s390/zcrypt: add display of ASYM master key verification pattern
This patch extends the sysfs attribute mkvps for CCA cards to show the states and master key verification patterns for the old, current and new ASYM master key registers. With this patch now all relevant master key verification patterns related to a CCA HSM are available with the mkvps sysfs attribute. This is a requirement for some exploiters like the kubernetes cex plugin or initrd code needing to verify the master key verification patterns on HSMs before use. A sample output: cat /sys/devices/ap/card04/04.0005/mkvps AES NEW: empty 0x0000000000000000 AES CUR: valid 0xe9a49a58cd039bed AES OLD: valid 0x7d10d17bc8a409c4 APKA NEW: empty 0x0000000000000000 APKA CUR: valid 0x5f2f27aaa2d59b4a APKA OLD: valid 0x82a5e2cd5030d5ec ASYM NEW: empty 0x00000000000000000000000000000000 ASYM CUR: valid 0x650c25a89c27e716d0e692b6c83f10e5 ASYM OLD: valid 0xf8ae2acf8bfc57f0a0957c732c16078b Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Jörg Schmidbauer <jschmidb@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Showing
Please register or sign in to comment