1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * POWER LPAR Platform KeyStore(PLPKS)
4 * Copyright (C) 2022 IBM Corporation
5 * Author: Nayna Jain <nayna@linux.ibm.com>
6 *
7 * Provides access to variables stored in Power LPAR Platform KeyStore(PLPKS).
8 */
9
10 #define pr_fmt(fmt) "plpks: " fmt
11
12 #define PLPKS_WRAPKEY_COMPONENT "PLPKSWR"
13 #define PLPKS_WRAPKEY_NAME "default-wrapping-key"
14
15 /*
16 * To 4K align the {input, output} buffers to the {UN}WRAP H_CALLs
17 */
18 #define PLPKS_WRAPPING_BUF_ALIGN 4096
19
20 /*
21 * To ensure the output buffer's length is at least 1024 bytes greater
22 * than the input buffer's length during the WRAP H_CALL
23 */
24 #define PLPKS_WRAPPING_BUF_DIFF 1024
25
26 #define PLPKS_WRAP_INTERFACE_BIT 3
27 #define PLPKS_WRAPPING_KEY_LENGTH 32
28
29 #define WRAPFLAG_BE_BIT_SET(be_bit) \
30 BIT_ULL(63 - (be_bit))
31
32 #define WRAPFLAG_BE_GENMASK(be_bit_hi, be_bit_lo) \
33 GENMASK_ULL(63 - (be_bit_hi), 63 - (be_bit_lo))
34
35 #define WRAPFLAG_BE_FIELD_PREP(be_bit_hi, be_bit_lo, val) \
36 FIELD_PREP(WRAPFLAG_BE_GENMASK(be_bit_hi, be_bit_lo), (val))
37
38 #include <linux/delay.h>
39 #include <linux/errno.h>
40 #include <linux/io.h>
41 #include <linux/printk.h>
42 #include <linux/slab.h>
43 #include <linux/string.h>
44 #include <linux/types.h>
45 #include <linux/of_fdt.h>
46 #include <linux/libfdt.h>
47 #include <linux/memblock.h>
48 #include <linux/bitfield.h>
49 #include <asm/hvcall.h>
50 #include <asm/machdep.h>
51 #include <asm/plpks.h>
52 #include <asm/firmware.h>
53
54 static u8 *ospassword;
55 static u16 ospasswordlength;
56
57 // Retrieved with H_PKS_GET_CONFIG
58 static u8 version;
59 static u16 objoverhead;
60 static u16 maxpwsize;
61 static u16 maxobjsize;
62 static s16 maxobjlabelsize;
63 static u32 totalsize;
64 static u32 usedspace;
65 static u32 supportedpolicies;
66 static u32 maxlargeobjectsize;
67 static u64 signedupdatealgorithms;
68 static u64 wrappingfeatures;
69 static bool wrapsupport;
70
71 struct plpks_auth {
72 u8 version;
73 u8 consumer;
74 __be64 rsvd0;
75 __be32 rsvd1;
76 __be16 passwordlength;
77 u8 password[];
78 } __packed __aligned(16);
79
80 struct label_attr {
81 u8 prefix[8];
82 u8 version;
83 u8 os;
84 u8 length;
85 u8 reserved[5];
86 };
87
88 struct label {
89 struct label_attr attr;
90 u8 name[PLPKS_MAX_NAME_SIZE];
91 size_t size;
92 };
93
pseries_status_to_err(int rc)94 static int pseries_status_to_err(int rc)
95 {
96 int err;
97
98 switch (rc) {
99 case H_SUCCESS:
100 err = 0;
101 break;
102 case H_FUNCTION:
103 err = -ENXIO;
104 break;
105 case H_PARAMETER:
106 case H_P2:
107 case H_P3:
108 case H_P4:
109 case H_P5:
110 case H_P6:
111 err = -EINVAL;
112 break;
113 case H_NOT_FOUND:
114 err = -ENOENT;
115 break;
116 case H_BUSY:
117 case H_LONG_BUSY_ORDER_1_MSEC:
118 case H_LONG_BUSY_ORDER_10_MSEC:
119 case H_LONG_BUSY_ORDER_100_MSEC:
120 case H_LONG_BUSY_ORDER_1_SEC:
121 case H_LONG_BUSY_ORDER_10_SEC:
122 case H_LONG_BUSY_ORDER_100_SEC:
123 err = -EBUSY;
124 break;
125 case H_AUTHORITY:
126 err = -EPERM;
127 break;
128 case H_NO_MEM:
129 err = -ENOMEM;
130 break;
131 case H_RESOURCE:
132 err = -EEXIST;
133 break;
134 case H_TOO_BIG:
135 err = -EFBIG;
136 break;
137 case H_STATE:
138 err = -EIO;
139 break;
140 case H_R_STATE:
141 err = -EIO;
142 break;
143 case H_IN_USE:
144 err = -EEXIST;
145 break;
146 case H_ABORTED:
147 err = -EIO;
148 break;
149 default:
150 err = -EINVAL;
151 }
152
153 pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err);
154
155 return err;
156 }
157
plpks_gen_password(void)158 static int plpks_gen_password(void)
159 {
160 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
161 u8 *password, consumer = PLPKS_OS_OWNER;
162 int rc;
163
164 // If we booted from kexec, we could be reusing an existing password already
165 if (ospassword) {
166 pr_debug("Password of length %u already in use\n", ospasswordlength);
167 return 0;
168 }
169
170 // The password must not cross a page boundary, so we align to the next power of 2
171 password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL);
172 if (!password)
173 return -ENOMEM;
174
175 rc = plpar_hcall(H_PKS_GEN_PASSWORD, retbuf, consumer, 0,
176 virt_to_phys(password), maxpwsize);
177
178 if (!rc) {
179 ospasswordlength = maxpwsize;
180 ospassword = kzalloc(maxpwsize, GFP_KERNEL);
181 if (!ospassword) {
182 kfree_sensitive(password);
183 return -ENOMEM;
184 }
185 memcpy(ospassword, password, ospasswordlength);
186 } else {
187 if (rc == H_IN_USE) {
188 pr_warn("Password already set - authenticated operations will fail\n");
189 rc = 0;
190 } else {
191 goto out;
192 }
193 }
194 out:
195 kfree_sensitive(password);
196
197 return pseries_status_to_err(rc);
198 }
199
construct_auth(u8 consumer)200 static struct plpks_auth *construct_auth(u8 consumer)
201 {
202 struct plpks_auth *auth;
203
204 if (consumer > PLPKS_OS_OWNER)
205 return ERR_PTR(-EINVAL);
206
207 // The auth structure must not cross a page boundary and must be
208 // 16 byte aligned. We align to the next largest power of 2
209 auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL);
210 if (!auth)
211 return ERR_PTR(-ENOMEM);
212
213 auth->version = 1;
214 auth->consumer = consumer;
215
216 if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER)
217 return auth;
218
219 memcpy(auth->password, ospassword, ospasswordlength);
220
221 auth->passwordlength = cpu_to_be16(ospasswordlength);
222
223 return auth;
224 }
225
226 /*
227 * Label is combination of label attributes + name.
