linux/drivers/s390/crypto/zcrypt_cex4.c

713 lines
20 KiB
C
Raw Normal View History

// SPDX-License-Identifier: GPL-2.0
/*
* Copyright IBM Corp. 2012, 2019
* Author(s): Holger Dengler <hd@linux.vnet.ibm.com>
*/
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/init.h>
#include <linux/err.h>
#include <linux/atomic.h>
#include <linux/uaccess.h>
#include <linux/mod_devicetable.h>
#include "ap_bus.h"
#include "zcrypt_api.h"
#include "zcrypt_msgtype6.h"
#include "zcrypt_msgtype50.h"
#include "zcrypt_error.h"
#include "zcrypt_cex4.h"
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
#include "zcrypt_ccamisc.h"
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
#include "zcrypt_ep11misc.h"
#define CEX4A_MIN_MOD_SIZE 1 /* 8 bits */
#define CEX4A_MAX_MOD_SIZE_2K 256 /* 2048 bits */
#define CEX4A_MAX_MOD_SIZE_4K 512 /* 4096 bits */
#define CEX4C_MIN_MOD_SIZE 16 /* 256 bits */
#define CEX4C_MAX_MOD_SIZE 512 /* 4096 bits */
#define CEX4A_MAX_MESSAGE_SIZE MSGTYPE50_CRB3_MAX_MSG_SIZE
#define CEX4C_MAX_MESSAGE_SIZE MSGTYPE06_MAX_MSG_SIZE
/* Waiting time for requests to be processed.
* Currently there are some types of request which are not deterministic.
* But the maximum time limit managed by the stomper code is set to 60sec.
* Hence we have to wait at least that time period.
*/
#define CEX4_CLEANUP_TIME (900*HZ)
MODULE_AUTHOR("IBM Corporation");
MODULE_DESCRIPTION("CEX4/CEX5/CEX6/CEX7 Cryptographic Card device driver, " \
"Copyright IBM Corp. 2019");
MODULE_LICENSE("GPL");
static struct ap_device_id zcrypt_cex4_card_ids[] = {
{ .dev_type = AP_DEVICE_TYPE_CEX4,
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX5,
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX6,
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX7,
.match_flags = AP_DEVICE_ID_MATCH_CARD_TYPE },
{ /* end of list */ },
};
MODULE_DEVICE_TABLE(ap, zcrypt_cex4_card_ids);
static struct ap_device_id zcrypt_cex4_queue_ids[] = {
{ .dev_type = AP_DEVICE_TYPE_CEX4,
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX5,
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX6,
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
{ .dev_type = AP_DEVICE_TYPE_CEX7,
.match_flags = AP_DEVICE_ID_MATCH_QUEUE_TYPE },
{ /* end of list */ },
};
MODULE_DEVICE_TABLE(ap, zcrypt_cex4_queue_ids);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
/*
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
* CCA card additional device attributes
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
*/
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
static ssize_t cca_serialnr_show(struct device *dev,
struct device_attribute *attr,
char *buf)
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
{
struct cca_info ci;
struct ap_card *ac = to_ap_card(dev);
struct zcrypt_card *zc = ac->private;
memset(&ci, 0, sizeof(ci));
if (ap_domain_index >= 0)
cca_get_info(ac->id, ap_domain_index, &ci, zc->online);
return scnprintf(buf, PAGE_SIZE, "%s\n", ci.serial);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
}
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
static struct device_attribute dev_attr_cca_serialnr =
__ATTR(serialnr, 0444, cca_serialnr_show, NULL);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
static struct attribute *cca_card_attrs[] = {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
&dev_attr_cca_serialnr.attr,
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
NULL,
};
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
static const struct attribute_group cca_card_attr_grp = {
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
.attrs = cca_card_attrs,
};
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
/*
