secvar_init_devnode(const char *compatible) secvar_node = dt_new(sb_root, "secvar"); - dt_add_property_string(secvar_node, "compatible", compatible); + dt_add_property_strings(secvar_node, "compatible", "ibm,secvar-backend", compatible); + dt_add_property_string(secvar_node, "format", compatible); dt_add_property_u64(secvar_node, "max-var-size", secvar_storage.max_var_size); dt_add_property_u64(secvar_node, "max-var-key-len", SECVAR_MAX_KEY_LEN); } From patchwork Wed Dec 4 00:03:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1203922 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47SJy33Y9cz9sP3 for ; Wed, 4 Dec 2019 11:04:59 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47SJy31nSKzDqLx for ; Wed, 4 Dec 2019 11:04:59 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47SJwy2pDFzDqLb for ; Wed, 4 Dec 2019 11:04:01 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB3NWH5s090104 for ; Tue, 3 Dec 2019 19:03:58 -0500 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2wnsqub02n-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 03 Dec 2019 19:03:58 -0500 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 4 Dec 2019 00:03:56 -0000 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 4 Dec 2019 00:03:55 -0000 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xB403DuW38207876 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 4 Dec 2019 00:03:13 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E34C42042; Wed, 4 Dec 2019 00:03:53 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BB7B34203F; Wed, 4 Dec 2019 00:03:52 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.225.147]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 4 Dec 2019 00:03:52 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 3 Dec 2019 18:03:48 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191204000349.28397-1-erichte@linux.ibm.com> References: <20191204000349.28397-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19120400-0020-0000-0000-000003935D46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19120400-0021-0000-0000-000021EA81C3 Message-Id: <20191204000349.28397-3-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-12-03_07:2019-12-02, 2019-12-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 priorityscore=1501 phishscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 mlxlogscore=508 suspectscore=1 bulkscore=0 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912030171 Subject: [Skiboot] [PATCH 2/3] secvar_api: check that enqueue_update writes successfully before returning success X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The return code to the storage driver's write function was previously being ignored, so failures to write were not propogated to the API consumer. This patch fixes secvar_enqueue_update() to properly return the expected OPAL_HARDWARE return code if the storage driver's write function returns an error. Signed-off-by: Eric Richter --- libstb/secvar/secvar_api.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libstb/secvar/secvar_api.c b/libstb/secvar/secvar_api.c index 2dd2638b..349e8bef 100644 --- a/libstb/secvar/secvar_api.c +++ b/libstb/secvar/secvar_api.c @@ -151,8 +151,9 @@ static int64_t opal_secvar_enqueue_update(const char *key, uint64_t key_len, voi list_add_tail(&update_bank, &node->link); out: - secvar_storage.write_bank(&update_bank, SECVAR_UPDATE_BANK); - - return OPAL_SUCCESS; + if (secvar_storage.write_bank(&update_bank, SECVAR_UPDATE_BANK)) + return OPAL_HARDWARE; + else + return OPAL_SUCCESS; } opal_call(OPAL_SECVAR_ENQUEUE_UPDATE, opal_secvar_enqueue_update, 4); From patchwork Wed Dec 4 00:03:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1203923 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47SJyQ1F7Cz9sP3 for ; Wed, 4 Dec 2019 11:05:18 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47SJyQ04N6zDqM7 for ; Wed, 4 Dec 2019 11:05:18 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47SJwy6104zDqLY for ; Wed, 4 Dec 2019 11:04:02 +1100 (AEDT) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB3NWEZJ012821 for ; Tue, 3 Dec 2019 19:04:00 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2wnqn4t76m-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 03 Dec 2019 19:04:00 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 4 Dec 2019 00:03:58 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 4 Dec 2019 00:03:56 -0000 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xB403sjs61407248 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 4 Dec 2019 00:03:54 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CC5B142041; Wed, 4 Dec 2019 00:03:54 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EA3C74203F; Wed, 4 Dec 2019 00:03:53 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.225.147]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 4 Dec 2019 00:03:53 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 3 Dec 2019 18:03:49 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191204000349.28397-1-erichte@linux.ibm.com> References: <20191204000349.28397-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19120400-0028-0000-0000-000003C45F63 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19120400-0029-0000-0000-000024877B5C Message-Id: <20191204000349.28397-4-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-12-03_07:2019-12-02, 2019-12-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 clxscore=1015 impostorscore=0 mlxscore=0 malwarescore=0 mlxlogscore=812 priorityscore=1501 suspectscore=1 adultscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912030171 Subject: [Skiboot] [PATCH 3/3] secvar_main: increase verbosity of the main entrypoint X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch simply adds unconditional log entries at the beginning and end of secvar initialization, to clarify whether secvar support is enabled and functional. Signed-off-by: Eric Richter --- libstb/secvar/secvar_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libstb/secvar/secvar_main.c b/libstb/secvar/secvar_main.c index fc5527ab..692ac8c2 100644 --- a/libstb/secvar/secvar_main.c +++ b/libstb/secvar/secvar_main.c @@ -27,6 +27,8 @@ int secvar_main(struct secvar_storage_driver storage_driver, { int rc = OPAL_UNSUPPORTED; + prlog(PR_INFO, "Secure variables are supported, initializing secvar\n"); + secvar_storage = storage_driver; secvar_backend = backend_driver; @@ -78,10 +80,12 @@ int secvar_main(struct secvar_storage_driver storage_driver, if (rc) goto out; + prlog(PR_INFO, "secvar initialized successfully\n"); + return OPAL_SUCCESS; fail: secvar_set_status("fail"); out: - printf("Secure Variables Status %04x\n", rc); + printf("secvar failed to initialize, rc = %04x\n", rc); return rc; }