1. 13 Nov, 2019 1 commit
    • Michael Ellerman's avatar
      Merge branch 'topic/secureboot' into next · d34a5709
      Michael Ellerman authored
      Merge the secureboot support, as well as the IMA changes needed to
      support it.
      
      From Nayna's cover letter:
        In order to verify the OS kernel on PowerNV systems, secure boot
        requires X.509 certificates trusted by the platform. These are
        stored in secure variables controlled by OPAL, called OPAL secure
        variables. In order to enable users to manage the keys, the secure
        variables need to be exposed to userspace.
      
        OPAL provides the runtime services for the kernel to be able to
        access the secure variables. This patchset defines the kernel
        interface for the OPAL APIs. These APIs are used by the hooks, which
        load these variables to the keyring and expose them to the userspace
        for reading/writing.
      
        Overall, this patchset adds the following support:
          * expose secure variables to the kernel via OPAL Runtime API interface
          * expose secure variables to the userspace via kernel sysfs interface
          * load kernel verification and revocation keys to .platform and
            .blacklist keyring respectively.
      
        The secure variables can be read/written using simple linux
        utilities cat/hexdump.
      
        For example:
        Path to the secure variables is: /sys/firmware/secvar/vars
      
          Each secure variable is listed as directory.
          $ ls -l
          total 0
          drwxr-xr-x. 2 root root 0 Aug 20 21:20 db
          drwxr-xr-x. 2 root root 0 Aug 20 21:20 KEK
          drwxr-xr-x. 2 root root 0 Aug 20 21:20 PK
      
        The attributes of each of the secure variables are (for example: PK):
          $ ls -l
          total 0
          -r--r--r--. 1 root root  4096 Oct  1 15:10 data
          -r--r--r--. 1 root root 65536 Oct  1 15:10 size
          --w-------. 1 root root  4096 Oct  1 15:12 update
      
        The "data" is used to read the existing variable value using
        hexdump. The data is stored in ESL format. The "update" is used to
        write a new value using cat. The update is to be submitted as AUTH
        file.
      d34a5709
  2. 12 Nov, 2019 15 commits
  3. 07 Nov, 2019 7 commits
  4. 06 Nov, 2019 1 commit
  5. 05 Nov, 2019 10 commits
  6. 04 Nov, 2019 1 commit
  7. 30 Oct, 2019 4 commits
    • Michael Ellerman's avatar
      powerpc/tools: Don't quote $objdump in scripts · e44ff9ea
      Michael Ellerman authored
      Some of our scripts are passed $objdump and then call it as
      "$objdump". This doesn't work if it contains spaces because we're
      using ccache, for example you get errors such as:
      
        ./arch/powerpc/tools/relocs_check.sh: line 48: ccache ppc64le-objdump: No such file or directory
        ./arch/powerpc/tools/unrel_branch_check.sh: line 26: ccache ppc64le-objdump: No such file or directory
      
      Fix it by not quoting the string when we expand it, allowing the shell
      to do the right thing for us.
      
      Fixes: a71aa05e ("powerpc: Convert relocs_check to a shell script using grep")
      Fixes: 4ea80652 ("powerpc/64s: Tool to flag direct branches from unrelocated interrupt vectors")
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20191024004730.32135-1-mpe@ellerman.id.au
      e44ff9ea
    • Michael Ellerman's avatar
      powerpc: Add build-time check of ptrace PT_xx defines · b9e0805a
      Michael Ellerman authored
      As part of the uapi we export a lot of PT_xx defines for each register
      in struct pt_regs. These are expressed as an index from gpr[0], in
      units of unsigned long.
      
      Currently there's nothing tying the values of those defines to the
      actual layout of the struct.
      
      But we *don't* want to change the uapi defines to derive the PT_xx
      values based on the layout of the struct, those values are ABI and
      must never change.
      
      Instead we want to do the reverse, make sure that the layout of the
      struct never changes vs the PT_xx defines. So add build time checks of
      that.
      
