1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * PowerNV code for secure variables
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (C) 2019 IBM Corporation
6*4882a593Smuzhiyun * Author: Claudio Carvalho
7*4882a593Smuzhiyun * Nayna Jain
8*4882a593Smuzhiyun *
9*4882a593Smuzhiyun * APIs to access secure variables managed by OPAL.
10*4882a593Smuzhiyun */
11*4882a593Smuzhiyun
12*4882a593Smuzhiyun #define pr_fmt(fmt) "secvar: "fmt
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun #include <linux/types.h>
15*4882a593Smuzhiyun #include <linux/platform_device.h>
16*4882a593Smuzhiyun #include <linux/of_platform.h>
17*4882a593Smuzhiyun #include <asm/opal.h>
18*4882a593Smuzhiyun #include <asm/secvar.h>
19*4882a593Smuzhiyun #include <asm/secure_boot.h>
20*4882a593Smuzhiyun
opal_status_to_err(int rc)21*4882a593Smuzhiyun static int opal_status_to_err(int rc)
22*4882a593Smuzhiyun {
23*4882a593Smuzhiyun int err;
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun switch (rc) {
26*4882a593Smuzhiyun case OPAL_SUCCESS:
27*4882a593Smuzhiyun err = 0;
28*4882a593Smuzhiyun break;
29*4882a593Smuzhiyun case OPAL_UNSUPPORTED:
30*4882a593Smuzhiyun err = -ENXIO;
31*4882a593Smuzhiyun break;
32*4882a593Smuzhiyun case OPAL_PARAMETER:
33*4882a593Smuzhiyun err = -EINVAL;
34*4882a593Smuzhiyun break;
35*4882a593Smuzhiyun case OPAL_RESOURCE:
36*4882a593Smuzhiyun err = -ENOSPC;
37*4882a593Smuzhiyun break;
38*4882a593Smuzhiyun case OPAL_HARDWARE:
39*4882a593Smuzhiyun err = -EIO;
40*4882a593Smuzhiyun break;
41*4882a593Smuzhiyun case OPAL_NO_MEM:
42*4882a593Smuzhiyun err = -ENOMEM;
43*4882a593Smuzhiyun break;
44*4882a593Smuzhiyun case OPAL_EMPTY:
45*4882a593Smuzhiyun err = -ENOENT;
46*4882a593Smuzhiyun break;
47*4882a593Smuzhiyun case OPAL_PARTIAL:
48*4882a593Smuzhiyun err = -EFBIG;
49*4882a593Smuzhiyun break;
50*4882a593Smuzhiyun default:
51*4882a593Smuzhiyun err = -EINVAL;
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun return err;
55*4882a593Smuzhiyun }
56*4882a593Smuzhiyun
opal_get_variable(const char * key,uint64_t ksize,u8 * data,uint64_t * dsize)57*4882a593Smuzhiyun static int opal_get_variable(const char *key, uint64_t ksize,
58*4882a593Smuzhiyun u8 *data, uint64_t *dsize)
59*4882a593Smuzhiyun {
60*4882a593Smuzhiyun int rc;
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun if (!key || !dsize)
63*4882a593Smuzhiyun return -EINVAL;
64*4882a593Smuzhiyun
65*4882a593Smuzhiyun *dsize = cpu_to_be64(*dsize);
66*4882a593Smuzhiyun
67*4882a593Smuzhiyun rc = opal_secvar_get(key, ksize, data, dsize);
68*4882a593Smuzhiyun
69*4882a593Smuzhiyun *dsize = be64_to_cpu(*dsize);
70*4882a593Smuzhiyun
71*4882a593Smuzhiyun return opal_status_to_err(rc);
72*4882a593Smuzhiyun }
73*4882a593Smuzhiyun
opal_get_next_variable(const char * key,uint64_t * keylen,uint64_t keybufsize)74*4882a593Smuzhiyun static int opal_get_next_variable(const char *key, uint64_t *keylen,