228 * Label attributes are used internally by kernel and not exposed to the user.
229 */
construct_label(char * component,u8 varos,u8 * name,u16 namelen)230 static struct label *construct_label(char *component, u8 varos, u8 *name,
231 u16 namelen)
232 {
233 struct label *label;
234 size_t slen = 0;
235
236 if (!name || namelen > PLPKS_MAX_NAME_SIZE)
237 return ERR_PTR(-EINVAL);
238
239 // Support NULL component for signed updates
240 if (component) {
241 slen = strlen(component);
242 if (slen > sizeof(label->attr.prefix))
243 return ERR_PTR(-EINVAL);
244 }
245
246 // The label structure must not cross a page boundary, so we align to the next power of 2
247 label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL);
248 if (!label)
249 return ERR_PTR(-ENOMEM);
250
251 if (component)
252 memcpy(&label->attr.prefix, component, slen);
253
254 label->attr.version = PLPKS_LABEL_VERSION;
255 label->attr.os = varos;
256 label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE;
257 memcpy(&label->name, name, namelen);
258
259 label->size = sizeof(struct label_attr) + namelen;
260
261 return label;
262 }
263
_plpks_get_config(void)264 static int _plpks_get_config(void)
265 {
266 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
267 struct config {
268 u8 version;
269 u8 flags;
270 __be16 rsvd0;
271 __be16 objoverhead;
272 __be16 maxpwsize;
273 __be16 maxobjlabelsize;
274 __be16 maxobjsize;
275 __be32 totalsize;
276 __be32 usedspace;
277 __be32 supportedpolicies;
278 __be32 maxlargeobjectsize;
279 __be64 signedupdatealgorithms;
280 __be64 wrappingfeatures;
281 u8 rsvd1[476];
282 } __packed * config;
283 size_t size;
284 int rc = 0;
285
286 size = sizeof(*config);
287
288 // Config struct must not cross a page boundary. So long as the struct
289 // size is a power of 2, this should be fine as alignment is guaranteed
290 config = kzalloc(size, GFP_KERNEL);
291 if (!config) {
292 rc = -ENOMEM;
293 goto err;
294 }
295
296 rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size);
297
298 if (rc != H_SUCCESS) {
299 rc = pseries_status_to_err(rc);
300 goto err;
301 }
302
303 version = config->version;
304 objoverhead = be16_to_cpu(config->objoverhead);
305 maxpwsize = be16_to_cpu(config->maxpwsize);
306 maxobjsize = be16_to_cpu(config->maxobjsize);
307 maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize);
308 totalsize = be32_to_cpu(config->totalsize);
309 usedspace = be32_to_cpu(config->usedspace);
310 supportedpolicies = be32_to_cpu(config->supportedpolicies);
311 maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize);
312 signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms);
313 wrappingfeatures = be64_to_cpu(config->wrappingfeatures);
314 wrapsupport = config->flags & PPC_BIT8(PLPKS_WRAP_INTERFACE_BIT);
315
316 // Validate that the numbers we get back match the requirements of the spec
317 if (maxpwsize < 32) {
318 pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize);
319 rc = -EIO;
320 goto err;
321 }
322
323 if (maxobjlabelsize < 255) {
324 pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n",
325 maxobjlabelsize);
326 rc = -EIO;
327 goto err;
328 }
329
330 if (totalsize < 4096) {
331 pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize);
332 rc = -EIO;
333 goto err;
334 }
335
336 if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) {
337 pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize);
338 rc = -EIO;
339 goto err;
340 }
341
342 err:
343 kfree(config);
344 return rc;
345 }
346
347 /**
348 * plpks_get_version() - Get the version of the PLPKS config structure.
349 *
350 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
351 * reads the PLPKS config structure version and saves it in a file local static
352 * version variable.
353 *
354 * Returns: On success the saved PLPKS config structure version is returned, 0
355 * if not.
356 */
plpks_get_version(void)357 u8 plpks_get_version(void)
358 {
359 return version;
360 }
361
362 /**
363 * plpks_get_objoverhead() - Get the hypervisor storage overhead per object.
364 *
365 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
366 * reads the per object hypervisor storage overhead in bytes into the local
367 * static objoverhead variable, excluding the size of the object or the label.
368 * This value can be treated as valid only when the PLPKS config structure
369 * version >= 2.
370 *
371 * Returns: If PLPKS config structure version >= 2 then the storage overhead is
372 * returned, 0 otherwise.
373 */
plpks_get_objoverhead(void)374 u16 plpks_get_objoverhead(void)
375 {
376 return objoverhead;
377 }
378
379 /**
380 * plpks_get_maxpwsize() - Get the maximum password size.
381 *
382 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
383 * reads the maximum password size and checks if it is 32 bytes at the least
384 * before storing it in the local static maxpwsize variable.
385 *
386 * Returns: On success the maximum password size is returned, 0 if not.
387 */
plpks_get_maxpwsize(void)388 u16 plpks_get_maxpwsize(void)
389 {
390 return maxpwsize;
391 }
392
393 /**
394 * plpks_get_maxobjectsize() - Get the maximum object size supported by the
395 * PLPKS.
