kernel: Move to Linux v5.4.48-openpower1
This adds secure boot support backported from upstream and enables it
in the configuration.
Appearing in the backports is a patch to disable STRICT_KERNEL_RWX so
it drops out of the configuration.
Backported patches to support secureboot:
powerpc/ima: Fix secure boot rules in ima arch policy
powerpc/ima: Indicate kernel modules appended signatures are enforced
powerpc/xmon: Allow listing and clearing breakpoints in read-only mode
powerpc: Load firmware trusted keys/hashes into kernel keyring
x86/efi: move common keyring handler functions to new file
powerpc: expose secure variables to userspace via sysfs
powerpc/powernv: Add OPAL API interface to access secure variable
powerpc/ima: Update ima arch policy to check for blacklist
ima: Check against blacklisted hashes for files with modsig
certs: Add wrapper function to check blacklisted binary hash
ima: Make process_buffer_measurement() generic
powerpc/ima: Define trusted boot policy
powerpc: Detect the trusted boot state of the system
powerpc/ima: Add support to initialize ima policy rules
powerpc: Detect the secure boot mode of the system
PowerPC related fixes:
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
powerpc/kasan: Fix shadow pages allocation failure
powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END
powerpc/fadump: Account for memory_limit while reserving memory
powerpc/fadump: consider reserved ranges while reserving memory
powerpc/fadump: use static allocation for reserved memory ranges
powerpc/mm: Fix conditions to perform MMU specific management by blocks on PPC32.
powerpc/spufs: fix copy_to_user while atomic
sched/core: Fix illegal RCU from offline CPUs
powerpc/ptdump: Properly handle non standard page size
powerpc/xive: Clear the page tables for the ESB IO mapping
bpf: Support llvm-objcopy for vmlinux BTF
powerpc/xmon: Restrict when kernel is locked down
powerpc/powernv: Avoid re-registration of imc debugfs directory
powerpc/64s: Disable STRICT_KERNEL_RWX
powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
powerpc/mm: Fix CONFIG_PPC_KUAP_DEBUG on PPC32
powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP
powerpc/setup_64: Set cache-line-size based on cache-block-size
Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled"
Signed-off-by: Joel Stanley <joel@jms.id.au>
diff --git a/openpower/linux/0011-powerpc-expose-secure-variables-to-userspace-via-sys.patch b/openpower/linux/0011-powerpc-expose-secure-variables-to-userspace-via-sys.patch
new file mode 100644
index 0000000..96f77a7
--- /dev/null
+++ b/openpower/linux/0011-powerpc-expose-secure-variables-to-userspace-via-sys.patch
@@ -0,0 +1,369 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nayna Jain <nayna@linux.ibm.com>
+Date: Sun, 10 Nov 2019 21:10:34 -0600
+Subject: [PATCH 11/18] powerpc: expose secure variables to userspace via sysfs
+
+PowerNV secure variables, which store the keys used for OS kernel
+verification, are managed by the firmware. These secure variables need to
+be accessed by the userspace for addition/deletion of the certificates.
+
+This patch adds the sysfs interface to expose secure variables for PowerNV
+secureboot. The users shall use this interface for manipulating
+the keys stored in the secure variables.
+
+Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Eric Richter <erichte@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/1573441836-3632-3-git-send-email-nayna@linux.ibm.com
+(cherry picked from commit bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec)
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+---
+ Documentation/ABI/testing/sysfs-secvar | 46 +++++
+ arch/powerpc/Kconfig | 11 ++
+ arch/powerpc/kernel/Makefile | 1 +
+ arch/powerpc/kernel/secvar-sysfs.c | 248 +++++++++++++++++++++++++
+ 4 files changed, 306 insertions(+)
+ create mode 100644 Documentation/ABI/testing/sysfs-secvar
+ create mode 100644 arch/powerpc/kernel/secvar-sysfs.c
+
+diff --git a/Documentation/ABI/testing/sysfs-secvar b/Documentation/ABI/testing/sysfs-secvar
+new file mode 100644
+index 000000000000..feebb8c57294
+--- /dev/null
++++ b/Documentation/ABI/testing/sysfs-secvar
+@@ -0,0 +1,46 @@
++What: /sys/firmware/secvar
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: This directory is created if the POWER firmware supports OS
++ secureboot, thereby secure variables. It exposes interface
++ for reading/writing the secure variables
++
++What: /sys/firmware/secvar/vars
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: This directory lists all the secure variables that are supported
++ by the firmware.
++
++What: /sys/firmware/secvar/format
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: A string indicating which backend is in use by the firmware.
