lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250318-plat2faux_dev-v2-5-e6cc73f78478@arm.com>
Date: Tue, 18 Mar 2025 17:01:43 +0000
From: Sudeep Holla <sudeep.holla@....com>
To: linux-kernel@...r.kernel.org
Cc: Sudeep Holla <sudeep.holla@....com>, 
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
 Ard Biesheuvel <ardb@...nel.org>, linux-efi@...r.kernel.org
Subject: [PATCH v2 5/8] virt: efi_secret: Transition to the faux device
 interface

The EFI secret area driver does not require the creation of a platform
device. Originally, this approach was chosen for simplicity when the
driver was first implemented.

With the introduction of the lightweight faux device interface, we now
have a more appropriate alternative. Migrate the driver to utilize the
faux bus, given that the platform device it previously created was not
a real one anyway. This will simplify the code, reducing its footprint
while maintaining functionality.

Cc: Ard Biesheuvel <ardb@...nel.org>
Cc: linux-efi@...r.kernel.org
Signed-off-by: Sudeep Holla <sudeep.holla@....com>
---
 drivers/firmware/efi/efi.c                |  5 -----
 drivers/virt/coco/efi_secret/efi_secret.c | 29 ++++++++---------------------
 2 files changed, 8 insertions(+), 26 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 8aebc747c65bc1b63d514a50fe6f35a9e3c1af0a..862b7744c28ecc9e5a64bbb3533c34119f50267f 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -465,11 +465,6 @@ static int __init efisubsys_init(void)
 	if (efi_enabled(EFI_DBG) && efi_enabled(EFI_PRESERVE_BS_REGIONS))
 		efi_debugfs_init();
 
-#ifdef CONFIG_EFI_COCO_SECRET
-	if (efi.coco_secret != EFI_INVALID_TABLE_ADDR)
-		platform_device_register_simple("efi_secret", 0, NULL, 0);
-#endif
-
 	return 0;
 
 err_remove_group:
diff --git a/drivers/virt/coco/efi_secret/efi_secret.c b/drivers/virt/coco/efi_secret/efi_secret.c
index 1864f9f80617e082feb574a15327949972c8cc1e..a60976750bef787c78401bf4569ee5d0c7d2b5f4 100644
--- a/drivers/virt/coco/efi_secret/efi_secret.c
+++ b/drivers/virt/coco/efi_secret/efi_secret.c
@@ -16,7 +16,7 @@
  * is the GUID of the secret entry, and its content is the secret data.
  */
 
-#include <linux/platform_device.h>
+#include <linux/device/faux.h>
 #include <linux/seq_file.h>
 #include <linux/fs.h>
 #include <linux/kernel.h>
@@ -152,17 +152,12 @@ static const struct inode_operations efi_secret_dir_inode_operations = {
 	.unlink         = efi_secret_unlink,
 };
 
-static int efi_secret_map_area(struct platform_device *dev)
+static int efi_secret_map_area(struct faux_device *dev)
 {
 	int ret;
 	struct efi_secret *s = efi_secret_get();
 	struct linux_efi_coco_secret_area *secret_area;
 
-	if (efi.coco_secret == EFI_INVALID_TABLE_ADDR) {
-		dev_err(&dev->dev, "Secret area address is not available\n");
-		return -EINVAL;
-	}
-
 	secret_area = memremap(efi.coco_secret, sizeof(*secret_area), MEMREMAP_WB);
 	if (secret_area == NULL) {
 		dev_err(&dev->dev, "Could not map secret area EFI config entry\n");
@@ -191,7 +186,7 @@ static int efi_secret_map_area(struct platform_device *dev)
 	return ret;
 }
 
-static void efi_secret_securityfs_teardown(struct platform_device *dev)
+static void efi_secret_securityfs_teardown(struct faux_device *dev)
 {
 	struct efi_secret *s = efi_secret_get();
 	int i;
@@ -210,7 +205,7 @@ static void efi_secret_securityfs_teardown(struct platform_device *dev)
 	dev_dbg(&dev->dev, "Removed securityfs entries\n");
 }
 
-static int efi_secret_securityfs_setup(struct platform_device *dev)
+static int efi_secret_securityfs_setup(struct faux_device *dev)
 {
 	struct efi_secret *s = efi_secret_get();
 	int ret = 0, i = 0, bytes_left;
@@ -307,7 +302,7 @@ static void efi_secret_unmap_area(void)
 	}
 }
 
-static int efi_secret_probe(struct platform_device *dev)
+static int efi_secret_probe(struct faux_device *dev)
 {
 	int ret;
 
@@ -326,23 +321,15 @@ static int efi_secret_probe(struct platform_device *dev)
 	return ret;
 }
 
-static void efi_secret_remove(struct platform_device *dev)
+static void efi_secret_remove(struct faux_device *dev)
 {
 	efi_secret_securityfs_teardown(dev);
 	efi_secret_unmap_area();
 }
 
-static struct platform_driver efi_secret_driver = {
-	.probe = efi_secret_probe,
-	.remove = efi_secret_remove,
-	.driver = {
-		.name = "efi_secret",
-	},
-};
-
-module_platform_driver(efi_secret_driver);
+module_faux_driver(efi_secret, efi_secret_probe, efi_secret_remove,
+		   efi.coco_secret != EFI_INVALID_TABLE_ADDR);
 
 MODULE_DESCRIPTION("Confidential computing EFI secret area access");
 MODULE_AUTHOR("IBM");
 MODULE_LICENSE("GPL");
-MODULE_ALIAS("platform:efi_secret");

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