396 *
397 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
398 * reads the maximum object size into the file local static maxobjsize variable.
399 *
400 * Returns: On success the maximum object size is returned, 0 if not.
401 */
plpks_get_maxobjectsize(void)402 u16 plpks_get_maxobjectsize(void)
403 {
404 return maxobjsize;
405 }
406
407 /**
408 * plpks_get_maxobjectlabelsize() - Get the maximum object label size supported
409 * by the PLPKS.
410 *
411 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
412 * reads the maximum object label size into the local static maxobjlabelsize
413 * variable.
414 *
415 * Returns: On success the maximum object label size is returned, 0 if not.
416 */
plpks_get_maxobjectlabelsize(void)417 u16 plpks_get_maxobjectlabelsize(void)
418 {
419 return maxobjlabelsize;
420 }
421
422 /**
423 * plpks_get_totalsize() - Get the total size of the PLPKS that is configured.
424 *
425 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
426 * reads the total size of the PLPKS that is configured for the LPAR into the
427 * file local static totalsize variable.
428 *
429 * Returns: On success the total size of the PLPKS configured is returned, 0 if
430 * not.
431 */
plpks_get_totalsize(void)432 u32 plpks_get_totalsize(void)
433 {
434 return totalsize;
435 }
436
437 /**
438 * plpks_get_usedspace() - Get the used space from the total size of the PLPKS.
439 *
440 * Invoke the H_PKS_GET_CONFIG HCALL to refresh the latest value for the used
441 * space as this keeps changing with the creation and removal of objects in the
442 * PLPKS.
443 *
444 * Returns: On success the used space is returned, 0 if not.
445 */
plpks_get_usedspace(void)446 u32 plpks_get_usedspace(void)
447 {
448 int rc = _plpks_get_config();
449 if (rc) {
450 pr_err("Couldn't get config, rc: %d\n", rc);
451 return 0;
452 }
453 return usedspace;
454 }
455
456 /**
457 * plpks_get_supportedpolicies() - Get a bitmask of the policies supported by
458 * the hypervisor.
459 *
460 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
461 * reads a bitmask of the policies supported by the hypervisor into the file
462 * local static supportedpolicies variable.
463 *
464 * Returns: On success the bitmask of the policies supported by the hypervisor
465 * are returned, 0 if not.
466 */
plpks_get_supportedpolicies(void)467 u32 plpks_get_supportedpolicies(void)
468 {
469 return supportedpolicies;
470 }
471
472 /**
473 * plpks_get_maxlargeobjectsize() - Get the maximum object size supported for
474 * PLPKS config structure version >= 3
475 *
476 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
477 * reads the maximum object size into the local static maxlargeobjectsize
478 * variable for PLPKS config structure version >= 3. This was introduced
479 * starting with PLPKS config structure version 3 to allow for objects of
480 * size >= 64K.
481 *
482 * Returns: If PLPKS config structure version >= 3 then the new maximum object
483 * size is returned, 0 if not.
484 */
plpks_get_maxlargeobjectsize(void)485 u32 plpks_get_maxlargeobjectsize(void)
486 {
487 return maxlargeobjectsize;
488 }
489
490 /**
491 * plpks_get_signedupdatealgorithms() - Get a bitmask of the signature
492 * algorithms supported for signed updates.
493 *
494 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
495 * reads a bitmask of the signature algorithms supported for signed updates into
496 * the file local static signedupdatealgorithms variable. This is valid only
497 * when the PLPKS config structure version >= 3.
498 *
499 * Returns: On success the bitmask of the signature algorithms supported for
500 * signed updates is returned, 0 if not.
501 */
plpks_get_signedupdatealgorithms(void)502 u64 plpks_get_signedupdatealgorithms(void)
503 {
504 return signedupdatealgorithms;
505 }
506
507 /**
508 * plpks_get_wrappingfeatures() - Returns a bitmask of the wrapping features
509 * supported by the hypervisor.
510 *
511 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
512 * reads a bitmask of the wrapping features supported by the hypervisor into the
513 * file local static wrappingfeatures variable. This is valid only when the
514 * PLPKS config structure version >= 3.
515 *
516 * Return:
517 * bitmask of the wrapping features supported by the hypervisor
518 */
plpks_get_wrappingfeatures(void)519 u64 plpks_get_wrappingfeatures(void)
520 {
521 return wrappingfeatures;
522 }
523
524 /**
525 * plpks_get_passwordlen() - Get the length of the PLPKS password in bytes.
526 *
527 * The H_PKS_GEN_PASSWORD HCALL makes the hypervisor generate a random password
528 * for the specified consumer, apply that password to the PLPKS and return it to
529 * the caller. In this process, the password length for the OS consumer is
530 * stored in the local static ospasswordlength variable.
531 *
532 * Returns: On success the password length for the OS consumer in bytes is
533 * returned, 0 if not.
534 */
plpks_get_passwordlen(void)535 u16 plpks_get_passwordlen(void)
536 {
537 return ospasswordlength;
538 }
539
540 /**
541 * plpks_is_available() - Get the PLPKS availability status for the LPAR.
542 *
543 * The availability of PLPKS is inferred based upon the successful execution of
544 * the H_PKS_GET_CONFIG HCALL provided the firmware supports this feature. The
545 * H_PKS_GET_CONFIG HCALL reads the configuration and status information related
546 * to the PLPKS. The configuration structure provides a version number to inform
547 * the caller of the supported features.
548 *
549 * Returns: true is returned if PLPKS is available, false if not.