      This probably seems paranoid, but at least once in the past someone
      has sent a patch that would have broken the ABI if it hadn't been
      spotted. Although it probably would have been detected via testing,
      it's preferable to just quash any issues at the source.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20191030111231.22720-1-mpe@ellerman.id.au
      b9e0805a
    • Mathieu Malaterre's avatar
      powerpc/ptrace: Add prototype for function pt_regs_check · 5c74f799
      Mathieu Malaterre authored
      `pt_regs_check` is a dummy function, its purpose is to break the build
      if struct pt_regs and struct user_pt_regs don't match.
      
      This function has no functionnal purpose, and will get eliminated at
      link time or after init depending on CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
      
      This commit adds a prototype to fix warning at W=1:
      
        arch/powerpc/kernel/ptrace.c:3339:13: error: no previous prototype for ‘pt_regs_check’ [-Werror=missing-prototypes]
      Suggested-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMathieu Malaterre <malat@debian.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20181208154624.6504-1-malat@debian.org
      5c74f799
    • Michael Ellerman's avatar
      selftests/powerpc: Add a test of spectre_v2 mitigations · c790c3d2
      Michael Ellerman authored
      This test uses the PMU to count branch prediction hits/misses for a
      known loop, and compare the result to the reported spectre v2
      mitigation.
      
      This gives us a way of sanity checking that the reported mitigation is
      actually in effect.
      
      Sample output for some cases, eg:
      
        Power9:
          sysfs reports: 'Vulnerable'
           PM_BR_PRED_CCACHE: result        368 running/enabled 5792777124
          PM_BR_MPRED_CCACHE: result        319 running/enabled 5792775546
           PM_BR_PRED_PCACHE: result 2147483281 running/enabled 5792773128
          PM_BR_MPRED_PCACHE: result  213604201 running/enabled 5792771640
          Miss percent 9 %
          OK - Measured branch prediction rates match reported spectre v2 mitigation.
      
          sysfs reports: 'Mitigation: Indirect branch serialisation (kernel only)'
           PM_BR_PRED_CCACHE: result        895 running/enabled 5780320920
          PM_BR_MPRED_CCACHE: result        822 running/enabled 5780312414
           PM_BR_PRED_PCACHE: result 2147482754 running/enabled 5780308836
          PM_BR_MPRED_PCACHE: result  213639731 running/enabled 5780307912
          Miss percent 9 %
          OK - Measured branch prediction rates match reported spectre v2 mitigation.
      
          sysfs reports: 'Mitigation: Indirect branch cache disabled'
           PM_BR_PRED_CCACHE: result 2147483649 running/enabled 20540186160
          PM_BR_MPRED_CCACHE: result 2147483649 running/enabled 20540180056
           PM_BR_PRED_PCACHE: result          0 running/enabled 20540176090
          PM_BR_MPRED_PCACHE: result          0 running/enabled 20540174182
          Miss percent 100 %
          OK - Measured branch prediction rates match reported spectre v2 mitigation.
      
        Power8:
          sysfs reports: 'Vulnerable'
           PM_BR_PRED_CCACHE: result 2147483649 running/enabled 3505888142
          PM_BR_MPRED_CCACHE: result          9 running/enabled 3505882788
          Miss percent 0 %
          OK - Measured branch prediction rates match reported spectre v2 mitigation.
      
          sysfs reports: 'Mitigation: Indirect branch cache disabled'
           PM_BR_PRED_CCACHE: result 2147483649 running/enabled 16931421988
          PM_BR_MPRED_CCACHE: result 2147483649 running/enabled 16931416478
          Miss percent 100 %
          OK - Measured branch prediction rates match reported spectre v2 mitigation.
          success: spectre_v2
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190520105520.22274-1-mpe@ellerman.id.au
      c790c3d2
  8. 29 Oct, 2019 1 commit