++ This determines the format of the variable and the accepted
++ format of variable updates.
++
++What: /sys/firmware/secvar/vars/<variable name>
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: Each secure variable is represented as a directory named as
++ <variable_name>. The variable name is unique and is in ASCII
++ representation. The data and size can be determined by reading
++ their respective attribute files.
++
++What: /sys/firmware/secvar/vars/<variable_name>/size
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: An integer representation of the size of the content of the
++ variable. In other words, it represents the size of the data.
++
++What: /sys/firmware/secvar/vars/<variable_name>/data
++Date: August 2019
++Contact: Nayna Jain h<nayna@linux.ibm.com>
++Description: A read-only file containing the value of the variable. The size
++ of the file represents the maximum size of the variable data.
++
++What: /sys/firmware/secvar/vars/<variable_name>/update
++Date: August 2019
++Contact: Nayna Jain <nayna@linux.ibm.com>
++Description: A write-only file that is used to submit the new value for the
++ variable. The size of the file represents the maximum size of
++ the variable data that can be written.
+diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
+index eea6c358b86c..785019462953 100644
+--- a/arch/powerpc/Kconfig
++++ b/arch/powerpc/Kconfig
+@@ -945,6 +945,17 @@ config PPC_SECURE_BOOT
+ to enable OS secure boot on systems that have firmware support for
+ it. If in doubt say N.
+
++config PPC_SECVAR_SYSFS
++ bool "Enable sysfs interface for POWER secure variables"
++ default y
++ depends on PPC_SECURE_BOOT
++ depends on SYSFS
++ help
++ POWER secure variables are managed and controlled by firmware.
++ These variables are exposed to userspace via sysfs to enable
++ read/write operations on these variables. Say Y if you have
++ secure boot enabled and want to expose variables to userspace.
++
+ endmenu
+
+ config ISA_DMA_API
+diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
+index 93b0336090f2..b97c018a2f53 100644
+--- a/arch/powerpc/kernel/Makefile
++++ b/arch/powerpc/kernel/Makefile
+@@ -159,6 +159,7 @@ obj-y += ucall.o
+ endif
+
+ obj-$(CONFIG_PPC_SECURE_BOOT) += secure_boot.o ima_arch.o secvar-ops.o
++obj-$(CONFIG_PPC_SECVAR_SYSFS) += secvar-sysfs.o
+
+ # Disable GCOV, KCOV & sanitizers in odd or sensitive code
+ GCOV_PROFILE_prom_init.o := n
+diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c
+new file mode 100644
+index 000000000000..a0a78aba2083
+--- /dev/null
++++ b/arch/powerpc/kernel/secvar-sysfs.c
+@@ -0,0 +1,248 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * Copyright (C) 2019 IBM Corporation <nayna@linux.ibm.com>
++ *
++ * This code exposes secure variables to user via sysfs
++ */
++
++#define pr_fmt(fmt) "secvar-sysfs: "fmt
++
++#include <linux/slab.h>
++#include <linux/compat.h>
++#include <linux/string.h>
++#include <linux/of.h>
++#include <asm/secvar.h>
++
++#define NAME_MAX_SIZE 1024
++
++static struct kobject *secvar_kobj;
++static struct kset *secvar_kset;
++
++static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr,
++ char *buf)
++{
++ ssize_t rc = 0;
++ struct device_node *node;
++ const char *format;
++
++ node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend");
++ if (!of_device_is_available(node))
++ return -ENODEV;
++
++ rc = of_property_read_string(node, "format", &format);
++ if (rc)
++ return rc;
++
++ rc = sprintf(buf, "%s\n", format);
++
++ of_node_put(node);
++
++ return rc;
++}
++
++
++static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr,
++ char *buf)
++{
++ uint64_t dsize;
++ int rc;
++
++ rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize);
++ if (rc) {
++ pr_err("Error retrieving %s variable size %d\n", kobj->name,
++ rc);
++ return rc;
++ }
++
++ return sprintf(buf, "%llu\n", dsize);
++}
++
++static ssize_t data_read(struct file *filep, struct kobject *kobj,
