1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * POWER LPAR Platform KeyStore(PLPKS)
4
 * Copyright (C) 2022 IBM Corporation
5
 * Author: Nayna Jain <[email protected]>
6
 *
7
 * Provides access to variables stored in Power LPAR Platform KeyStore(PLPKS).
8
 */
9

10
#define pr_fmt(fmt) "plpks: " fmt
11

12
#define PLPKS_WRAPKEY_COMPONENT	"PLPKSWR"
13
#define PLPKS_WRAPKEY_NAME	"default-wrapping-key"
14

15
/*
16
 * To 4K align the {input, output} buffers to the {UN}WRAP H_CALLs
17
 */
18
#define PLPKS_WRAPPING_BUF_ALIGN	4096
19

20
/*
21
 * To ensure the output buffer's length is at least 1024 bytes greater
22
 * than the input buffer's length during the WRAP H_CALL
23
 */
24
#define PLPKS_WRAPPING_BUF_DIFF	1024
25

26
#define PLPKS_WRAP_INTERFACE_BIT	3
27
#define PLPKS_WRAPPING_KEY_LENGTH	32
28

29
#define WRAPFLAG_BE_BIT_SET(be_bit) \
30
	BIT_ULL(63 - (be_bit))
31

32
#define WRAPFLAG_BE_GENMASK(be_bit_hi, be_bit_lo) \
33
	GENMASK_ULL(63 - (be_bit_hi), 63 - (be_bit_lo))
34

35
#define WRAPFLAG_BE_FIELD_PREP(be_bit_hi, be_bit_lo, val) \
36
	FIELD_PREP(WRAPFLAG_BE_GENMASK(be_bit_hi, be_bit_lo), (val))
37

38
#include <linux/delay.h>
39
#include <linux/errno.h>
40
#include <linux/io.h>
41
#include <linux/printk.h>
42
#include <linux/slab.h>
43
#include <linux/string.h>
44
#include <linux/types.h>
45
#include <linux/of_fdt.h>
46
#include <linux/libfdt.h>
47
#include <linux/memblock.h>
48
#include <linux/bitfield.h>
49
#include <asm/hvcall.h>
50
#include <asm/machdep.h>
51
#include <asm/plpks.h>
52
#include <asm/firmware.h>
53

54
static u8 *ospassword;
55
static u16 ospasswordlength;
56

57
// Retrieved with H_PKS_GET_CONFIG
58
static u8 version;
59
static u16 objoverhead;
60
static u16 maxpwsize;
61
static u16 maxobjsize;
62
static s16 maxobjlabelsize;
63
static u32 totalsize;
64
static u32 usedspace;
65
static u32 supportedpolicies;
66
static u32 maxlargeobjectsize;
67
static u64 signedupdatealgorithms;
68
static u64 wrappingfeatures;
69
static bool wrapsupport;
70

71
struct plpks_auth {
72
	u8 version;
73
	u8 consumer;
74
	__be64 rsvd0;
75
	__be32 rsvd1;
76
	__be16 passwordlength;
77
	u8 password[];
78
} __packed __aligned(16);
79

80
struct label_attr {
81
	u8 prefix[8];
82
	u8 version;
83
	u8 os;
84
	u8 length;
85
	u8 reserved[5];
86
};
87

88
struct label {
89
	struct label_attr attr;
90
	u8 name[PLPKS_MAX_NAME_SIZE];
91
	size_t size;
92
};
93

94
static int pseries_status_to_err(int rc)
95
{
96
	int err;
97

98
	switch (rc) {
99
	case H_SUCCESS:
100
		err = 0;
101
		break;
102
	case H_FUNCTION:
103
		err = -ENXIO;
104
		break;
105
	case H_PARAMETER:
106
	case H_P2:
107
	case H_P3:
108
	case H_P4:
109
	case H_P5:
110
	case H_P6:
111
		err = -EINVAL;
112
		break;
113
	case H_NOT_FOUND:
114
		err = -ENOENT;
115
		break;
116
	case H_BUSY:
117
	case H_LONG_BUSY_ORDER_1_MSEC:
118
	case H_LONG_BUSY_ORDER_10_MSEC:
119
	case H_LONG_BUSY_ORDER_100_MSEC:
120
	case H_LONG_BUSY_ORDER_1_SEC:
121
	case H_LONG_BUSY_ORDER_10_SEC:
122
	case H_LONG_BUSY_ORDER_100_SEC:
123
		err = -EBUSY;
124
		break;
125
	case H_AUTHORITY:
126
		err = -EPERM;
127
		break;
128
	case H_NO_MEM:
129
		err = -ENOMEM;
130
		break;
131
	case H_RESOURCE:
132
		err = -EEXIST;
133
		break;
134
	case H_TOO_BIG:
135
		err = -EFBIG;
136
		break;
137
	case H_STATE:
138
		err = -EIO;
139
		break;
140
	case H_R_STATE:
141
		err = -EIO;
142
		break;
143
	case H_IN_USE:
144
		err = -EEXIST;
145
		break;
146
	case H_ABORTED:
147
		err = -EIO;
148
		break;
149
	default:
150
		err = -EINVAL;
151
	}
152

153
	pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err);
154

155
	return err;
156
}
157

158
static int plpks_gen_password(void)
159
{
160
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
161
	u8 *password, consumer = PLPKS_OS_OWNER;
162
	int rc;
163

164
	// If we booted from kexec, we could be reusing an existing password already
165
	if (ospassword) {
166
		pr_debug("Password of length %u already in use\n", ospasswordlength);
167
		return 0;
168
	}
169

170
	// The password must not cross a page boundary, so we align to the next power of 2
171
	password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL);
172
	if (!password)
173
		return -ENOMEM;
174

175
	rc = plpar_hcall(H_PKS_GEN_PASSWORD, retbuf, consumer, 0,
176
			 virt_to_phys(password), maxpwsize);
177

178
	if (!rc) {
179
		ospasswordlength = maxpwsize;
180
		ospassword = kzalloc(maxpwsize, GFP_KERNEL);
181
		if (!ospassword) {
182
			kfree_sensitive(password);
183
			return -ENOMEM;
184
		}
185
		memcpy(ospassword, password, ospasswordlength);
186
	} else {
187
		if (rc == H_IN_USE) {
188
			pr_warn("Password already set - authenticated operations will fail\n");
189
			rc = 0;
190
		} else {
191
			goto out;
192
		}
193
	}
194
out:
195
	kfree_sensitive(password);
196