550 */
plpks_is_available(void)551 bool plpks_is_available(void)
552 {
553 int rc;
554
555 if (!firmware_has_feature(FW_FEATURE_PLPKS))
556 return false;
557
558 rc = _plpks_get_config();
559 if (rc)
560 return false;
561
562 return true;
563 }
564
plpks_confirm_object_flushed(struct label * label,struct plpks_auth * auth)565 static int plpks_confirm_object_flushed(struct label *label,
566 struct plpks_auth *auth)
567 {
568 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
569 bool timed_out = true;
570 u64 timeout = 0;
571 u8 status;
572 int rc;
573
574 do {
575 rc = plpar_hcall(H_PKS_CONFIRM_OBJECT_FLUSHED, retbuf,
576 virt_to_phys(auth), virt_to_phys(label),
577 label->size);
578
579 status = retbuf[0];
580 if (rc) {
581 timed_out = false;
582 if (rc == H_NOT_FOUND && status == 1)
583 rc = 0;
584 break;
585 }
586
587 if (!rc && status == 1) {
588 timed_out = false;
589 break;
590 }
591
592 fsleep(PLPKS_FLUSH_SLEEP);
593 timeout = timeout + PLPKS_FLUSH_SLEEP;
594 } while (timeout < PLPKS_MAX_TIMEOUT);
595
596 if (timed_out)
597 return -ETIMEDOUT;
598
599 return pseries_status_to_err(rc);
600 }
601
602 /**
603 * plpks_signed_update_var() - Update the specified authenticated variable.
604 * @var: authenticated variable to be updated
605 * @flags: signed update request operation flags
606 *
607 * The H_PKS_SIGNED_UPDATE HCALL performs a signed update to an object in the
608 * PLPKS. The object must have the signed update policy flag set.
609 *
610 * Possible reasons for the returned errno values:
611 *
612 * -ENXIO if PLPKS is not supported
613 * -EIO if PLPKS access is blocked due to the LPAR's state
614 * if PLPKS modification is blocked due to the LPAR's state
615 * if an error occurred while processing the request
616 * -EINVAL if invalid authorization parameter
617 * if invalid object label parameter
618 * if invalid object label len parameter
619 * if invalid or unsupported policy declaration
620 * if invalid signed update flags
621 * if invalid input data parameter
622 * if invalid input data len parameter
623 * if invalid continue token parameter
624 * -EPERM if access is denied
625 * -ENOMEM if there is inadequate memory to perform the operation
626 * -EBUSY if unable to handle the request or long running operation
627 * initiated, retry later
628 *
629 * Returns: On success 0 is returned, a negative errno if not.
630 */
plpks_signed_update_var(struct plpks_var * var,u64 flags)631 int plpks_signed_update_var(struct plpks_var *var, u64 flags)
632 {
633 unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0};
634 int rc;
635 struct label *label;
636 struct plpks_auth *auth;
637 u64 continuetoken = 0;
638 u64 timeout = 0;
639
640 if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE)
641 return -EINVAL;
642
643 if (!(var->policy & PLPKS_SIGNEDUPDATE))
644 return -EINVAL;
645
646 if (var->policy & PLPKS_WRAPPINGKEY)
647 return -EINVAL;
648
649 // Signed updates need the component to be NULL.
650 if (var->component)
651 return -EINVAL;
652
653 auth = construct_auth(PLPKS_OS_OWNER);
654 if (IS_ERR(auth))
655 return PTR_ERR(auth);
656
657 label = construct_label(var->component, var->os, var->name, var->namelen);
658 if (IS_ERR(label)) {
659 rc = PTR_ERR(label);
660 goto out;
661 }
662
663 do {
664 rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf,
665 virt_to_phys(auth), virt_to_phys(label),
666 label->size, var->policy, flags,
667 virt_to_phys(var->data), var->datalen,
668 continuetoken);
669
670 continuetoken = retbuf[0];
671 if (pseries_status_to_err(rc) == -EBUSY) {
672 int delay_us = get_longbusy_msecs(rc) * 1000;
673
674 fsleep(delay_us);
675 timeout += delay_us;
676 }
677 rc = pseries_status_to_err(rc);
678 } while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT);
679
680 if (!rc)
681 rc = plpks_confirm_object_flushed(label, auth);
682
683 kfree(label);
684 out:
685 kfree(auth);
686
687 return rc;
688 }
689
690 /**
691 * plpks_write_var() - Write the specified variable and its data to PLPKS.
692 * @var: variable to be written into the PLPKS
693 *
694 * The H_PKS_WRITE_OBJECT HCALL writes an object into the PLPKS. The caller must
695 * provide a valid component type for the variable, and the signed update policy
696 * flag must not be set.
697 *
698 * Possible reasons for the returned errno values:
699 *
700 * -ENXIO if PLPKS is not supported
701 * -EIO if PLPKS access is blocked due to the LPAR's state
702 * if PLPKS modification is blocked due to the LPAR's state
703 * if an error occurred while processing the request
704 * -EINVAL if invalid authorization parameter
705 * if invalid object label parameter
706 * if invalid object label len parameter
707 * if invalid or unsupported policy declaration
708 * if invalid input data parameter
709 * if invalid input data len parameter
710 * -EPERM if access is denied
711 * -ENOMEM if unable to store the requested object in the space available
712 * -EBUSY if unable to handle the request
713 * -EEXIST if the object label already exists
714 *
715 * Returns: On success 0 is returned, a negative errno if not.
716 */
plpks_write_var(struct plpks_var var)717 int plpks_write_var(struct plpks_var var)
718 {
719 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
720 struct plpks_auth *auth;
721 struct label *label;
722 int rc;
723
724 if (!var.component || !var.data || var.datalen <= 0 ||
725 var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE)
726 return -EINVAL;
727
728 if (var.policy & PLPKS_SIGNEDUPDATE)
729 return -EINVAL;
730
731 if (var.policy & PLPKS_WRAPPINGKEY)
732 return -EINVAL;
733
734 auth = construct_auth(PLPKS_OS_OWNER);
735 if (IS_ERR(auth))
736 return PTR_ERR(auth);
737
738 label = construct_label(var.component, var.os, var.name, var.namelen);
739 if (IS_ERR(label)) {
740 rc = PTR_ERR(label);
741 goto out;
742 }
743
744 rc = plpar_hcall(H_PKS_WRITE_OBJECT, retbuf, virt_to_phys(auth),
745 virt_to_phys(label), label->size, var.policy,
746 virt_to_phys(var.data), var.datalen);
747
748 if (!rc)
749 rc = plpks_confirm_object_flushed(label, auth);
750
751 rc = pseries_status_to_err(rc);
752 kfree(label);
753 out:
754 kfree(auth);
755
756 return rc;
757 }
758
759 /**
760 * plpks_remove_var() - Remove the specified variable and its data from PLPKS.
