[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2b7145a2-1cfb-4b1a-929c-10a03747119e@linux.ibm.com>
Date: Wed, 7 May 2025 00:29:50 +0530
From: Srish Srinivasan <ssrish@...ux.ibm.com>
To: Andrew Donnellan <ajd@...ux.ibm.com>, linux-integrity@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org
Cc: maddy@...ux.ibm.com, mpe@...erman.id.au, npiggin@...il.com,
christophe.leroy@...roup.eu, naveen@...nel.org, zohar@...ux.ibm.com,
nayna@...ux.ibm.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] powerpc/pseries: Correct secvar format representation
for static key management
On 5/5/25 2:06 PM, Andrew Donnellan wrote:
> On Wed, 2025-04-30 at 14:33 +0530, Srish Srinivasan wrote:
>> On a PLPKS enabled PowerVM LPAR, the secvar format property for
>> static
>> key management is misrepresented as "ibm,plpks-sb-unknown", creating
>> reason for confusion.
>>
>> Static key management mode uses fixed, built-in keys. Dynamic key
>> management mode allows keys to be updated in production to handle
>> security updates without firmware rebuilds.
>>
>> Define a function named plpks_get_sb_keymgmt_mode() to retrieve the
>> key management mode based on the existence of the SB_VERSION property
>> in the firmware.
>>
>> Set the secvar format property to either "ibm,plpks-sb-v1" or
>> "ibm,plpks-sb-v0" based on the key management mode, and return the
>> length of the secvar format property.
>>
>> Co-developed-by: Souradeep <soura@...p.linux.ibm.com>
>> Signed-off-by: Souradeep <soura@...p.linux.ibm.com>
>> Signed-off-by: Srish Srinivasan <ssrish@...ux.ibm.com>
>> Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
>> Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
>> ---
>> arch/powerpc/platforms/pseries/plpks-secvar.c | 70 +++++++++++------
>> --
>> 1 file changed, 40 insertions(+), 30 deletions(-)
>>
>> diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c
>> b/arch/powerpc/platforms/pseries/plpks-secvar.c
>> index 257fd1f8bc19..d57067a733ab 100644
>> --- a/arch/powerpc/platforms/pseries/plpks-secvar.c
>> +++ b/arch/powerpc/platforms/pseries/plpks-secvar.c
>> @@ -152,39 +152,49 @@ static int plpks_set_variable(const char *key,
>> u64 key_len, u8 *data,
>> return rc;
>> }
>>
>> -// PLPKS dynamic secure boot doesn't give us a format string in the
>> same way OPAL does.
>> -// Instead, report the format using the SB_VERSION variable in the
>> keystore.
>> -// The string is made up by us, and takes the form "ibm,plpks-sb-
>> v<n>" (or "ibm,plpks-sb-unknown"
>> -// if the SB_VERSION variable doesn't exist). Hypervisor defines the
>> SB_VERSION variable as a
>> -// "1 byte unsigned integer value".
>> -static ssize_t plpks_secvar_format(char *buf, size_t bufsize)
>> +/*
>> + * Return the key management mode.
>> + *
>> + * SB_VERSION is defined as a "1 byte unsigned integer value". It is
>> owned by
>> + * the Partition Firmware and its presence indicates that the key
>> management
>> + * mode is dynamic. Only signed variables have null bytes in their
>> names.
>> + * SB_VERSION does not.
>> + *
>> + * Return 1 to indicate that the key management mode is dynamic.
>> Otherwise
>> + * return 0, indicating that the key management mode is static.
>> + */
> This description isn't accurate.
>
> For dynamic mode, it doesn't return 1, it returns whatever version is
> defined in SB_VERSION, which could be 1, or could at some later point be
> a higher version.
>
> Which makes the function name a bit of a misnomer too - it is returning
> the version number, just the version number can now be zero.
Hi Andrew,
Thanks a lot for your feedback.
Thanks for noticing this. Yes, will fix it.