197
	return pseries_status_to_err(rc);
198
}
199

200
static struct plpks_auth *construct_auth(u8 consumer)
201
{
202
	struct plpks_auth *auth;
203

204
	if (consumer > PLPKS_OS_OWNER)
205
		return ERR_PTR(-EINVAL);
206

207
	// The auth structure must not cross a page boundary and must be
208
	// 16 byte aligned. We align to the next largest power of 2
209
	auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL);
210
	if (!auth)
211
		return ERR_PTR(-ENOMEM);
212

213
	auth->version = 1;
214
	auth->consumer = consumer;
215

216
	if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER)
217
		return auth;
218

219
	memcpy(auth->password, ospassword, ospasswordlength);
220

221
	auth->passwordlength = cpu_to_be16(ospasswordlength);
222

223
	return auth;
224
}
225

226
/*
227
 * Label is combination of label attributes + name.
228
 * Label attributes are used internally by kernel and not exposed to the user.
229
 */
230
static struct label *construct_label(char *component, u8 varos, u8 *name,
231
				     u16 namelen)
232
{
233
	struct label *label;
234
	size_t slen = 0;
235

236
	if (!name || namelen > PLPKS_MAX_NAME_SIZE)
237
		return ERR_PTR(-EINVAL);
238

239
	// Support NULL component for signed updates
240
	if (component) {
241
		slen = strlen(component);
242
		if (slen > sizeof(label->attr.prefix))
243
			return ERR_PTR(-EINVAL);
244
	}
245

246
	// The label structure must not cross a page boundary, so we align to the next power of 2
247
	label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL);
248
	if (!label)
249
		return ERR_PTR(-ENOMEM);
250

251
	if (component)
252
		memcpy(&label->attr.prefix, component, slen);
253

254
	label->attr.version = PLPKS_LABEL_VERSION;
255
	label->attr.os = varos;
256
	label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE;
257
	memcpy(&label->name, name, namelen);
258

259
	label->size = sizeof(struct label_attr) + namelen;
260

261
	return label;
262
}
263

264
static int _plpks_get_config(void)
265
{
266
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
267
	struct config {
268
		u8 version;
269
		u8 flags;
270
		__be16 rsvd0;
271
		__be16 objoverhead;
272
		__be16 maxpwsize;
273
		__be16 maxobjlabelsize;
274
		__be16 maxobjsize;
275
		__be32 totalsize;
276
		__be32 usedspace;
277
		__be32 supportedpolicies;
278
		__be32 maxlargeobjectsize;
279
		__be64 signedupdatealgorithms;
280
		__be64 wrappingfeatures;
281
		u8 rsvd1[476];
282
	} __packed * config;
283
	size_t size;
284
	int rc = 0;
285

286
	size = sizeof(*config);
287

288
	// Config struct must not cross a page boundary. So long as the struct
289
	// size is a power of 2, this should be fine as alignment is guaranteed
290
	config = kzalloc(size, GFP_KERNEL);
291
	if (!config) {
292
		rc = -ENOMEM;
293
		goto err;
294
	}
295

296
	rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size);
297

298
	if (rc != H_SUCCESS) {
299
		rc = pseries_status_to_err(rc);
300
		goto err;
301
	}
302

303
	version = config->version;
304
	objoverhead = be16_to_cpu(config->objoverhead);
305
	maxpwsize = be16_to_cpu(config->maxpwsize);
306
	maxobjsize = be16_to_cpu(config->maxobjsize);
307
	maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize);
308
	totalsize = be32_to_cpu(config->totalsize);
309
	usedspace = be32_to_cpu(config->usedspace);
310
	supportedpolicies = be32_to_cpu(config->supportedpolicies);
311
	maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize);
312
	signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms);
313
	wrappingfeatures = be64_to_cpu(config->wrappingfeatures);
314
	wrapsupport = config->flags & PPC_BIT8(PLPKS_WRAP_INTERFACE_BIT);
315

316
	// Validate that the numbers we get back match the requirements of the spec
317
	if (maxpwsize < 32) {
318
		pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize);
319
		rc = -EIO;
320
		goto err;
321
	}
322

323
	if (maxobjlabelsize < 255) {
324
		pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n",
325
		       maxobjlabelsize);
326
		rc = -EIO;
327
		goto err;
328
	}
329

330
	if (totalsize < 4096) {
331
		pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize);
332
		rc = -EIO;
333
		goto err;
334
	}
335

336
	if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) {
337
		pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize);
338
		rc = -EIO;
339
		goto err;
340
	}
341

342
err:
343
	kfree(config);
344
	return rc;
345
}
346

347
/**
348
 * plpks_get_version() - Get the version of the PLPKS config structure.
349
 *
350
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
351
 * reads the PLPKS config structure version and saves it in a file local static
352
 * version variable.
353
 *
354
 * Returns: On success the saved PLPKS config structure version is returned, 0
355
 * if not.
356
 */
357
u8 plpks_get_version(void)
358
{
359
	return version;
360
}
361

362
/**
363
 * plpks_get_objoverhead() - Get the hypervisor storage overhead per object.
364
 *
365
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
366
 * reads the per object hypervisor storage overhead in bytes into the local
367
 * static objoverhead variable, excluding the size of the object or the label.
368
 * This value can be treated as valid only when the PLPKS config structure
369
 * version >= 2.
370
 *
371
 * Returns: If PLPKS config structure version >= 2 then the storage overhead is
372
 * returned, 0 otherwise.
373
 */
374
u16 plpks_get_objoverhead(void)
375
{
376
	return objoverhead;
377
}
378

379
/**
380
 * plpks_get_maxpwsize() - Get the maximum password size.
381
 *
382
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
383
 * reads the maximum password size and checks if it is 32 bytes at the least
384
 * before storing it in the local static maxpwsize variable.
385
 *
386
 * Returns: On success the maximum password size is returned, 0 if not.
387
 */
388
u16 plpks_get_maxpwsize(void)
389
{
390
	return maxpwsize;
391
}
392

393
/**
394
 * plpks_get_maxobjectsize() - Get the maximum object size supported by the
395
 * PLPKS.
396
 *
397
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
398
 * reads the maximum object size into the file local static maxobjsize variable.
399
 *
400
 * Returns: On success the maximum object size is returned, 0 if not.
401
 */
402
u16 plpks_get_maxobjectsize(void)
403
{
404
	return maxobjsize;
405
}
406

407
/**
408
 * plpks_get_maxobjectlabelsize() - Get the maximum object label size supported
409
 * by the PLPKS.
410
 *
411
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
412
 * reads the maximum object label size into the local static maxobjlabelsize
413
 * variable.
414
 *
415
 * Returns: On success the maximum object label size is returned, 0 if not.
416
 */
417
u16 plpks_get_maxobjectlabelsize(void)
418
{
419
	return maxobjlabelsize;
420
}
421

422
/**
423
 * plpks_get_totalsize() - Get the total size of the PLPKS that is configured.
424
 *
425
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
426
 * reads the total size of the PLPKS that is configured for the LPAR into the
427
 * file local static totalsize variable.
428
 *
429
 * Returns: On success the total size of the PLPKS configured is returned, 0 if
430
 * not.
431
 */
432
u32 plpks_get_totalsize(void)
433
{
434
	return totalsize;
435
}
436

437
/**
438
 * plpks_get_usedspace() - Get the used space from the total size of the PLPKS.
439
 *
440
 * Invoke the H_PKS_GET_CONFIG HCALL to refresh the latest value for the used
441
 * space as this keeps changing with the creation and removal of objects in the
442
 * PLPKS.
443
 *
444
 * Returns: On success the used space is returned, 0 if not.
445
 */
446
u32 plpks_get_usedspace(void)
447
{
448
	int rc = _plpks_get_config();
449
	if (rc) {
450
		pr_err("Couldn't get config, rc: %d\n", rc);
451
		return 0;
452
	}
453
	return usedspace;
454
}
455

456
/**
457
 * plpks_get_supportedpolicies() - Get a bitmask of the policies supported by
458
 * the hypervisor.
459
 *
460
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
461
 * reads a bitmask of the policies supported by the hypervisor into the file
462
 * local static supportedpolicies variable.
463
 *
464
 * Returns: On success the bitmask of the policies supported by the hypervisor
465
 * are returned, 0 if not.
466
 */
467
u32 plpks_get_supportedpolicies(void)
468
{
469
	return supportedpolicies;
470
}
471

472
/**
473
 * plpks_get_maxlargeobjectsize() - Get the maximum object size supported for
474
 * PLPKS config structure version >= 3
475
 *
476
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
477
 * reads the maximum object size into the local static maxlargeobjectsize
478
 * variable for PLPKS config structure version >= 3. This was introduced
479
 * starting with PLPKS config structure version 3 to allow for objects of
480
 * size >= 64K.
481
 *
482
 * Returns: If PLPKS config structure version >= 3 then the new maximum object
483
 * size is returned, 0 if not.
484
 */
485
u32 plpks_get_maxlargeobjectsize(void)
486
{
487
	return maxlargeobjectsize;
488
}
489

490
/**
491
 * plpks_get_signedupdatealgorithms() - Get a bitmask of the signature
492
 * algorithms supported for signed updates.
493
 *
494
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
495
 * reads a bitmask of the signature algorithms supported for signed updates into
496
 * the file local static signedupdatealgorithms variable. This is valid only
497
 * when the PLPKS config structure version >= 3.
498
 *
499
 * Returns: On success the bitmask of the signature algorithms supported for
500
 * signed updates is returned, 0 if not.
501
 */
502
u64 plpks_get_signedupdatealgorithms(void)
503
{
504
	return signedupdatealgorithms;
505
}
506

507
/**
508
 * plpks_get_wrappingfeatures() - Returns a bitmask of the wrapping features
509
 * supported by the hypervisor.
510
 *
511
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
512
 * reads a bitmask of the wrapping features supported by the hypervisor into the
513
 * file local static wrappingfeatures variable. This is valid only when the
514
 * PLPKS config structure version >= 3.
515
 *
516
 * Return:
517
 *	bitmask of the wrapping features supported by the hypervisor
518
 */
519
u64 plpks_get_wrappingfeatures(void)
520
{
521
	return wrappingfeatures;
522
}
523

524
/**
525
 * plpks_get_passwordlen() - Get the length of the PLPKS password in bytes.
526
 *
527
 * The H_PKS_GEN_PASSWORD HCALL makes the hypervisor generate a random password
528
 * for the specified consumer, apply that password to the PLPKS and return it to
529
 * the caller. In this process, the password length for the OS consumer is
530
 * stored in the local static ospasswordlength variable.
531
 *
532
 * Returns: On success the password length for the OS consumer in bytes is
533
 * returned, 0 if not.
534
 */
535
u16 plpks_get_passwordlen(void)
536
{
537
	return ospasswordlength;
538
}
539

540
/**
541
 * plpks_is_available() - Get the PLPKS availability status for the LPAR.
542
 *
543
 * The availability of PLPKS is inferred based upon the successful execution of
544
 * the H_PKS_GET_CONFIG HCALL provided the firmware supports this feature. The
545
 * H_PKS_GET_CONFIG HCALL reads the configuration and status information related
546
 * to the PLPKS. The configuration structure provides a version number to inform
547
 * the caller of the supported features.
548
 *
549
 * Returns: true is returned if PLPKS is available, false if not.
550
 */
551
bool plpks_is_available(void)
552
{
553
	int rc;
554

555
	if (!firmware_has_feature(FW_FEATURE_PLPKS))
556
		return false;
557

558
	rc = _plpks_get_config();
559
	if (rc)
560
		return false;
561

562
	return true;
563
}
564

565
static int plpks_confirm_object_flushed(struct label *label,
566
					struct plpks_auth *auth)
567
{
568
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
569
	bool timed_out = true;
570
	u64 timeout = 0;
571
	u8 status;
572
	int rc;
573

574
	do {
575
		rc = plpar_hcall(H_PKS_CONFIRM_OBJECT_FLUSHED, retbuf,
576
				 virt_to_phys(auth), virt_to_phys(label),
577
				 label->size);
578

