git.maquefel.me Git - linux.git/commit

author	Russell Currey <ruscur@russell.cc>
	Fri, 10 Feb 2023 08:03:58 +0000 (19:03 +1100)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Sun, 12 Feb 2023 11:12:39 +0000 (22:12 +1100)
commit	91361b5175d2b3704f7e436d0071893c839e1199
tree	3318c548606a0ca8d7a20a848c4a8e3941ff0b15	tree \| snapshot
parent	9ee76bd5c7e39b622660cc14833ead1967f2038d	commit \| diff

powerpc/pseries: Pass PLPKS password on kexec

Before interacting with the PLPKS, we ask the hypervisor to generate a
password for the current boot, which is then required for most further
PLPKS operations.

If we kexec into a new kernel, the new kernel will try and fail to
generate a new password, as the password has already been set.

Pass the password through to the new kernel via the device tree, in
/chosen/ibm,plpks-pw. Check for the presence of this property before
trying to generate a new password - if it exists, use the existing
password and remove it from the device tree.

This only works with the kexec_file_load() syscall, not the older
kexec_load() syscall, however if you're using Secure Boot then you want
to be using kexec_file_load() anyway.

Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230210080401.345462-24-ajd@linux.ibm.com

arch/powerpc/include/asm/plpks.h		diff \| blob \| history
arch/powerpc/kernel/prom.c		diff \| blob \| history
arch/powerpc/kexec/file_load_64.c		diff \| blob \| history
arch/powerpc/platforms/pseries/plpks.c		diff \| blob \| history