75*4882a593Smuzhiyun uint64_t keybufsize)
76*4882a593Smuzhiyun {
77*4882a593Smuzhiyun int rc;
78*4882a593Smuzhiyun
79*4882a593Smuzhiyun if (!key || !keylen)
80*4882a593Smuzhiyun return -EINVAL;
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun *keylen = cpu_to_be64(*keylen);
83*4882a593Smuzhiyun
84*4882a593Smuzhiyun rc = opal_secvar_get_next(key, keylen, keybufsize);
85*4882a593Smuzhiyun
86*4882a593Smuzhiyun *keylen = be64_to_cpu(*keylen);
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun return opal_status_to_err(rc);
89*4882a593Smuzhiyun }
90*4882a593Smuzhiyun
opal_set_variable(const char * key,uint64_t ksize,u8 * data,uint64_t dsize)91*4882a593Smuzhiyun static int opal_set_variable(const char *key, uint64_t ksize, u8 *data,
92*4882a593Smuzhiyun uint64_t dsize)
93*4882a593Smuzhiyun {
94*4882a593Smuzhiyun int rc;
95*4882a593Smuzhiyun
96*4882a593Smuzhiyun if (!key || !data)
97*4882a593Smuzhiyun return -EINVAL;
98*4882a593Smuzhiyun
99*4882a593Smuzhiyun rc = opal_secvar_enqueue_update(key, ksize, data, dsize);
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun return opal_status_to_err(rc);
102*4882a593Smuzhiyun }
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun static const struct secvar_operations opal_secvar_ops = {
105*4882a593Smuzhiyun .get = opal_get_variable,
106*4882a593Smuzhiyun .get_next = opal_get_next_variable,
107*4882a593Smuzhiyun .set = opal_set_variable,
108*4882a593Smuzhiyun };
109*4882a593Smuzhiyun
opal_secvar_probe(struct platform_device * pdev)110*4882a593Smuzhiyun static int opal_secvar_probe(struct platform_device *pdev)
111*4882a593Smuzhiyun {
112*4882a593Smuzhiyun if (!opal_check_token(OPAL_SECVAR_GET)
113*4882a593Smuzhiyun || !opal_check_token(OPAL_SECVAR_GET_NEXT)
114*4882a593Smuzhiyun || !opal_check_token(OPAL_SECVAR_ENQUEUE_UPDATE)) {
115*4882a593Smuzhiyun pr_err("OPAL doesn't support secure variables\n");
116*4882a593Smuzhiyun return -ENODEV;
117*4882a593Smuzhiyun }
118*4882a593Smuzhiyun
119*4882a593Smuzhiyun set_secvar_ops(&opal_secvar_ops);
120*4882a593Smuzhiyun
121*4882a593Smuzhiyun return 0;
122*4882a593Smuzhiyun }
123*4882a593Smuzhiyun
124*4882a593Smuzhiyun static const struct of_device_id opal_secvar_match[] = {
125*4882a593Smuzhiyun { .compatible = "ibm,secvar-backend",},
126*4882a593Smuzhiyun {},
127*4882a593Smuzhiyun };
128*4882a593Smuzhiyun
129*4882a593Smuzhiyun static struct platform_driver opal_secvar_driver = {
130*4882a593Smuzhiyun .driver = {
131*4882a593Smuzhiyun .name = "secvar",
132*4882a593Smuzhiyun .of_match_table = opal_secvar_match,
133*4882a593Smuzhiyun },
134*4882a593Smuzhiyun };
135*4882a593Smuzhiyun
opal_secvar_init(void)136*4882a593Smuzhiyun static int __init opal_secvar_init(void)
137*4882a593Smuzhiyun {
138*4882a593Smuzhiyun return platform_driver_probe(&opal_secvar_driver, opal_secvar_probe);
139*4882a593Smuzhiyun }
140*4882a593Smuzhiyun device_initcall(opal_secvar_init);
141