++ struct bin_attribute *attr, char *buf, loff_t off,
++ size_t count)
++{
++ uint64_t dsize;
++ char *data;
++ int rc;
++
++ rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize);
++ if (rc) {
++ pr_err("Error getting %s variable size %d\n", kobj->name, rc);
++ return rc;
++ }
++ pr_debug("dsize is %llu\n", dsize);
++
++ data = kzalloc(dsize, GFP_KERNEL);
++ if (!data)
++ return -ENOMEM;
++
++ rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, data, &dsize);
++ if (rc) {
++ pr_err("Error getting %s variable %d\n", kobj->name, rc);
++ goto data_fail;
++ }
++
++ rc = memory_read_from_buffer(buf, count, &off, data, dsize);
++
++data_fail:
++ kfree(data);
++ return rc;
++}
++
++static ssize_t update_write(struct file *filep, struct kobject *kobj,
++ struct bin_attribute *attr, char *buf, loff_t off,
++ size_t count)
++{
++ int rc;
++
++ pr_debug("count is %ld\n", count);
++ rc = secvar_ops->set(kobj->name, strlen(kobj->name) + 1, buf, count);
++ if (rc) {
++ pr_err("Error setting the %s variable %d\n", kobj->name, rc);
++ return rc;
++ }
++
++ return count;
++}
++
++static struct kobj_attribute format_attr = __ATTR_RO(format);
++
++static struct kobj_attribute size_attr = __ATTR_RO(size);
++
++static struct bin_attribute data_attr = __BIN_ATTR_RO(data, 0);
++
++static struct bin_attribute update_attr = __BIN_ATTR_WO(update, 0);
++
++static struct bin_attribute *secvar_bin_attrs[] = {
++ &data_attr,
++ &update_attr,
++ NULL,
++};
++
++static struct attribute *secvar_attrs[] = {
++ &size_attr.attr,
++ NULL,
++};
++
++static const struct attribute_group secvar_attr_group = {
++ .attrs = secvar_attrs,
++ .bin_attrs = secvar_bin_attrs,
++};
++__ATTRIBUTE_GROUPS(secvar_attr);
++
++static struct kobj_type secvar_ktype = {
++ .sysfs_ops = &kobj_sysfs_ops,
++ .default_groups = secvar_attr_groups,
++};
++
++static int update_kobj_size(void)
++{
++
++ struct device_node *node;
++ u64 varsize;
++ int rc = 0;
++
++ node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend");
++ if (!of_device_is_available(node)) {
++ rc = -ENODEV;
++ goto out;
++ }
++
++ rc = of_property_read_u64(node, "max-var-size", &varsize);
++ if (rc)
++ goto out;
++
++ data_attr.size = varsize;
++ update_attr.size = varsize;
++
++out:
++ of_node_put(node);
++
++ return rc;
++}
++
++static int secvar_sysfs_load(void)
++{
++ char *name;
++ uint64_t namesize = 0;
++ struct kobject *kobj;
++ int rc;
++
++ name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL);
++ if (!name)
++ return -ENOMEM;
++
++ do {
++ rc = secvar_ops->get_next(name, &namesize, NAME_MAX_SIZE);
++ if (rc) {
++ if (rc != -ENOENT)
++ pr_err("error getting secvar from firmware %d\n",
++ rc);
++ break;
++ }
++
++ kobj = kzalloc(sizeof(*kobj), GFP_KERNEL);
++ if (!kobj) {
++ rc = -ENOMEM;
++ break;
++ }
++
++ kobject_init(kobj, &secvar_ktype);
++
++ rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name);
++ if (rc) {
++ pr_warn("kobject_add error %d for attribute: %s\n", rc,
++ name);
++ kobject_put(kobj);
++ kobj = NULL;
++ }
++
++ if (kobj)
++ kobject_uevent(kobj, KOBJ_ADD);
++
++ } while (!rc);
++
++ kfree(name);
++ return rc;
++}
++
++static int secvar_sysfs_init(void)
++{
++ int rc;
++
++ if (!secvar_ops) {
++ pr_warn("secvar: failed to retrieve secvar operations.\n");
++ return -ENODEV;
++ }
++
++ secvar_kobj = kobject_create_and_add("secvar", firmware_kobj);
++ if (!secvar_kobj) {
++ pr_err("secvar: Failed to create firmware kobj\n");
++ return -ENOMEM;
++ }
++
++ rc = sysfs_create_file(secvar_kobj, &format_attr.attr);
++ if (rc) {
++ kobject_put(secvar_kobj);
++ return -ENOMEM;
++ }
++
++ secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj);
++ if (!secvar_kset) {
++ pr_err("secvar: sysfs kobject registration failed.\n");
++ kobject_put(secvar_kobj);
++ return -ENOMEM;
++ }
++
++ rc = update_kobj_size();
++ if (rc) {
++ pr_err("Cannot read the size of the attribute\n");
++ return rc;
++ }
++
++ secvar_sysfs_load();
++
++ return 0;
++}
++
++late_initcall(secvar_sysfs_init);