1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * PowerNV code for secure variables
4
 *
5
 * Copyright (C) 2019 IBM Corporation
6
 * Author: Claudio Carvalho
7
 *         Nayna Jain
8
 *
9
 * APIs to access secure variables managed by OPAL.
10
 */
11

12
#define pr_fmt(fmt) "secvar: "fmt
13

14
#include <linux/types.h>
15
#include <linux/of.h>
16
#include <linux/platform_device.h>
17
#include <asm/opal.h>
18
#include <asm/secvar.h>
19
#include <asm/secure_boot.h>
20

21
static int opal_status_to_err(int rc)
22
{
23
	int err;
24

25
	switch (rc) {
26
	case OPAL_SUCCESS:
27
		err = 0;
28
		break;
29
	case OPAL_UNSUPPORTED:
30
		err = -ENXIO;
31
		break;
32
	case OPAL_PARAMETER:
33
		err = -EINVAL;
34
		break;
35
	case OPAL_RESOURCE:
36
		err = -ENOSPC;
37
		break;
38
	case OPAL_HARDWARE:
39
		err = -EIO;
40
		break;
41
	case OPAL_NO_MEM:
42
		err = -ENOMEM;
43
		break;
44
	case OPAL_EMPTY:
45
		err = -ENOENT;
46
		break;
47
	case OPAL_PARTIAL:
48
		err = -EFBIG;
49
		break;
50
	default:
51
		err = -EINVAL;
52
	}
53

54
	return err;
55
}
56

57
static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize)
58
{
59
	int rc;
60

61
	if (!key || !dsize)
62
		return -EINVAL;
63

64
	*dsize = cpu_to_be64(*dsize);
65

66
	rc = opal_secvar_get(key, ksize, data, dsize);
67

68
	*dsize = be64_to_cpu(*dsize);
69

70
	return opal_status_to_err(rc);
71
}
72

73
static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize)
74
{
75
	int rc;
76

77
	if (!key || !keylen)
78
		return -EINVAL;
79

80
	*keylen = cpu_to_be64(*keylen);
81

82
	rc = opal_secvar_get_next(key, keylen, keybufsize);
83

84
	*keylen = be64_to_cpu(*keylen);
85

86
	return opal_status_to_err(rc);
87
}
88

89
static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize)
90
{
91
	int rc;
92

93
	if (!key || !data)
94
		return -EINVAL;
95

96
	rc = opal_secvar_enqueue_update(key, ksize, data, dsize);
97

98
	return opal_status_to_err(rc);
99
}
100

101
static ssize_t opal_secvar_format(char *buf, size_t bufsize)
102
{
103
	ssize_t rc = 0;
104
	struct device_node *node;
105
	const char *format;
106

107
	node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend");
108
	if (!of_device_is_available(node)) {
109
		rc = -ENODEV;
110
		goto out;
111
	}
112

113
	rc = of_property_read_string(node, "format", &format);
114
	if (rc)
115
		goto out;
116

117
	rc = snprintf(buf, bufsize, "%s", format);
118

119
out:
120
	of_node_put(node);
121

122
	return rc;
123
}
124

125
static int opal_secvar_max_size(u64 *max_size)
126
{
127
	int rc;
128
	struct device_node *node;
129

130
	node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend");
131
	if (!node)
132
		return -ENODEV;
133

134
	if (!of_device_is_available(node)) {
135
		rc = -ENODEV;
136
		goto out;
137
	}
138

139
	rc = of_property_read_u64(node, "max-var-size", max_size);
140

141
out:
142
	of_node_put(node);
143
	return rc;
144
}
145

146
static const struct secvar_operations opal_secvar_ops = {
147
	.get = opal_get_variable,
148
	.get_next = opal_get_next_variable,
149
	.set = opal_set_variable,
150
	.format = opal_secvar_format,
151
	.max_size = opal_secvar_max_size,
152
};
153

154
static int opal_secvar_probe(struct platform_device *pdev)
155
{
156
	if (!opal_check_token(OPAL_SECVAR_GET)
157
			|| !opal_check_token(OPAL_SECVAR_GET_NEXT)
158
			|| !opal_check_token(OPAL_SECVAR_ENQUEUE_UPDATE)) {
159
		pr_err("OPAL doesn't support secure variables\n");
160
		return -ENODEV;
161
	}
162

163
	return set_secvar_ops(&opal_secvar_ops);
164
}
165

166
static const struct of_device_id opal_secvar_match[] = {
167
	{ .compatible = "ibm,secvar-backend",},
168
	{},
169
};
170

171
static struct platform_driver opal_secvar_driver = {
172
	.driver = {
173
		.name = "secvar",
174
		.of_match_table = opal_secvar_match,
175
	},
176
};
177

178
static int __init opal_secvar_init(void)
179
{
180
	return platform_driver_probe(&opal_secvar_driver, opal_secvar_probe);
181
}
182
device_initcall(opal_secvar_init);
183

184