1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright (C) 2022 IBM Corporation
4 * Author: Nayna Jain <nayna@linux.ibm.com>
5 *
6 * Platform keystore for pseries LPAR(PLPKS).
7 */
8
9#ifndef _ASM_POWERPC_PLPKS_H
10#define _ASM_POWERPC_PLPKS_H
11
12#ifdef CONFIG_PSERIES_PLPKS
13
14#include <linux/types.h>
15#include <linux/list.h>
16
17// Object policy flags from supported_policies
18#define PLPKS_OSSECBOOTAUDIT	PPC_BIT32(1) // OS secure boot must be audit/enforce
19#define PLPKS_OSSECBOOTENFORCE	PPC_BIT32(2) // OS secure boot must be enforce
20#define PLPKS_PWSET		PPC_BIT32(3) // No access without password set
21#define PLPKS_WORLDREADABLE	PPC_BIT32(4) // Readable without authentication
22#define PLPKS_IMMUTABLE		PPC_BIT32(5) // Once written, object cannot be removed
23#define PLPKS_TRANSIENT		PPC_BIT32(6) // Object does not persist through reboot
24#define PLPKS_SIGNEDUPDATE	PPC_BIT32(7) // Object can only be modified by signed updates
25#define PLPKS_HVPROVISIONED	PPC_BIT32(28) // Hypervisor has provisioned this object
26
27// Signature algorithm flags from signed_update_algorithms
28#define PLPKS_ALG_RSA2048	PPC_BIT(0)
29#define PLPKS_ALG_RSA4096	PPC_BIT(1)
30
31// Object label OS metadata flags
32#define PLPKS_VAR_LINUX		0x02
33#define PLPKS_VAR_COMMON	0x04
34
35// Flags for which consumer owns an object is owned by
36#define PLPKS_FW_OWNER			0x1
37#define PLPKS_BOOTLOADER_OWNER		0x2
38#define PLPKS_OS_OWNER			0x3
39
40// Flags for label metadata fields
41#define PLPKS_LABEL_VERSION		0
42#define PLPKS_MAX_LABEL_ATTR_SIZE	16
43#define PLPKS_MAX_NAME_SIZE		239
44#define PLPKS_MAX_DATA_SIZE		4000
45
46// Timeouts for PLPKS operations
47#define PLPKS_MAX_TIMEOUT		5000 // msec
48#define PLPKS_FLUSH_SLEEP		10 // msec
49#define PLPKS_FLUSH_SLEEP_RANGE		400
50
51struct plpks_var {
52	char *component;
53	u8 *name;
54	u8 *data;
55	u32 policy;
56	u16 namelen;
57	u16 datalen;
58	u8 os;
59};
60
61struct plpks_var_name {
62	u8  *name;
63	u16 namelen;
64};
65
66struct plpks_var_name_list {
67	u32 varcount;
68	struct plpks_var_name varlist[];
69};
70
71/**
72 * Updates the authenticated variable. It expects NULL as the component.
73 */
74int plpks_signed_update_var(struct plpks_var *var, u64 flags);
75
76/**
77 * Writes the specified var and its data to PKS.
78 * Any caller of PKS driver should present a valid component type for
79 * their variable.
80 */
81int plpks_write_var(struct plpks_var var);
82
83/**
84 * Removes the specified var and its data from PKS.
85 */
86int plpks_remove_var(char *component, u8 varos,
87		     struct plpks_var_name vname);
88
89/**
90 * Returns the data for the specified os variable.
91 *
92 * Caller must allocate a buffer in var->data with length in var->datalen.
93 * If no buffer is provided, var->datalen will be populated with the object's
94 * size.
95 */
96int plpks_read_os_var(struct plpks_var *var);
97
98/**
99 * Returns the data for the specified firmware variable.
100 *
101 * Caller must allocate a buffer in var->data with length in var->datalen.
102 * If no buffer is provided, var->datalen will be populated with the object's
103 * size.
104 */
105int plpks_read_fw_var(struct plpks_var *var);
106
107/**
108 * Returns the data for the specified bootloader variable.
109 *
110 * Caller must allocate a buffer in var->data with length in var->datalen.
111 * If no buffer is provided, var->datalen will be populated with the object's
112 * size.
113 */
114int plpks_read_bootloader_var(struct plpks_var *var);
115
116/**
117 * Returns if PKS is available on this LPAR.
118 */
119bool plpks_is_available(void);
120
121/**
122 * Returns version of the Platform KeyStore.
123 */
124u8 plpks_get_version(void);
125
126/**
127 * Returns hypervisor storage overhead per object, not including the size of
128 * the object or label. Only valid for config version >= 2
129 */
130u16 plpks_get_objoverhead(void);
131
132/**
133 * Returns maximum password size. Must be >= 32 bytes
134 */
135u16 plpks_get_maxpwsize(void);
136
137/**
138 * Returns maximum object size supported by Platform KeyStore.
139 */
140u16 plpks_get_maxobjectsize(void);
141
142/**
143 * Returns maximum object label size supported by Platform KeyStore.
144 */
145u16 plpks_get_maxobjectlabelsize(void);
146
147/**
148 * Returns total size of the configured Platform KeyStore.
149 */
150u32 plpks_get_totalsize(void);
151
152/**
153 * Returns used space from the total size of the Platform KeyStore.
154 */
155u32 plpks_get_usedspace(void);
156
157/**
158 * Returns bitmask of policies supported by the hypervisor.
159 */
160u32 plpks_get_supportedpolicies(void);
161
162/**
163 * Returns maximum byte size of a single object supported by the hypervisor.
164 * Only valid for config version >= 3
165 */
166u32 plpks_get_maxlargeobjectsize(void);
167
168/**
169 * Returns bitmask of signature algorithms supported for signed updates.
170 * Only valid for config version >= 3
171 */
172u64 plpks_get_signedupdatealgorithms(void);
173
174/**
175 * Returns the length of the PLPKS password in bytes.
176 */
177u16 plpks_get_passwordlen(void);
178
179/**
180 * Called in early init to retrieve and clear the PLPKS password from the DT.
181 */
182void plpks_early_init_devtree(void);
183
184/**
185 * Populates the FDT with the PLPKS password to prepare for kexec.
186 */
187int plpks_populate_fdt(void *fdt);
188#else // CONFIG_PSERIES_PLPKS
189static inline bool plpks_is_available(void) { return false; }
190static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); }
191static inline void plpks_early_init_devtree(void) { }
192static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); }
193#endif // CONFIG_PSERIES_PLPKS
194
195#endif // _ASM_POWERPC_PLPKS_H
196