lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 May 2023 11:37:02 +0200
From:   Steffen Eiden <seiden@...ux.ibm.com>
To:     kvm@...r.kernel.org, linux-s390@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Viktor Mihajlovski <mihajlov@...ux.ibm.com>
Cc:     Janosch Frank <frankja@...ux.ibm.com>,
        Claudio Imbrenda <imbrenda@...ux.ibm.com>,
        Nico Boehr <nrb@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ux.ibm.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Hendrik Brueckner <brueckner@...ux.ibm.com>
Subject: [PATCH v2 0/6] s390/uvdevice: Expose secret UVCs

IBM Secure Execution guests may want to inject secrets into the Ultravisor(UV).
Also they should be able to know which secrets the UV possesses and prevent the
further addition of more secrets.

Therefore, add three new Ultravisor-Calls and expose them via the uvdevice:
Add Secret, List Secrets, and Lock Secrets.
The uvdevice still acts as the messenger only and does not inspect or modify
the requests. Only some sanity checks are made to prevent the kernel from corruption.
Also add a new IOCTL to get information about the supported UV-calls of the uvdevice.
As userspace wants to know which secrets, types, etc. are supported expose the corresponding
UV Query info data to userspace via sysfs.

The series contains:
  * A new info IOCTL, giving information about the capabilities of the uvdevice and UV
  * 3 patches adding new Ultravisor-Calls and expose them to userspace
  * A patch replacing scnprintf with sysfs_emit in arch/s390/kernel/uv.c
  * A patch with an Ultravisor Query Info update for the new secret related information


Changes for v2:
  * use __set_bit instead of the atomic set_bit (Heiko)
  * add a patch for replacing scnprintf with sysfs_emit in arch/s390/kernel/uv.c (Heiko)
  * use scnprintf instead of sysfs_emit for the new sysfs entries in the last patch (Heiko)
  * use hex values in struct definitions (Claudio)



Steffen

Steffen Eiden (6):
  s390/uvdevice: Add info IOCTL
  s390/uvdevice: Add 'Add Secret' UVC
  s390/uvdevice: Add 'List Secrets' UVC
  s390/uvdevice: Add 'Lock Secret Store' UVC
  s390/uv: replace scnprintf with sysfs_emit
  s390/uv: Update query for secret-UVCs

 arch/s390/boot/uv.c                   |   4 +
 arch/s390/include/asm/uv.h            |  32 +++-
 arch/s390/include/uapi/asm/uvdevice.h |  56 ++++++-
 arch/s390/kernel/uv.c                 |  76 ++++++---
 drivers/s390/char/uvdevice.c          | 229 +++++++++++++++++++++++++-
 5 files changed, 366 insertions(+), 31 deletions(-)

-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