579
		status = retbuf[0];
580
		if (rc) {
581
			timed_out = false;
582
			if (rc == H_NOT_FOUND && status == 1)
583
				rc = 0;
584
			break;
585
		}
586

587
		if (!rc && status == 1) {
588
			timed_out = false;
589
			break;
590
		}
591

592
		fsleep(PLPKS_FLUSH_SLEEP);
593
		timeout = timeout + PLPKS_FLUSH_SLEEP;
594
	} while (timeout < PLPKS_MAX_TIMEOUT);
595

596
	if (timed_out)
597
		return -ETIMEDOUT;
598

599
	return pseries_status_to_err(rc);
600
}
601

602
/**
603
 * plpks_signed_update_var() - Update the specified authenticated variable.
604
 * @var: authenticated variable to be updated
605
 * @flags: signed update request operation flags
606
 *
607
 * The H_PKS_SIGNED_UPDATE HCALL performs a signed update to an object in the
608
 * PLPKS. The object must have the signed update policy flag set.
609
 *
610
 * Possible reasons for the returned errno values:
611
 *
612
 * -ENXIO	if PLPKS is not supported
613
 * -EIO		if PLPKS access is blocked due to the LPAR's state
614
 *		if PLPKS modification is blocked due to the LPAR's state
615
 *		if an error occurred while processing the request
616
 * -EINVAL	if invalid authorization parameter
617
 *		if invalid object label parameter
618
 *		if invalid object label len parameter
619
 *		if invalid or unsupported policy declaration
620
 *		if invalid signed update flags
621
 *		if invalid input data parameter
622
 *		if invalid input data len parameter
623
 *		if invalid continue token parameter
624
 * -EPERM	if access is denied
625
 * -ENOMEM	if there is inadequate memory to perform the operation
626
 * -EBUSY	if unable to handle the request or long running operation
627
 *		initiated, retry later
628
 *
629
 * Returns: On success 0 is returned, a negative errno if not.
630
 */
631
int plpks_signed_update_var(struct plpks_var *var, u64 flags)
632
{
633
	unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0};
634
	int rc;
635
	struct label *label;
636
	struct plpks_auth *auth;
637
	u64 continuetoken = 0;
638
	u64 timeout = 0;
639

640
	if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE)
641
		return -EINVAL;
642

643
	if (!(var->policy & PLPKS_SIGNEDUPDATE))
644
		return -EINVAL;
645

646
	if (var->policy & PLPKS_WRAPPINGKEY)
647
		return -EINVAL;
648

649
	// Signed updates need the component to be NULL.
650
	if (var->component)
651
		return -EINVAL;
652

653
	auth = construct_auth(PLPKS_OS_OWNER);
654
	if (IS_ERR(auth))
655
		return PTR_ERR(auth);
656

657
	label = construct_label(var->component, var->os, var->name, var->namelen);
658
	if (IS_ERR(label)) {
659
		rc = PTR_ERR(label);
660
		goto out;
661
	}
662

663
	do {
664
		rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf,
665
				  virt_to_phys(auth), virt_to_phys(label),
666
				  label->size, var->policy, flags,
667
				  virt_to_phys(var->data), var->datalen,
668
				  continuetoken);
669

670
		continuetoken = retbuf[0];
671
		if (pseries_status_to_err(rc) == -EBUSY) {
672
			int delay_us = get_longbusy_msecs(rc) * 1000;
673

674
			fsleep(delay_us);
675
			timeout += delay_us;
676
		}
677
		rc = pseries_status_to_err(rc);
678
	} while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT);
679

680
	if (!rc)
681
		rc = plpks_confirm_object_flushed(label, auth);
682

683
	kfree(label);
684
out:
685
	kfree(auth);
686

687
	return rc;
688
}
689

690
/**
691
 * plpks_write_var() - Write the specified variable and its data to PLPKS.
692
 * @var: variable to be written into the PLPKS
693
 *
694
 * The H_PKS_WRITE_OBJECT HCALL writes an object into the PLPKS. The caller must
695
 * provide a valid component type for the variable, and the signed update policy
696
 * flag must not be set.
697
 *
698
 * Possible reasons for the returned errno values:
699
 *
700
 * -ENXIO	if PLPKS is not supported
701
 * -EIO		if PLPKS access is blocked due to the LPAR's state
702
 *		if PLPKS modification is blocked due to the LPAR's state
703
 *		if an error occurred while processing the request
704
 * -EINVAL	if invalid authorization parameter
705
 *		if invalid object label parameter
706
 *		if invalid object label len parameter
707
 *		if invalid or unsupported policy declaration
708
 *		if invalid input data parameter
709
 *		if invalid input data len parameter
710
 * -EPERM	if access is denied
711
 * -ENOMEM	if unable to store the requested object in the space available
712
 * -EBUSY	if unable to handle the request
713
 * -EEXIST	if the object label already exists
714
 *
715
 * Returns: On success 0 is returned, a negative errno if not.
716
 */
717
int plpks_write_var(struct plpks_var var)
718
{
719
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
720
	struct plpks_auth *auth;
721
	struct label *label;
722
	int rc;
723

724
	if (!var.component || !var.data || var.datalen <= 0 ||
725
	    var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE)
726
		return -EINVAL;
727

728
	if (var.policy & PLPKS_SIGNEDUPDATE)
729
		return -EINVAL;
730

731
	if (var.policy & PLPKS_WRAPPINGKEY)
732
		return -EINVAL;
733

734
	auth = construct_auth(PLPKS_OS_OWNER);
735
	if (IS_ERR(auth))
736
		return PTR_ERR(auth);
737

738
	label = construct_label(var.component, var.os, var.name, var.namelen);
739
	if (IS_ERR(label)) {
740
		rc = PTR_ERR(label);
741
		goto out;
742
	}
743

744
	rc = plpar_hcall(H_PKS_WRITE_OBJECT, retbuf, virt_to_phys(auth),
745
			 virt_to_phys(label), label->size, var.policy,
746
			 virt_to_phys(var.data), var.datalen);
747

748
	if (!rc)
749
		rc = plpks_confirm_object_flushed(label, auth);
750

751
	rc = pseries_status_to_err(rc);
752
	kfree(label);
753
out:
754
	kfree(auth);
755