* CCA queue additional device attributes
*/
static ssize_t cca_mkvps_show(struct device *dev,
struct device_attribute *attr,
char *buf)
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
{
int n = 0;
struct cca_info ci;
struct zcrypt_queue *zq = to_ap_queue(dev)->private;
static const char * const cao_state[] = { "invalid", "valid" };
static const char * const new_state[] = { "empty", "partial", "full" };
memset(&ci, 0, sizeof(ci));
cca_get_info(AP_QID_CARD(zq->queue->qid),
AP_QID_QUEUE(zq->queue->qid),
&ci, zq->online);
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
if (ci.new_aes_mk_state >= '1' && ci.new_aes_mk_state <= '3')
n = scnprintf(buf, PAGE_SIZE, "AES NEW: %s 0x%016llx\n",
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
new_state[ci.new_aes_mk_state - '1'],
ci.new_aes_mkvp);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
else
n = scnprintf(buf, PAGE_SIZE, "AES NEW: - -\n");
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
if (ci.cur_aes_mk_state >= '1' && ci.cur_aes_mk_state <= '2')
n += scnprintf(buf + n, PAGE_SIZE - n,
"AES CUR: %s 0x%016llx\n",
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
cao_state[ci.cur_aes_mk_state - '1'],
ci.cur_aes_mkvp);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
else
n += scnprintf(buf + n, PAGE_SIZE - n, "AES CUR: - -\n");
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
if (ci.old_aes_mk_state >= '1' && ci.old_aes_mk_state <= '2')
n += scnprintf(buf + n, PAGE_SIZE - n,
"AES OLD: %s 0x%016llx\n",
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
cao_state[ci.old_aes_mk_state - '1'],
ci.old_aes_mkvp);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
else
n += scnprintf(buf + n, PAGE_SIZE - n, "AES OLD: - -\n");
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
s390/zcrypt: Support for CCA APKA master keys Support for CCA APKA (used for CCA ECC keys) master keys. The existing mkvps sysfs attribute for each queue for cards in CCA mode is extended to show the APKA master key register states and verification pattern: Improve the mkvps sysfs attribute to display the APKA master key verification patterns for old, current and new master key registers. The APKA master key is used to encrypt CCA ECC secure keys. The syntax is analog to the existing AES mk verification patterns: APKA NEW: <new_apka_mk_state> <new_apka_mk_mkvp> APKA CUR: <cur_apka_mk_state> <cur_apka_mk_mkvp> APKA OLD: <old_apka_mk_state> <old_apka_mk_mkvp> with <new_apka_mk_state>: 'empty' or 'partial' or 'full' <cur_apka_mk_state>: 'valid' or 'invalid' <old_apka_mk_state>: 'valid' or 'invalid' <new_apka_mk_mkvp>, <cur_apka_mk_mkvp>, <old_apka_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. The internal function cca_findcard2() also supports to match against the APKA master key verification patterns and the pkey kernel module which uses this function needed compatible rewrite of these invocations. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-09-04 22:11:37 +08:00
if (ci.new_apka_mk_state >= '1' && ci.new_apka_mk_state <= '3')
n += scnprintf(buf + n, PAGE_SIZE - n,
"APKA NEW: %s 0x%016llx\n",
new_state[ci.new_apka_mk_state - '1'],
ci.new_apka_mkvp);
else
n += scnprintf(buf + n, PAGE_SIZE - n, "APKA NEW: - -\n");
if (ci.cur_apka_mk_state >= '1' && ci.cur_apka_mk_state <= '2')
n += scnprintf(buf + n, PAGE_SIZE - n,
"APKA CUR: %s 0x%016llx\n",
cao_state[ci.cur_apka_mk_state - '1'],
ci.cur_apka_mkvp);
else
n += scnprintf(buf + n, PAGE_SIZE - n, "APKA CUR: - -\n");
if (ci.old_apka_mk_state >= '1' && ci.old_apka_mk_state <= '2')
n += scnprintf(buf + n, PAGE_SIZE - n,
"APKA OLD: %s 0x%016llx\n",
cao_state[ci.old_apka_mk_state - '1'],
ci.old_apka_mkvp);
else