761 * @component: metadata prefix in the object label metadata structure
762 * @varos: metadata OS flags in the object label metadata structure
763 * @vname: object label for the object that needs to be removed
764 *
765 * The H_PKS_REMOVE_OBJECT HCALL removes an object from the PLPKS. The removal
766 * is independent of the policy bits that are set.
767 *
768 * Possible reasons for the returned errno values:
769 *
770 * -ENXIO if PLPKS is not supported
771 * -EIO if PLPKS access is blocked due to the LPAR's state
772 * if PLPKS modification is blocked due to the LPAR's state
773 * if an error occurred while processing the request
774 * -EINVAL if invalid authorization parameter
775 * if invalid object label parameter
776 * if invalid object label len parameter
777 * -EPERM if access is denied
778 * -ENOENT if the requested object was not found
779 * -EBUSY if unable to handle the request
780 *
781 * Returns: On success 0 is returned, a negative errno if not.
782 */
plpks_remove_var(char * component,u8 varos,struct plpks_var_name vname)783 int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname)
784 {
785 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
786 struct plpks_auth *auth;
787 struct label *label;
788 int rc;
789
790 if (vname.namelen > PLPKS_MAX_NAME_SIZE)
791 return -EINVAL;
792
793 auth = construct_auth(PLPKS_OS_OWNER);
794 if (IS_ERR(auth))
795 return PTR_ERR(auth);
796
797 label = construct_label(component, varos, vname.name, vname.namelen);
798 if (IS_ERR(label)) {
799 rc = PTR_ERR(label);
800 goto out;
801 }
802
803 rc = plpar_hcall(H_PKS_REMOVE_OBJECT, retbuf, virt_to_phys(auth),
804 virt_to_phys(label), label->size);
805
806 if (!rc)
807 rc = plpks_confirm_object_flushed(label, auth);
808
809 rc = pseries_status_to_err(rc);
810 kfree(label);
811 out:
812 kfree(auth);
813
814 return rc;
815 }
816
plpks_read_var(u8 consumer,struct plpks_var * var)817 static int plpks_read_var(u8 consumer, struct plpks_var *var)
818 {
819 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
820 struct plpks_auth *auth;
821 struct label *label = NULL;
822 u8 *output;
823 int rc;
824
825 if (var->namelen > PLPKS_MAX_NAME_SIZE)
826 return -EINVAL;
827
828 if (var->policy & PLPKS_WRAPPINGKEY)
829 return -EINVAL;
830
831 auth = construct_auth(consumer);
832 if (IS_ERR(auth))
833 return PTR_ERR(auth);
834
835 if (consumer == PLPKS_OS_OWNER) {
836 label = construct_label(var->component, var->os, var->name,
837 var->namelen);
838 if (IS_ERR(label)) {
839 rc = PTR_ERR(label);
840 goto out_free_auth;
841 }
842 }
843
844 output = kzalloc(maxobjsize, GFP_KERNEL);
845 if (!output) {
846 rc = -ENOMEM;
847 goto out_free_label;
848 }
849
850 if (consumer == PLPKS_OS_OWNER)
851 rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
852 virt_to_phys(label), label->size, virt_to_phys(output),
853 maxobjsize);
854 else
855 rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth),
856 virt_to_phys(var->name), var->namelen, virt_to_phys(output),
857 maxobjsize);
858
859
860 if (rc != H_SUCCESS) {
861 rc = pseries_status_to_err(rc);
862 goto out_free_output;
863 }
864
865 if (!var->data || var->datalen > retbuf[0])
866 var->datalen = retbuf[0];
867
868 var->policy = retbuf[1];
869
870 if (var->data)
871 memcpy(var->data, output, var->datalen);
872
873 rc = 0;
874
875 out_free_output:
876 kfree(output);
877 out_free_label:
878 kfree(label);
879 out_free_auth:
880 kfree(auth);
881
882 return rc;
883 }
884
885 /**
886 * plpks_wrapping_is_supported() - Get the H_PKS_WRAP_OBJECT interface
887 * availability status for the LPAR.
888 *
889 * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization
890 * sets bit 3 of the flags variable in the PLPKS config structure if the
891 * H_PKS_WRAP_OBJECT interface is supported.
892 *
893 * Returns: true if the H_PKS_WRAP_OBJECT interface is supported, false if not.
894 */
plpks_wrapping_is_supported(void)895 bool plpks_wrapping_is_supported(void)
896 {
897 return wrapsupport;
898 }
899 EXPORT_SYMBOL_GPL(plpks_wrapping_is_supported);
900
901 /**
902 * plpks_gen_wrapping_key() - Generate a new random key with the 'wrapping key'
903 * policy set.
904 *
905 * The H_PKS_GEN_KEY HCALL makes the hypervisor generate a new random key and
906 * store the key in a PLPKS object with the provided object label. With the
907 * 'wrapping key' policy set, only the label to the newly generated random key
908 * would be visible to the user.
909 *
910 * Possible reasons for the returned errno values:
911 *
912 * -ENXIO if PLPKS is not supported
913 * -EIO if PLPKS access is blocked due to the LPAR's state
914 * if PLPKS modification is blocked due to the LPAR's state
915 * if an error occurred while processing the request
916 * -EINVAL if invalid authorization parameter
917 * if invalid object label parameter
918 * if invalid object label len parameter
919 * if invalid or unsupported policy declaration
920 * if invalid output buffer parameter
921 * if invalid output buffer length parameter
922 * -EPERM if access is denied
923 * -ENOMEM if there is inadequate memory to perform this operation
924 * -EBUSY if unable to handle the request
925 * -EEXIST if the object label already exists
926 *
927 * Returns: On success 0 is returned, a negative errno if not.