756
	return rc;
757
}
758

759
/**
760
 * plpks_remove_var() - Remove the specified variable and its data from PLPKS.
761
 * @component: metadata prefix in the object label metadata structure
762
 * @varos: metadata OS flags in the object label metadata structure
763
 * @vname: object label for the object that needs to be removed
764
 *
765
 * The H_PKS_REMOVE_OBJECT HCALL removes an object from the PLPKS. The removal
766
 * is independent of the policy bits that are set.
767
 *
768
 * Possible reasons for the returned errno values:
769
 *
770
 * -ENXIO	if PLPKS is not supported
771
 * -EIO		if PLPKS access is blocked due to the LPAR's state
772
 *		if PLPKS modification is blocked due to the LPAR's state
773
 *		if an error occurred while processing the request
774
 * -EINVAL	if invalid authorization parameter
775
 *		if invalid object label parameter
776
 *		if invalid object label len parameter
777
 * -EPERM	if access is denied
778
 * -ENOENT	if the requested object was not found
779
 * -EBUSY	if unable to handle the request
780
 *
781
 * Returns: On success 0 is returned, a negative errno if not.
782
 */
783
int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname)
784
{
785
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
786
	struct plpks_auth *auth;
787
	struct label *label;
788
	int rc;
789

790
	if (vname.namelen > PLPKS_MAX_NAME_SIZE)
791
		return -EINVAL;
792

793
	auth = construct_auth(PLPKS_OS_OWNER);
794
	if (IS_ERR(auth))
795
		return PTR_ERR(auth);
796

797
	label = construct_label(component, varos, vname.name, vname.namelen);
798
	if (IS_ERR(label)) {
799
		rc = PTR_ERR(label);
800
		goto out;
801
	}
802

803
	rc = plpar_hcall(H_PKS_REMOVE_OBJECT, retbuf, virt_to_phys(auth),
804
			 virt_to_phys(label), label->size);
805

806
	if (!rc)
807
		rc = plpks_confirm_object_flushed(label, auth);
808

809
	rc = pseries_status_to_err(rc);
810
	kfree(label);
811
out:
812
	kfree(auth);
813

814
	return rc;
815
}
816

817
static int plpks_read_var(u8 consumer, struct plpks_var *var)
818
{
819
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
820
	struct plpks_auth *auth;
821
	struct label *label = NULL;
822
	u8 *output;
823
	int rc;
824

825
	if (var->namelen > PLPKS_MAX_NAME_SIZE)
826
		return -EINVAL;
827

828
	if (var->policy & PLPKS_WRAPPINGKEY)
829
		return -EINVAL;
830

831
	auth = construct_auth(consumer);
832
	if (IS_ERR(auth))
833
		return PTR_ERR(auth);
834

835
	if (consumer == PLPKS_OS_OWNER) {
836
		label = construct_label(var->component, var->os, var->name,
837
					var->namelen);
838
		if (IS_ERR(label)) {
839
			rc = PTR_ERR(label);
840
			goto out_free_auth;
841
		}
842
	}
843

844
	output = kzalloc(maxobjsize, GFP_KERNEL);
845
	if (!output) {
846
		rc = -ENOMEM;
847
		goto out_free_label;
848
	}
849

850
	if (consumer == PLPKS_OS_OWNER)
851
		rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
852
				 virt_to_phys(label), label->size, virt_to_phys(output),
853
				 maxobjsize);
854
	else
855
		rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
856
				 virt_to_phys(var->name), var->namelen, virt_to_phys(output),
857
				 maxobjsize);
858

859

860
	if (rc != H_SUCCESS) {
861
		rc = pseries_status_to_err(rc);
862
		goto out_free_output;
863
	}
864

865
	if (!var->data || var->datalen > retbuf[0])
866
		var->datalen = retbuf[0];
867

868
	var->policy = retbuf[1];
869

870
	if (var->data)
871
		memcpy(var->data, output, var->datalen);
872

873
	rc = 0;
874

875
out_free_output:
876
	kfree(output);
877
out_free_label:
878
	kfree(label);
879
out_free_auth:
880
	kfree(auth);
881

882
	return rc;
883
}
884

885
/**
886
 * plpks_wrapping_is_supported() - Get the H_PKS_WRAP_OBJECT interface
887
 * availability status for the LPAR.
888
 *
889
 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
890
 * sets bit 3 of the flags variable in the PLPKS config structure if the
891
 * H_PKS_WRAP_OBJECT interface is supported.
892
 *
893
 * Returns: true if the H_PKS_WRAP_OBJECT interface is supported, false if not.
894
 */
895
bool plpks_wrapping_is_supported(void)
896
{
897
	return wrapsupport;
898
}
899
EXPORT_SYMBOL_GPL(plpks_wrapping_is_supported);
900

901
/**
902
 * plpks_gen_wrapping_key() - Generate a new random key with the 'wrapping key'
903
 * policy set.
904
 *
905
 * The H_PKS_GEN_KEY HCALL makes the hypervisor generate a new random key and
906
 * store the key in a PLPKS object with the provided object label. With the
907
 * 'wrapping key' policy set, only the label to the newly generated random key
908
 * would be visible to the user.
909
 *
910
 * Possible reasons for the returned errno values:
911
 *
912
 * -ENXIO	if PLPKS is not supported
913
 * -EIO		if PLPKS access is blocked due to the LPAR's state
914
 *		if PLPKS modification is blocked due to the LPAR's state
915
 *		if an error occurred while processing the request
916
 * -EINVAL	if invalid authorization parameter
917
 *		if invalid object label parameter
918
 *		if invalid object label len parameter
919
 *		if invalid or unsupported policy declaration
920
 *		if invalid output buffer parameter
921
 *		if invalid output buffer length parameter
922
 * -EPERM	if access is denied
923
 * -ENOMEM	if there is inadequate memory to perform this operation
924
 * -EBUSY	if unable to handle the request
925
 * -EEXIST	if the object label already exists
926
 *
927
 * Returns: On success 0 is returned, a negative errno if not.
928
 */
929
int plpks_gen_wrapping_key(void)
930
{
931
	unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
932
	struct plpks_auth *auth;
933
	struct label *label;
934
	int rc = 0, pseries_status = 0;
935
	struct plpks_var var = {
936
		.name = PLPKS_WRAPKEY_NAME,
937
		.namelen = strlen(var.name),
938
		.policy = PLPKS_WRAPPINGKEY,
939
		.os = PLPKS_VAR_LINUX,
940
		.component = PLPKS_WRAPKEY_COMPONENT
941
	};
942