n += scnprintf(buf + n, PAGE_SIZE - n, "APKA OLD: - -\n");
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
return n;
}
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
static struct device_attribute dev_attr_cca_mkvps =
__ATTR(mkvps, 0444, cca_mkvps_show, NULL);
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
static struct attribute *cca_queue_attrs[] = {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
&dev_attr_cca_mkvps.attr,
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
NULL,
};
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
static const struct attribute_group cca_queue_attr_grp = {
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
.attrs = cca_queue_attrs,
};
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
/*
* EP11 card additional device attributes
*/
static ssize_t ep11_api_ordinalnr_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
struct ep11_card_info ci;
struct ap_card *ac = to_ap_card(dev);
struct zcrypt_card *zc = ac->private;
memset(&ci, 0, sizeof(ci));
ep11_get_card_info(ac->id, &ci, zc->online);
if (ci.API_ord_nr > 0)
return scnprintf(buf, PAGE_SIZE, "%u\n", ci.API_ord_nr);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
else
return scnprintf(buf, PAGE_SIZE, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
}
static struct device_attribute dev_attr_ep11_api_ordinalnr =
__ATTR(API_ordinalnr, 0444, ep11_api_ordinalnr_show, NULL);
static ssize_t ep11_fw_version_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
struct ep11_card_info ci;
struct ap_card *ac = to_ap_card(dev);
struct zcrypt_card *zc = ac->private;
memset(&ci, 0, sizeof(ci));
ep11_get_card_info(ac->id, &ci, zc->online);
if (ci.FW_version > 0)
return scnprintf(buf, PAGE_SIZE, "%d.%d\n",
(int)(ci.FW_version >> 8),
(int)(ci.FW_version & 0xFF));
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
else
return scnprintf(buf, PAGE_SIZE, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
}
static struct device_attribute dev_attr_ep11_fw_version =
__ATTR(FW_version, 0444, ep11_fw_version_show, NULL);
static ssize_t ep11_serialnr_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
struct ep11_card_info ci;
struct ap_card *ac = to_ap_card(dev);
struct zcrypt_card *zc = ac->private;
memset(&ci, 0, sizeof(ci));
ep11_get_card_info(ac->id, &ci, zc->online);
if (ci.serial[0])
return scnprintf(buf, PAGE_SIZE, "%16.16s\n", ci.serial);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
else
return scnprintf(buf, PAGE_SIZE, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
}
static struct device_attribute dev_attr_ep11_serialnr =
__ATTR(serialnr, 0444, ep11_serialnr_show, NULL);
static const struct {
int mode_bit;
const char *mode_txt;
} ep11_op_modes[] = {
{ 0, "FIPS2009" },
{ 1, "BSI2009" },
{ 2, "FIPS2011" },
{ 3, "BSI2011" },
{ 6, "BSICC2017" },
{ 0, NULL }
};
static ssize_t ep11_card_op_modes_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
int i, n = 0;
struct ep11_card_info ci;
struct ap_card *ac = to_ap_card(dev);
struct zcrypt_card *zc = ac->private;
memset(&ci, 0, sizeof(ci));
ep11_get_card_info(ac->id, &ci, zc->online);
for (i = 0; ep11_op_modes[i].mode_txt; i++) {
if (ci.op_mode & (1ULL << ep11_op_modes[i].mode_bit)) {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
if (n > 0)
buf[n++] = ' ';
n += scnprintf(buf + n, PAGE_SIZE - n,
"%s", ep11_op_modes[i].mode_txt);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
}
}
n += scnprintf(buf + n, PAGE_SIZE - n, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
return n;
}
static struct device_attribute dev_attr_ep11_card_op_modes =
__ATTR(op_modes, 0444, ep11_card_op_modes_show, NULL);
static struct attribute *ep11_card_attrs[] = {