928 */
plpks_gen_wrapping_key(void)929 int plpks_gen_wrapping_key(void)
930 {
931 unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };
932 struct plpks_auth *auth;
933 struct label *label;
934 int rc = 0, pseries_status = 0;
935 struct plpks_var var = {
936 .name = PLPKS_WRAPKEY_NAME,
937 .namelen = strlen(var.name),
938 .policy = PLPKS_WRAPPINGKEY,
939 .os = PLPKS_VAR_LINUX,
940 .component = PLPKS_WRAPKEY_COMPONENT
941 };
942
943 auth = construct_auth(PLPKS_OS_OWNER);
944 if (IS_ERR(auth))
945 return PTR_ERR(auth);
946
947 label = construct_label(var.component, var.os, var.name, var.namelen);
948 if (IS_ERR(label)) {
949 rc = PTR_ERR(label);
950 goto out;
951 }
952
953 rc = plpar_hcall(H_PKS_GEN_KEY, retbuf,
954 virt_to_phys(auth), virt_to_phys(label),
955 label->size, var.policy,
956 NULL, PLPKS_WRAPPING_KEY_LENGTH);
957
958 if (!rc)
959 rc = plpks_confirm_object_flushed(label, auth);
960
961 pseries_status = rc;
962 rc = pseries_status_to_err(rc);
963
964 if (rc && rc != -EEXIST) {
965 pr_err("H_PKS_GEN_KEY failed. pseries_status=%d, rc=%d",
966 pseries_status, rc);
967 } else {
968 rc = 0;
969 }
970
971 kfree(label);
972 out:
973 kfree(auth);
974 return rc;
975 }
976 EXPORT_SYMBOL_GPL(plpks_gen_wrapping_key);
977
978 /**
979 * plpks_wrap_object() - Wrap an object using the default wrapping key stored in
980 * the PLPKS.
981 * @input_buf: buffer containing the data to be wrapped
982 * @input_len: length of the input buffer
983 * @wrap_flags: object wrapping flags
984 * @output_buf: buffer to store the wrapped data
985 * @output_len: length of the output buffer
986 *
987 * The H_PKS_WRAP_OBJECT HCALL wraps an object using a wrapping key stored in
988 * the PLPKS and returns the wrapped object to the caller. The caller provides a
989 * label to the wrapping key with the 'wrapping key' policy set that must have
990 * been previously created with the H_PKS_GEN_KEY HCALL. The provided object is
991 * then encrypted with the wrapping key and additional metadata and the result
992 * is returned to the user. The metadata includes the wrapping algorithm and the
993 * wrapping key name so those parameters are not required during unwrap.
994 *
995 * Possible reasons for the returned errno values:
996 *
997 * -ENXIO if PLPKS is not supported
998 * -EIO if PLPKS access is blocked due to the LPAR's state
999 * if PLPKS modification is blocked due to the LPAR's state
1000 * if an error occurred while processing the request
1001 * -EINVAL if invalid authorization parameter
1002 * if invalid wrapping key label parameter
1003 * if invalid wrapping key label length parameter
1004 * if invalid or unsupported object wrapping flags
1005 * if invalid input buffer parameter
1006 * if invalid input buffer length parameter
1007 * if invalid output buffer parameter
1008 * if invalid output buffer length parameter
1009 * if invalid continue token parameter
1010 * if the wrapping key is not compatible with the wrapping
1011 * algorithm
1012 * -EPERM if access is denied
1013 * -ENOENT if the requested wrapping key was not found
1014 * -EBUSY if unable to handle the request or long running operation
1015 * initiated, retry later.
1016 *
1017 * Returns: On success 0 is returned, a negative errno if not.
1018 */
plpks_wrap_object(u8 ** input_buf,u32 input_len,u16 wrap_flags,u8 ** output_buf,u32 * output_len)1019 int plpks_wrap_object(u8 **input_buf, u32 input_len, u16 wrap_flags,
1020 u8 **output_buf, u32 *output_len)
1021 {
1022 unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = { 0 };
1023 struct plpks_auth *auth;
1024 struct label *label;
1025 u64 continuetoken = 0;
1026 u64 objwrapflags = 0;
1027 int rc = 0, pseries_status = 0;
1028 bool sb_audit_or_enforce_bit = wrap_flags & BIT(0);
1029 bool sb_enforce_bit = wrap_flags & BIT(1);
1030 struct plpks_var var = {
1031 .name = PLPKS_WRAPKEY_NAME,
1032 .namelen = strlen(var.name),
1033 .os = PLPKS_VAR_LINUX,
1034 .component = PLPKS_WRAPKEY_COMPONENT
1035 };
1036
1037 auth = construct_auth(PLPKS_OS_OWNER);
1038 if (IS_ERR(auth))
1039 return PTR_ERR(auth);
1040
1041 label = construct_label(var.component, var.os, var.name, var.namelen);
1042 if (IS_ERR(label)) {
1043 rc = PTR_ERR(label);
1044 goto out;
1045 }
1046
1047 /* Set the consumer password requirement bit. A must have. */
1048 objwrapflags |= WRAPFLAG_BE_BIT_SET(3);
1049
1050 /* Set the wrapping algorithm bit. Just one algorithm option for now */
1051 objwrapflags |= WRAPFLAG_BE_FIELD_PREP(60, 63, 0x1);
1052
1053 if (sb_audit_or_enforce_bit & sb_enforce_bit) {
1054 pr_err("Cannot set both audit/enforce and enforce bits.");
1055 rc = -EINVAL;
1056 goto out_free_label;
1057 } else if (sb_audit_or_enforce_bit) {
1058 objwrapflags |= WRAPFLAG_BE_BIT_SET(1);
1059 } else if (sb_enforce_bit) {
1060 objwrapflags |= WRAPFLAG_BE_BIT_SET(2);
1061 }
1062
1063 *output_len = input_len + PLPKS_WRAPPING_BUF_DIFF;
1064
1065 *output_buf = kzalloc(ALIGN(*output_len, PLPKS_WRAPPING_BUF_ALIGN),
1066 GFP_KERNEL);
1067 if (!(*output_buf)) {
1068 pr_err("Output buffer allocation failed. Returning -ENOMEM.");
1069 rc = -ENOMEM;
1070 goto out_free_label;
1071 }
1072
1073 do {
1074 rc = plpar_hcall9(H_PKS_WRAP_OBJECT, retbuf,
1075 virt_to_phys(auth), virt_to_phys(label),
1076 label->size, objwrapflags,
1077 virt_to_phys(*input_buf), input_len,
1078 virt_to_phys(*output_buf), *output_len,
1079 continuetoken);
1080
1081 continuetoken = retbuf[0];
1082 pseries_status = rc;
1083 rc = pseries_status_to_err(rc);
1084 } while (rc == -EBUSY);
1085
1086 if (rc) {
1087 pr_err("H_PKS_WRAP_OBJECT failed. pseries_status=%d, rc=%d",
1088 pseries_status, rc);
1089 kfree(*output_buf);
1090 *output_buf = NULL;
1091 } else {
1092 *output_len = retbuf[1];
1093 }
1094
1095 out_free_label:
1096 kfree(label);
1097 out:
1098 kfree(auth);
1099 return rc;
1100 }
1101 EXPORT_SYMBOL_GPL(plpks_wrap_object);
1102
1103 /**
1104 * plpks_unwrap_object() - Unwrap an object using the default wrapping key
1105 * stored in the PLPKS.