>
>> +static u8 plpks_get_sb_keymgmt_mode(void)
>> {
>> - struct plpks_var var = {0};
>> - ssize_t ret;
>> - u8 version;
>> -
>> - var.component = NULL;
>> - // Only the signed variables have null bytes in their names,
>> this one doesn't
>> - var.name = "SB_VERSION";
>> - var.namelen = strlen(var.name);
>> - var.datalen = 1;
>> - var.data = &version;
>> -
>> - // Unlike the other vars, SB_VERSION is owned by firmware
>> instead of the OS
>> - ret = plpks_read_fw_var(&var);
>> - if (ret) {
>> - if (ret == -ENOENT) {
>> - ret = snprintf(buf, bufsize, "ibm,plpks-sb-
>> unknown");
>> - } else {
>> - pr_err("Error %ld reading SB_VERSION from
>> firmware\n", ret);
>> - ret = -EIO;
>> - }
>> - goto err;
>> + u8 mode;
>> + ssize_t rc;
>> + struct plpks_var var = {
>> + .component = NULL,
>> + .name = "SB_VERSION",
>> + .namelen = 10,
>> + .datalen = 1,
>> + .data = &mode,
>> + };
>> +
>> + rc = plpks_read_fw_var(&var);
>> + if (rc) {
>> + pr_info("Error %ld reading SB_VERSION from
>> firmware\n", rc);
> We need to check for -ENOENT, otherwise this message is going to be
> printed every time you boot a machine in static mode.
Yes, I agree with your concern. I just want to add that, as per my
understanding, we need to check for both -ENOENT and -EPERM,
as explained below:
As per H_PKS_READ_OBJECT semantics described in the PAPR v10.60
(https://files.openpower.foundation/s/XFgfMaqLMD5Bcm8),
* If the object is not world readable, verify that the consumer password
matches the stored value in the hypervisor. Else return H_AUTHORITY.
* Verify if the object exists, else return H_NOT_FOUND.
* Verify if the policy for the object is met, else return H_AUTHORITY.
So, the hypervisor returns H_NOT_FOUND only for the authenticated
consumer. For unauthenticated consumers, which is the case here,
it would return H_AUTHORITY.
> I think you should handle this as the existing code does: if it's
> ENOENT, return 0, and for other codes print an error and return -EIO.
Currently, the other layers in the boot stack assume static key mode for
any failure in reading SB_VERSION. We added the same interpretation
in the kernel to keep it consistent with the other layers, and represent
the same to the user. This is the reason for not parsing the error codes
when trying to read SB_VERSION, and defaulting to the static key
management mode. However, we want the exact error code to be logged
for debugging purposes. And, it does make sense to have logging only for
error codes other than -ENOENT and -EPERM, as you suggested.
Does this sound okay?
>
>> + mode = 0;
>> }
>> + return mode;
>> +}
>>
>> - ret = snprintf(buf, bufsize, "ibm,plpks-sb-v%hhu", version);
>> -err:
>> - return ret;
>> +// PLPKS dynamic secure boot doesn't give us a format string in the
>> same way
>> +// OPAL does. Instead, report the format using the SB_VERSION
>> variable in the
>> +// keystore. The string, made up by us, takes the form "ibm,plpks-
>> sb-v<n>".Set
>> +// the secvar format property to either "ibm,plpks-sb-v1" or
>> "ibm,plpks-sb-v0",
>> +// based on the key management mode, and return the length of the
>> secvar format
>> +// property.
>> +static ssize_t plpks_secvar_format(char *buf, size_t bufsize)
>> +{
>> + u8 mode;
>> +
>> + mode = plpks_get_sb_keymgmt_mode();
>> + return snprintf(buf, bufsize, "ibm,plpks-sb-v%hhu", mode);
> It might be better to use something like "ibm,plpks-sb-static" in place
> of "ibm,plpks-sb-v0" to make it instantly clear that static mode
> doesn't use the same version numbering scheme as dynamic mode.
Sure.
Thanks and Regards,
Srish
>
>> }
>>
>> static int plpks_max_size(u64 *max_size)
Powered by blists - more mailing lists