943
	auth = construct_auth(PLPKS_OS_OWNER);
944
	if (IS_ERR(auth))
945
		return PTR_ERR(auth);
946

947
	label = construct_label(var.component, var.os, var.name, var.namelen);
948
	if (IS_ERR(label)) {
949
		rc = PTR_ERR(label);
950
		goto out;
951
	}
952

953
	rc = plpar_hcall(H_PKS_GEN_KEY, retbuf,
954
			 virt_to_phys(auth), virt_to_phys(label),
955
			 label->size, var.policy,
956
			 NULL, PLPKS_WRAPPING_KEY_LENGTH);
957

958
	if (!rc)
959
		rc = plpks_confirm_object_flushed(label, auth);
960

961
	pseries_status = rc;
962
	rc = pseries_status_to_err(rc);
963

964
	if (rc && rc != -EEXIST) {
965
		pr_err("H_PKS_GEN_KEY failed. pseries_status=%d, rc=%d",
966
		       pseries_status, rc);
967
	} else {
968
		rc = 0;
969
	}
970

971
	kfree(label);
972
out:
973
	kfree(auth);
974
	return rc;
975
}
976
EXPORT_SYMBOL_GPL(plpks_gen_wrapping_key);
977

978
/**
979
 * plpks_wrap_object() - Wrap an object using the default wrapping key stored in
980
 * the PLPKS.
981
 * @input_buf: buffer containing the data to be wrapped
982
 * @input_len: length of the input buffer
983
 * @wrap_flags: object wrapping flags
984
 * @output_buf: buffer to store the wrapped data
985
 * @output_len: length of the output buffer
986
 *
987
 * The H_PKS_WRAP_OBJECT HCALL wraps an object using a wrapping key stored in
988
 * the PLPKS and returns the wrapped object to the caller. The caller provides a
989
 * label to the wrapping key with the 'wrapping key' policy set that must have
990
 * been previously created with the H_PKS_GEN_KEY HCALL. The provided object is
991
 * then encrypted with the wrapping key and additional metadata and the result
992
 * is returned to the user. The metadata includes the wrapping algorithm and the
993
 * wrapping key name so those parameters are not required during unwrap.
994
 *
995
 * Possible reasons for the returned errno values:
996
 *
997
 * -ENXIO	if PLPKS is not supported
998
 * -EIO		if PLPKS access is blocked due to the LPAR's state
999
 *		if PLPKS modification is blocked due to the LPAR's state
1000
 *		if an error occurred while processing the request
1001
 * -EINVAL	if invalid authorization parameter
1002
 *		if invalid wrapping key label parameter
1003
 *		if invalid wrapping key label length parameter
1004
 *		if invalid or unsupported object wrapping flags
1005
 *		if invalid input buffer parameter
1006
 *		if invalid input buffer length parameter
1007
 *		if invalid output buffer parameter
1008
 *		if invalid output buffer length parameter
1009
 *		if invalid continue token parameter
1010
 *		if the wrapping key is not compatible with the wrapping
1011
 *		algorithm
1012
 * -EPERM	if access is denied
1013
 * -ENOENT	if the requested wrapping key was not found
1014
 * -EBUSY	if unable to handle the request or long running operation
1015
 *		initiated, retry later.
1016
 *
1017
 * Returns: On success 0 is returned, a negative errno if not.
1018
 */
1019
int plpks_wrap_object(u8 **input_buf, u32 input_len, u16 wrap_flags,
1020
		      u8 **output_buf, u32 *output_len)
1021
{
1022
	unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = { 0 };
1023
	struct plpks_auth *auth;
1024
	struct label *label;
1025
	u64 continuetoken = 0;
1026
	u64 objwrapflags = 0;
1027
	int rc = 0, pseries_status = 0;
1028
	bool sb_audit_or_enforce_bit = wrap_flags & BIT(0);
1029
	bool sb_enforce_bit = wrap_flags & BIT(1);
1030
	struct plpks_var var = {
1031
		.name = PLPKS_WRAPKEY_NAME,
1032
		.namelen = strlen(var.name),
1033
		.os = PLPKS_VAR_LINUX,
1034
		.component = PLPKS_WRAPKEY_COMPONENT
1035
	};
1036

1037
	auth = construct_auth(PLPKS_OS_OWNER);
1038
	if (IS_ERR(auth))
1039
		return PTR_ERR(auth);
1040

1041
	label = construct_label(var.component, var.os, var.name, var.namelen);
1042
	if (IS_ERR(label)) {
1043
		rc = PTR_ERR(label);
1044
		goto out;
1045
	}
1046

1047
	/* Set the consumer password requirement bit. A must have. */
1048
	objwrapflags |= WRAPFLAG_BE_BIT_SET(3);
1049

1050
	/* Set the wrapping algorithm bit. Just one algorithm option for now */
1051
	objwrapflags |= WRAPFLAG_BE_FIELD_PREP(60, 63, 0x1);
1052

1053
	if (sb_audit_or_enforce_bit & sb_enforce_bit) {
1054
		pr_err("Cannot set both audit/enforce and enforce bits.");
1055
		rc = -EINVAL;
1056
		goto out_free_label;
1057
	} else if (sb_audit_or_enforce_bit) {
1058
		objwrapflags |= WRAPFLAG_BE_BIT_SET(1);
1059
	} else if (sb_enforce_bit) {
1060
		objwrapflags |= WRAPFLAG_BE_BIT_SET(2);
1061
	}
1062

1063
	*output_len = input_len + PLPKS_WRAPPING_BUF_DIFF;
1064

1065
	*output_buf = kzalloc(ALIGN(*output_len, PLPKS_WRAPPING_BUF_ALIGN),
1066
			      GFP_KERNEL);
1067
	if (!(*output_buf)) {
1068
		pr_err("Output buffer allocation failed. Returning -ENOMEM.");
1069
		rc = -ENOMEM;
1070
		goto out_free_label;
1071
	}
1072

