On 9/30/24 3:20 PM, Steffen Eiden wrote:
Utilize the new Query Ultravisor Keys to give user space the information
which host-keys are installed on the system.
Create a new sysfs directory 'firmware/uv/keys' that contains the hash
of the host-key and the backup host-key of that system. Additionally,
the file 'all' contains the response from the UVC possibly containing
more key-hashes than currently known.
Reviewed-by: Christoph Schlameuss <schlameuss@xxxxxxxxxxxxx>
Signed-off-by: Steffen Eiden <seiden@xxxxxxxxxxxxx>
---
arch/s390/include/asm/uv.h | 16 ++++++++
arch/s390/kernel/uv.c | 75 ++++++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+)
diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
index 153d93468b77..7eda73073cdd 100644
--- a/arch/s390/include/asm/uv.h
+++ b/arch/s390/include/asm/uv.h
@@ -31,6 +31,7 @@
#define UVC_RC_NEED_DESTROY 0x8000
#define UVC_CMD_QUI 0x0001
+#define UVC_CMD_QUK 0x0002
Should've used the long form here as well.
#define UVC_CMD_INIT_UV 0x000f
#define UVC_CMD_CREATE_SEC_CONF 0x0100
#define UVC_CMD_DESTROY_SEC_CONF 0x0101
@@ -94,6 +95,7 @@ enum uv_cmds_inst {
BIT_UVC_CMD_ADD_SECRET = 29,
BIT_UVC_CMD_LIST_SECRETS = 30,
BIT_UVC_CMD_LOCK_SECRETS = 31,
+ BIT_UVC_CMD_QUERY_KEYS = 34,
};
[...]
static int __init uv_sysfs_dir_init(const struct attribute_group *grp,
@@ -789,6 +859,11 @@ static int __init uv_sysfs_init(void)
rc = uv_sysfs_dir_init(&uv_query_attr_group, &uv_query_kset, "query");
if (rc)
goto out_ind_files;
+
+ // Get installed key hashes if available, ignore any errors
Please use:
/* */
+ if (test_bit_inv(BIT_UVC_CMD_QUERY_KEYS, uv_info.inst_calls_list))
+ uv_sysfs_dir_init(&uv_keys_attr_group, &uv_keys_kset, "keys");
+
return 0;
out_ind_files: