mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
86900ab620
The RTAS call ibm,physical-attestation is used to retrieve
information about the trusted boot state of the firmware and
hypervisor on the system, and also Trusted Platform Modules (TPM)
data if the system is TCG 2.0 compliant.
This RTAS interface expects the caller to define different command
structs such as RetrieveTPMLog, RetrievePlatformCertificat and etc,
in a work area with a maximum size of 4K bytes and the response
buffer will be returned in the same work area.
The current implementation of this RTAS function is in the user
space but allocation of the work area is restricted with the system
lockdown. So this patch implements this RTAS function in the kernel
and expose to the user space with open/ioctl/read interfaces.
PAPR (2.13+ 21.3 ibm,physical-attestation) defines RTAS function:
- Pass the command struct to obtain the response buffer for the
specific command.
- This RTAS function is sequence RTAS call and has to issue RTAS
call multiple times to get the complete response buffer (max 64K).
The hypervisor expects the first RTAS call with the sequence 1 and
the subsequent calls with the sequence number returned from the
previous calls.
Expose these interfaces to user space with a
/dev/papr-physical-attestation character device using the following
programming model:
int devfd = open("/dev/papr-physical-attestation");
int fd = ioctl(devfd, PAPR_PHY_ATTEST_IOC_HANDLE,
struct papr_phy_attest_io_block);
- The user space defines the command struct and requests the
response for any command.
- Obtain the complete response buffer and returned the buffer as
blob to the command specific FD.
size = read(fd, buf, len);
- Can retrieve the response buffer once or multiple times until the
end of BLOB buffer.
Implemented this new kernel ABI support in librtas library for
system lockdown
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20250416225743.596462-8-haren@linux.ibm.com
31 lines
854 B
C
31 lines
854 B
C
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
#ifndef _UAPI_PAPR_PHYSICAL_ATTESTATION_H_
|
|
#define _UAPI_PAPR_PHYSICAL_ATTESTATION_H_
|
|
|
|
#include <linux/types.h>
|
|
#include <asm/ioctl.h>
|
|
#include <asm/papr-miscdev.h>
|
|
|
|
#define PAPR_PHYATTEST_MAX_INPUT 4084 /* Max 4K buffer: 4K-12 */
|
|
|
|
/*
|
|
* Defined in PAPR 2.13+ 21.6 Attestation Command Structures.
|
|
* User space pass this struct and the max size should be 4K.
|
|
*/
|
|
struct papr_phy_attest_io_block {
|
|
__u8 version;
|
|
__u8 command;
|
|
__u8 TCG_major_ver;
|
|
__u8 TCG_minor_ver;
|
|
__be32 length;
|
|
__be32 correlator;
|
|
__u8 payload[PAPR_PHYATTEST_MAX_INPUT];
|
|
};
|
|
|
|
/*
|
|
* ioctl for /dev/papr-physical-attestation. Returns a attestation
|
|
* command fd handle
|
|
*/
|
|
#define PAPR_PHY_ATTEST_IOC_HANDLE _IOW(PAPR_MISCDEV_IOC_ID, 8, struct papr_phy_attest_io_block)
|
|
|
|
#endif /* _UAPI_PAPR_PHYSICAL_ATTESTATION_H_ */
|