1073
	do {
1074
		rc = plpar_hcall9(H_PKS_WRAP_OBJECT, retbuf,
1075
				  virt_to_phys(auth), virt_to_phys(label),
1076
				  label->size, objwrapflags,
1077
				  virt_to_phys(*input_buf), input_len,
1078
				  virt_to_phys(*output_buf), *output_len,
1079
				  continuetoken);
1080

1081
		continuetoken = retbuf[0];
1082
		pseries_status = rc;
1083
		rc = pseries_status_to_err(rc);
1084
	} while (rc == -EBUSY);
1085

1086
	if (rc) {
1087
		pr_err("H_PKS_WRAP_OBJECT failed. pseries_status=%d, rc=%d",
1088
		       pseries_status, rc);
1089
		kfree(*output_buf);
1090
		*output_buf = NULL;
1091
	} else {
1092
		*output_len = retbuf[1];
1093
	}
1094

1095
out_free_label:
1096
	kfree(label);
1097
out:
1098
	kfree(auth);
1099
	return rc;
1100
}
1101
EXPORT_SYMBOL_GPL(plpks_wrap_object);
1102

1103
/**
1104
 * plpks_unwrap_object() - Unwrap an object using the default wrapping key
1105
 * stored in the PLPKS.
1106
 * @input_buf: buffer containing the data to be unwrapped
1107
 * @input_len: length of the input buffer
1108
 * @output_buf: buffer to store the unwrapped data
1109
 * @output_len: length of the output buffer
1110
 *
1111
 * The H_PKS_UNWRAP_OBJECT HCALL unwraps an object that was previously wrapped
1112
 * using the H_PKS_WRAP_OBJECT HCALL.
1113
 *
1114
 * Possible reasons for the returned errno values:
1115
 *
1116
 * -ENXIO	if PLPKS is not supported
1117
 * -EIO		if PLPKS access is blocked due to the LPAR's state
1118
 *		if PLPKS modification is blocked due to the LPAR's state
1119
 *		if an error occurred while processing the request
1120
 * -EINVAL	if invalid authorization parameter
1121
 *		if invalid or unsupported object unwrapping flags
1122
 *		if invalid input buffer parameter
1123
 *		if invalid input buffer length parameter
1124
 *		if invalid output buffer parameter
1125
 *		if invalid output buffer length parameter
1126
 *		if invalid continue token parameter
1127
 *		if the wrapping key is not compatible with the wrapping
1128
 *		algorithm
1129
 *		if the wrapped object's format is not supported
1130
 *		if the wrapped object is invalid
1131
 * -EPERM	if access is denied
1132
 * -ENOENT	if the wrapping key for the provided object was not found
1133
 * -EBUSY	if unable to handle the request or long running operation
1134
 *		initiated, retry later.
1135
 *
1136
 * Returns: On success 0 is returned, a negative errno if not.
1137
 */
1138
int plpks_unwrap_object(u8 **input_buf, u32 input_len, u8 **output_buf,
1139
			u32 *output_len)
1140
{
1141
	unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = { 0 };
1142
	struct plpks_auth *auth;
1143
	u64 continuetoken = 0;
1144
	u64 objwrapflags = 0;
1145
	int rc = 0, pseries_status = 0;
1146

1147
	auth = construct_auth(PLPKS_OS_OWNER);
1148
	if (IS_ERR(auth))
1149
		return PTR_ERR(auth);
1150

1151
	*output_len = input_len - PLPKS_WRAPPING_BUF_DIFF;
1152
	*output_buf = kzalloc(ALIGN(*output_len, PLPKS_WRAPPING_BUF_ALIGN),
1153
			      GFP_KERNEL);
1154
	if (!(*output_buf)) {
1155
		pr_err("Output buffer allocation failed. Returning -ENOMEM.");
1156
		rc = -ENOMEM;
1157
		goto out;
1158
	}
1159

1160
	do {
1161
		rc = plpar_hcall9(H_PKS_UNWRAP_OBJECT, retbuf,
1162
				  virt_to_phys(auth), objwrapflags,
1163
				  virt_to_phys(*input_buf), input_len,
1164
				  virt_to_phys(*output_buf), *output_len,
1165
				  continuetoken);
1166

1167
		continuetoken = retbuf[0];
1168
		pseries_status = rc;
1169
		rc = pseries_status_to_err(rc);
1170
	} while (rc == -EBUSY);
1171

1172
	if (rc) {
1173
		pr_err("H_PKS_UNWRAP_OBJECT failed. pseries_status=%d, rc=%d",
1174
		       pseries_status, rc);
1175
		kfree(*output_buf);
1176
		*output_buf = NULL;
1177
	} else {
1178
		*output_len = retbuf[1];
1179
	}
1180

1181
out:
1182
	kfree(auth);
1183
	return rc;
1184
}
1185
EXPORT_SYMBOL_GPL(plpks_unwrap_object);
1186

1187
/**
1188
 * plpks_read_os_var() - Fetch the data for the specified variable that is owned
1189
 * by the OS consumer.
1190
 * @var: variable to be read from the PLPKS
1191
 *
1192
 * The consumer or the owner of the object is the os kernel. The
1193
 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1194
 * allocate the buffer var->data and specify the length for this buffer in
1195
 * var->datalen. If no buffer is provided, var->datalen will be populated with
1196
 * the requested object's size.
1197
 *
1198
 * Possible reasons for the returned errno values:
1199
 *
1200
 * -ENXIO	if PLPKS is not supported
1201
 * -EIO		if PLPKS access is blocked due to the LPAR's state
1202
 *		if an error occurred while processing the request
1203
 * -EINVAL	if invalid authorization parameter
1204
 *		if invalid object label parameter
1205
 *		if invalid object label len parameter
1206
 *		if invalid output data parameter
1207
 *		if invalid output data len parameter
1208
 * -EPERM	if access is denied
1209
 * -ENOENT	if the requested object was not found
1210
 * -EFBIG	if the requested object couldn't be
1211
 *		stored in the buffer provided
1212
 * -EBUSY	if unable to handle the request
1213
 *
1214
 * Returns: On success 0 is returned, a negative errno if not.
1215
 */
1216
int plpks_read_os_var(struct plpks_var *var)
1217
{
1218
	return plpks_read_var(PLPKS_OS_OWNER, var);
1219
}
1220

