• Harald Freudenberger's avatar
    s390/zcrypt: new sysfs attributes serialnr and mkvps · 7c4e91c0
    Harald Freudenberger authored
    This patch extends the sysfs interface with two new attributes for the
    CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode:
      /sys/devices/ap/cardxx/serialnr
      /sys/devices/ap/cardxx/xx.yyyy/mkvps
    
    The serialnr attribute is card based and shows the 8 character ASCII
    serial number string which should unique identify the card.
    
    The mkvps is queue based and displays 3 lines of information about the
    new, current and old master key register:
      AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp>
      AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp>
      AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp>
    with
      <new_aes_mk_state>: 'empty' or 'partial' or 'full'
      <cur_aes_mk_state>: 'valid' or 'invalid'
      <old_aes_mk_state>: 'valid' or 'invalid'
      <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp>
        8 byte hex string with leading 0x
    MKVP means Master Key Verification Pattern and is a folded hash over
    the key value. Only the states 'full' and 'valid' result in displaying
    a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any
    reason the FQ fails and the (cached) information is not available, the
    state '-' will be shown with the mkvp value also '-'. The values shown
    here are the very same as the cca panel tools displays. As of now only
    the AES master keys states and verification patterns are shown. A CCA
    APQN also has similar master key registers for DES, RSA and ECC. So
    the content of this attribute may get extended.
    
    Reading the sysfs attribute automatically triggers an FQ CPRB to be
    sent to the queue as long as the queue is (soft-) online. For the
    serialnr attribute the queue with the default domain id is addressed
    (if available and valid). This is reasonable as it is assumed that
    this sysfs interface is not performance critical and on the other side
    a master key change should be visiable as soon as possible. When a
    queue is (soft-) offline however, the cached values are displayed. If
    no cached values are available, the serial number string will be empty
    and the mkvp lines will show state '-' and mkvp value '-'.
    Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
    Reviewed-by: default avatarIngo Franzki <ifranzki@linux.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    7c4e91c0
zcrypt_cex4.c 11.6 KB