1106 * @input_buf: buffer containing the data to be unwrapped
1107 * @input_len: length of the input buffer
1108 * @output_buf: buffer to store the unwrapped data
1109 * @output_len: length of the output buffer
1110 *
1111 * The H_PKS_UNWRAP_OBJECT HCALL unwraps an object that was previously wrapped
1112 * using the H_PKS_WRAP_OBJECT HCALL.
1113 *
1114 * Possible reasons for the returned errno values:
1115 *
1116 * -ENXIO if PLPKS is not supported
1117 * -EIO if PLPKS access is blocked due to the LPAR's state
1118 * if PLPKS modification is blocked due to the LPAR's state
1119 * if an error occurred while processing the request
1120 * -EINVAL if invalid authorization parameter
1121 * if invalid or unsupported object unwrapping flags
1122 * if invalid input buffer parameter
1123 * if invalid input buffer length parameter
1124 * if invalid output buffer parameter
1125 * if invalid output buffer length parameter
1126 * if invalid continue token parameter
1127 * if the wrapping key is not compatible with the wrapping
1128 * algorithm
1129 * if the wrapped object's format is not supported
1130 * if the wrapped object is invalid
1131 * -EPERM if access is denied
1132 * -ENOENT if the wrapping key for the provided object was not found
1133 * -EBUSY if unable to handle the request or long running operation
1134 * initiated, retry later.
1135 *
1136 * Returns: On success 0 is returned, a negative errno if not.
1137 */
plpks_unwrap_object(u8 ** input_buf,u32 input_len,u8 ** output_buf,u32 * output_len)1138 int plpks_unwrap_object(u8 **input_buf, u32 input_len, u8 **output_buf,
1139 u32 *output_len)
1140 {
1141 unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = { 0 };
1142 struct plpks_auth *auth;
1143 u64 continuetoken = 0;
1144 u64 objwrapflags = 0;
1145 int rc = 0, pseries_status = 0;
1146
1147 auth = construct_auth(PLPKS_OS_OWNER);
1148 if (IS_ERR(auth))
1149 return PTR_ERR(auth);
1150
1151 *output_len = input_len - PLPKS_WRAPPING_BUF_DIFF;
1152 *output_buf = kzalloc(ALIGN(*output_len, PLPKS_WRAPPING_BUF_ALIGN),
1153 GFP_KERNEL);
1154 if (!(*output_buf)) {
1155 pr_err("Output buffer allocation failed. Returning -ENOMEM.");
1156 rc = -ENOMEM;
1157 goto out;
1158 }
1159
1160 do {
1161 rc = plpar_hcall9(H_PKS_UNWRAP_OBJECT, retbuf,
1162 virt_to_phys(auth), objwrapflags,
1163 virt_to_phys(*input_buf), input_len,
1164 virt_to_phys(*output_buf), *output_len,
1165 continuetoken);
1166
1167 continuetoken = retbuf[0];
1168 pseries_status = rc;
1169 rc = pseries_status_to_err(rc);
1170 } while (rc == -EBUSY);
1171
1172 if (rc) {
1173 pr_err("H_PKS_UNWRAP_OBJECT failed. pseries_status=%d, rc=%d",
1174 pseries_status, rc);
1175 kfree(*output_buf);
1176 *output_buf = NULL;
1177 } else {
1178 *output_len = retbuf[1];
1179 }
1180
1181 out:
1182 kfree(auth);
1183 return rc;
1184 }
1185 EXPORT_SYMBOL_GPL(plpks_unwrap_object);
1186
1187 /**
1188 * plpks_read_os_var() - Fetch the data for the specified variable that is owned
1189 * by the OS consumer.
1190 * @var: variable to be read from the PLPKS
1191 *
1192 * The consumer or the owner of the object is the os kernel. The
1193 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1194 * allocate the buffer var->data and specify the length for this buffer in
1195 * var->datalen. If no buffer is provided, var->datalen will be populated with
1196 * the requested object's size.
1197 *
1198 * Possible reasons for the returned errno values:
1199 *
1200 * -ENXIO if PLPKS is not supported
1201 * -EIO if PLPKS access is blocked due to the LPAR's state
1202 * if an error occurred while processing the request
1203 * -EINVAL if invalid authorization parameter
1204 * if invalid object label parameter
1205 * if invalid object label len parameter
1206 * if invalid output data parameter
1207 * if invalid output data len parameter
1208 * -EPERM if access is denied
1209 * -ENOENT if the requested object was not found
1210 * -EFBIG if the requested object couldn't be
1211 * stored in the buffer provided
1212 * -EBUSY if unable to handle the request
1213 *
1214 * Returns: On success 0 is returned, a negative errno if not.
1215 */
plpks_read_os_var(struct plpks_var * var)1216 int plpks_read_os_var(struct plpks_var *var)
1217 {
1218 return plpks_read_var(PLPKS_OS_OWNER, var);
1219 }
1220
1221 /**
1222 * plpks_read_fw_var() - Fetch the data for the specified variable that is
1223 * owned by the firmware consumer.