1221
/**
1222
 * plpks_read_fw_var() - Fetch the data for the specified variable that is
1223
 * owned by the firmware consumer.
1224
 * @var: variable to be read from the PLPKS
1225
 *
1226
 * The consumer or the owner of the object is the firmware. The
1227
 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1228
 * allocate the buffer var->data and specify the length for this buffer in
1229
 * var->datalen. If no buffer is provided, var->datalen will be populated with
1230
 * the requested object's size.
1231
 *
1232
 * Possible reasons for the returned errno values:
1233
 *
1234
 * -ENXIO	if PLPKS is not supported
1235
 * -EIO		if PLPKS access is blocked due to the LPAR's state
1236
 *		if an error occurred while processing the request
1237
 * -EINVAL	if invalid authorization parameter
1238
 *		if invalid object label parameter
1239
 *		if invalid object label len parameter
1240
 *		if invalid output data parameter
1241
 *		if invalid output data len parameter
1242
 * -EPERM	if access is denied
1243
 * -ENOENT	if the requested object was not found
1244
 * -EFBIG	if the requested object couldn't be
1245
 *		stored in the buffer provided
1246
 * -EBUSY	if unable to handle the request
1247
 *
1248
 * Returns: On success 0 is returned, a negative errno if not.
1249
 */
1250
int plpks_read_fw_var(struct plpks_var *var)
1251
{
1252
	return plpks_read_var(PLPKS_FW_OWNER, var);
1253
}
1254

1255
/**
1256
 * plpks_read_bootloader_var() - Fetch the data for the specified variable
1257
 * owned by the bootloader consumer.
1258
 * @var: variable to be read from the PLPKS
1259
 *
1260
 * The consumer or the owner of the object is the bootloader. The
1261
 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1262
 * allocate the buffer var->data and specify the length for this buffer in
1263
 * var->datalen. If no buffer is provided, var->datalen will be populated with
1264
 * the requested object's size.
1265
 *
1266
 * Possible reasons for the returned errno values:
1267
 *
1268
 * -ENXIO	if PLPKS is not supported
1269
 * -EIO		if PLPKS access is blocked due to the LPAR's state
1270
 *		if an error occurred while processing the request
1271
 * -EINVAL	if invalid authorization parameter
1272
 *		if invalid object label parameter
1273
 *		if invalid object label len parameter
1274
 *		if invalid output data parameter
1275
 *		if invalid output data len parameter
1276
 * -EPERM	if access is denied
1277
 * -ENOENT	if the requested object was not found
1278
 * -EFBIG	if the requested object couldn't be
1279
 *		stored in the buffer provided
1280
 * -EBUSY	if unable to handle the request
1281
 *
1282
 * Returns: On success 0 is returned, a negative errno if not.
1283
 */
1284
int plpks_read_bootloader_var(struct plpks_var *var)
1285
{
1286
	return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var);
1287
}
1288

1289
/**
1290
 * plpks_populate_fdt(): Populates the FDT with the PLPKS password to prepare
1291
 * for kexec.
1292
 * @fdt: pointer to the device tree blob
1293
 *
1294
 * Upon confirming the existence of the chosen node, invoke fdt_setprop to
1295
 * populate the device tree with the PLPKS password in order to prepare for
1296
 * kexec.
1297
 *
1298
 * Returns: On success 0 is returned, a negative value if not.
1299
 */
1300
int plpks_populate_fdt(void *fdt)
1301
{
1302
	int chosen_offset = fdt_path_offset(fdt, "/chosen");
1303

1304
	if (chosen_offset < 0) {
1305
		pr_err("Can't find chosen node: %s\n",
1306
		       fdt_strerror(chosen_offset));
1307
		return chosen_offset;
1308
	}
1309

1310
	return fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw", ospassword, ospasswordlength);
1311
}
1312

1313
/**
1314
 * plpks_early_init_devtree() - Retrieves and clears the PLPKS password from the
1315
 * DT in early init.
1316
 *
1317
 * Once a password is registered with the hypervisor it cannot be cleared
1318
 * without rebooting the LPAR, so to keep using the PLPKS across kexec boots we
1319
 * need to recover the previous password from the FDT.
1320
 *
1321
 * There are a few challenges here.  We don't want the password to be visible to
1322
 * users, so we need to clear it from the FDT.  This has to be done in early
1323
 * boot. Clearing it from the FDT would make the FDT's checksum invalid, so we
1324
 * have to manually cause the checksum to be recalculated.
1325
 */
1326
void __init plpks_early_init_devtree(void)
1327
{
1328
	void *fdt = initial_boot_params;
1329
	int chosen_node = fdt_path_offset(fdt, "/chosen");
1330
	const u8 *password;
1331
	int len;
1332

1333
	if (chosen_node < 0)
1334
		return;
1335

1336
	password = fdt_getprop(fdt, chosen_node, "ibm,plpks-pw", &len);
1337
	if (len <= 0) {
1338
		pr_debug("Couldn't find ibm,plpks-pw node.\n");
1339
		return;
1340
	}
1341

1342
	ospassword = memblock_alloc_raw(len, SMP_CACHE_BYTES);
1343
	if (!ospassword) {
1344
		pr_err("Error allocating memory for password.\n");
1345
		goto out;
1346
	}
1347

1348
	memcpy(ospassword, password, len);
1349
	ospasswordlength = (u16)len;
1350

1351
out:
1352
	fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw");
1353
	// Since we've cleared the password, we must update the FDT checksum
1354
	early_init_dt_verify(fdt, __pa(fdt));
1355
}
1356

1357
static __init int pseries_plpks_init(void)
1358
{
1359
	int rc;
1360

1361
	if (!firmware_has_feature(FW_FEATURE_PLPKS))
1362
		return -ENODEV;
1363

1364
	rc = _plpks_get_config();
1365

1366
	if (rc) {
1367
		pr_err("POWER LPAR Platform KeyStore is not supported or enabled\n");
1368
		return rc;
1369
	}
1370

1371
	rc = plpks_gen_password();
1372
	if (rc)
1373
		pr_err("Failed setting POWER LPAR Platform KeyStore Password\n");
1374
	else
1375
		pr_info("POWER LPAR Platform KeyStore initialized successfully\n");
1376

1377
	return rc;
1378
}
1379
machine_arch_initcall(pseries, pseries_plpks_init);
1380

1381