lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <344b4019-0c7c-4e08-ab50-f03b1d51277c@linux.ibm.com>
Date: Tue, 1 Oct 2024 13:41:58 +0200
From: Janosch Frank <frankja@...ux.ibm.com>
To: Steffen Eiden <seiden@...ux.ibm.com>, linux-kernel@...r.kernel.org,
        linux-s390@...r.kernel.org
Cc: Ingo Franzki <ifranzki@...ux.ibm.com>,
        Harald Freudenberger <freude@...ux.ibm.com>,
        Christoph Schlameuss <schlameuss@...ux.ibm.com>,
        Claudio Imbrenda <imbrenda@...ux.ibm.com>
Subject: Re: [PATCH v1 2/2] s390/uv: Provide host-key hashes in sysfs

On 9/30/24 3:20 PM, Steffen Eiden wrote:
> Utilize the new Query Ultravisor Keys to give user space the information
> which host-keys are installed on the system.
> 
> Create a new sysfs directory 'firmware/uv/keys' that contains the hash
> of the host-key and the backup host-key of that system. Additionally,
> the file 'all' contains the response from the UVC possibly containing
> more key-hashes than currently known.
> 
> Reviewed-by: Christoph Schlameuss <schlameuss@...ux.ibm.com>
> Signed-off-by: Steffen Eiden <seiden@...ux.ibm.com>
> ---
>   arch/s390/include/asm/uv.h | 16 ++++++++
>   arch/s390/kernel/uv.c      | 75 ++++++++++++++++++++++++++++++++++++++
>   2 files changed, 91 insertions(+)
> 
> diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
> index 153d93468b77..7eda73073cdd 100644
> --- a/arch/s390/include/asm/uv.h
> +++ b/arch/s390/include/asm/uv.h
> @@ -31,6 +31,7 @@
>   #define UVC_RC_NEED_DESTROY	0x8000
>   
>   #define UVC_CMD_QUI			0x0001
> +#define UVC_CMD_QUK			0x0002

Should've used the long form here as well.

>   #define UVC_CMD_INIT_UV			0x000f
>   #define UVC_CMD_CREATE_SEC_CONF		0x0100
>   #define UVC_CMD_DESTROY_SEC_CONF	0x0101
> @@ -94,6 +95,7 @@ enum uv_cmds_inst {
>   	BIT_UVC_CMD_ADD_SECRET = 29,
>   	BIT_UVC_CMD_LIST_SECRETS = 30,
>   	BIT_UVC_CMD_LOCK_SECRETS = 31,
> +	BIT_UVC_CMD_QUERY_KEYS = 34,
>   };
>   

[...]

>   static int __init uv_sysfs_dir_init(const struct attribute_group *grp,
> @@ -789,6 +859,11 @@ static int __init uv_sysfs_init(void)
>   	rc = uv_sysfs_dir_init(&uv_query_attr_group, &uv_query_kset, "query");
>   	if (rc)
>   		goto out_ind_files;
> +
> +	// Get installed key hashes if available, ignore any errors

Please use:
/* */

> +	if (test_bit_inv(BIT_UVC_CMD_QUERY_KEYS, uv_info.inst_calls_list))
> +		uv_sysfs_dir_init(&uv_keys_attr_group, &uv_keys_kset, "keys");
> +
>   	return 0;
>   
>   out_ind_files:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