1224 * @var: variable to be read from the PLPKS
1225 *
1226 * The consumer or the owner of the object is the firmware. The
1227 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1228 * allocate the buffer var->data and specify the length for this buffer in
1229 * var->datalen. If no buffer is provided, var->datalen will be populated with
1230 * the requested object's size.
1231 *
1232 * Possible reasons for the returned errno values:
1233 *
1234 * -ENXIO if PLPKS is not supported
1235 * -EIO if PLPKS access is blocked due to the LPAR's state
1236 * if an error occurred while processing the request
1237 * -EINVAL if invalid authorization parameter
1238 * if invalid object label parameter
1239 * if invalid object label len parameter
1240 * if invalid output data parameter
1241 * if invalid output data len parameter
1242 * -EPERM if access is denied
1243 * -ENOENT if the requested object was not found
1244 * -EFBIG if the requested object couldn't be
1245 * stored in the buffer provided
1246 * -EBUSY if unable to handle the request
1247 *
1248 * Returns: On success 0 is returned, a negative errno if not.
1249 */
plpks_read_fw_var(struct plpks_var * var)1250 int plpks_read_fw_var(struct plpks_var *var)
1251 {
1252 return plpks_read_var(PLPKS_FW_OWNER, var);
1253 }
1254
1255 /**
1256 * plpks_read_bootloader_var() - Fetch the data for the specified variable
1257 * owned by the bootloader consumer.
1258 * @var: variable to be read from the PLPKS
1259 *
1260 * The consumer or the owner of the object is the bootloader. The
1261 * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must
1262 * allocate the buffer var->data and specify the length for this buffer in
1263 * var->datalen. If no buffer is provided, var->datalen will be populated with
1264 * the requested object's size.
1265 *
1266 * Possible reasons for the returned errno values:
1267 *
1268 * -ENXIO if PLPKS is not supported
1269 * -EIO if PLPKS access is blocked due to the LPAR's state
1270 * if an error occurred while processing the request
1271 * -EINVAL if invalid authorization parameter
1272 * if invalid object label parameter
1273 * if invalid object label len parameter
1274 * if invalid output data parameter
1275 * if invalid output data len parameter
1276 * -EPERM if access is denied
1277 * -ENOENT if the requested object was not found
1278 * -EFBIG if the requested object couldn't be
1279 * stored in the buffer provided
1280 * -EBUSY if unable to handle the request
1281 *
1282 * Returns: On success 0 is returned, a negative errno if not.
1283 */
plpks_read_bootloader_var(struct plpks_var * var)1284 int plpks_read_bootloader_var(struct plpks_var *var)
1285 {
1286 return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var);
1287 }
1288
1289 /**
1290 * plpks_populate_fdt(): Populates the FDT with the PLPKS password to prepare
1291 * for kexec.
1292 * @fdt: pointer to the device tree blob
1293 *
1294 * Upon confirming the existence of the chosen node, invoke fdt_setprop to
1295 * populate the device tree with the PLPKS password in order to prepare for
1296 * kexec.
1297 *
1298 * Returns: On success 0 is returned, a negative value if not.
1299 */
plpks_populate_fdt(void * fdt)1300 int plpks_populate_fdt(void *fdt)
1301 {
1302 int chosen_offset = fdt_path_offset(fdt, "/chosen");
1303
1304 if (chosen_offset < 0) {
1305 pr_err("Can't find chosen node: %s\n",
1306 fdt_strerror(chosen_offset));
1307 return chosen_offset;
1308 }
1309
1310 return fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw", ospassword, ospasswordlength);
1311 }
1312
1313 /**
1314 * plpks_early_init_devtree() - Retrieves and clears the PLPKS password from the
1315 * DT in early init.
1316 *
1317 * Once a password is registered with the hypervisor it cannot be cleared
1318 * without rebooting the LPAR, so to keep using the PLPKS across kexec boots we
1319 * need to recover the previous password from the FDT.
1320 *
1321 * There are a few challenges here. We don't want the password to be visible to
1322 * users, so we need to clear it from the FDT. This has to be done in early
1323 * boot. Clearing it from the FDT would make the FDT's checksum invalid, so we
1324 * have to manually cause the checksum to be recalculated.
1325 */
plpks_early_init_devtree(void)1326 void __init plpks_early_init_devtree(void)
1327 {
1328 void *fdt = initial_boot_params;
1329 int chosen_node = fdt_path_offset(fdt, "/chosen");
1330 const u8 *password;
1331 int len;
1332
1333 if (chosen_node < 0)
1334 return;
1335
1336 password = fdt_getprop(fdt, chosen_node, "ibm,plpks-pw", &len);
1337 if (len <= 0) {
1338 pr_debug("Couldn't find ibm,plpks-pw node.\n");
1339 return;
1340 }
1341
1342 ospassword = memblock_alloc_raw(len, SMP_CACHE_BYTES);
1343 if (!ospassword) {
1344 pr_err("Error allocating memory for password.\n");
1345 goto out;
1346 }
1347
1348 memcpy(ospassword, password, len);
1349 ospasswordlength = (u16)len;
1350
1351 out:
1352 fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw");
1353 // Since we've cleared the password, we must update the FDT checksum
1354 early_init_dt_verify(fdt, __pa(fdt));
1355 }
1356
pseries_plpks_init(void)1357 static __init int pseries_plpks_init(void)
1358 {
1359 int rc;
1360
1361 if (!firmware_has_feature(FW_FEATURE_PLPKS))
1362 return -ENODEV;
1363
1364 rc = _plpks_get_config();
1365
1366 if (rc) {
1367 pr_err("POWER LPAR Platform KeyStore is not supported or enabled\n");
1368 return rc;
1369 }
1370
1371 rc = plpks_gen_password();
1372 if (rc)
1373 pr_err("Failed setting POWER LPAR Platform KeyStore Password\n");
1374 else
1375 pr_info("POWER LPAR Platform KeyStore initialized successfully\n");
1376
1377 return rc;
1378 }
1379 machine_arch_initcall(pseries, pseries_plpks_init);
1380