&dev_attr_ep11_api_ordinalnr.attr,
&dev_attr_ep11_fw_version.attr,
&dev_attr_ep11_serialnr.attr,
&dev_attr_ep11_card_op_modes.attr,
NULL,
};
static const struct attribute_group ep11_card_attr_grp = {
.attrs = ep11_card_attrs,
};
/*
* EP11 queue additional device attributes
*/
static ssize_t ep11_mkvps_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
int n = 0;
struct ep11_domain_info di;
struct zcrypt_queue *zq = to_ap_queue(dev)->private;
static const char * const cwk_state[] = { "invalid", "valid" };
static const char * const nwk_state[] = { "empty", "uncommitted",
"committed" };
memset(&di, 0, sizeof(di));
if (zq->online)
ep11_get_domain_info(AP_QID_CARD(zq->queue->qid),
AP_QID_QUEUE(zq->queue->qid),
&di);
if (di.cur_wk_state == '0') {
n = scnprintf(buf, PAGE_SIZE, "WK CUR: %s -\n",
cwk_state[di.cur_wk_state - '0']);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else if (di.cur_wk_state == '1') {
n = scnprintf(buf, PAGE_SIZE, "WK CUR: %s 0x",
cwk_state[di.cur_wk_state - '0']);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
bin2hex(buf + n, di.cur_wkvp, sizeof(di.cur_wkvp));
n += 2 * sizeof(di.cur_wkvp);
n += scnprintf(buf + n, PAGE_SIZE - n, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else
n = scnprintf(buf, PAGE_SIZE, "WK CUR: - -\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
if (di.new_wk_state == '0') {
n += scnprintf(buf + n, PAGE_SIZE - n, "WK NEW: %s -\n",
nwk_state[di.new_wk_state - '0']);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else if (di.new_wk_state >= '1' && di.new_wk_state <= '2') {
n += scnprintf(buf + n, PAGE_SIZE - n, "WK NEW: %s 0x",
nwk_state[di.new_wk_state - '0']);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
bin2hex(buf + n, di.new_wkvp, sizeof(di.new_wkvp));
n += 2 * sizeof(di.new_wkvp);
n += scnprintf(buf + n, PAGE_SIZE - n, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else
n += scnprintf(buf + n, PAGE_SIZE - n, "WK NEW: - -\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
return n;
}
static struct device_attribute dev_attr_ep11_mkvps =
__ATTR(mkvps, 0444, ep11_mkvps_show, NULL);
static ssize_t ep11_queue_op_modes_show(struct device *dev,
struct device_attribute *attr,
char *buf)
{
int i, n = 0;
struct ep11_domain_info di;
struct zcrypt_queue *zq = to_ap_queue(dev)->private;
memset(&di, 0, sizeof(di));
if (zq->online)
ep11_get_domain_info(AP_QID_CARD(zq->queue->qid),
AP_QID_QUEUE(zq->queue->qid),
&di);
for (i = 0; ep11_op_modes[i].mode_txt; i++) {
if (di.op_mode & (1ULL << ep11_op_modes[i].mode_bit)) {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
if (n > 0)
buf[n++] = ' ';
n += scnprintf(buf + n, PAGE_SIZE - n,
"%s", ep11_op_modes[i].mode_txt);
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
}
}
n += scnprintf(buf + n, PAGE_SIZE - n, "\n");
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
return n;
}
static struct device_attribute dev_attr_ep11_queue_op_modes =
__ATTR(op_modes, 0444, ep11_queue_op_modes_show, NULL);
static struct attribute *ep11_queue_attrs[] = {
&dev_attr_ep11_mkvps.attr,
&dev_attr_ep11_queue_op_modes.attr,
NULL,
};
static const struct attribute_group ep11_queue_attr_grp = {
.attrs = ep11_queue_attrs,
};
/**
* Probe function for CEX4/CEX5/CEX6/CEX7 card device. It always
* accepts the AP device since the bus_match already checked
* the hardware type.
* @ap_dev: pointer to the AP device.
*/
static int zcrypt_cex4_card_probe(struct ap_device *ap_dev)
{
/*
* Normalized speed ratings per crypto adapter
* MEX_1k, MEX_2k, MEX_4k, CRT_1k, CRT_2k, CRT_4k, RNG, SECKEY
*/
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX4A_SPEED_IDX[NUM_OPS] = {
14, 19, 249, 42, 228, 1458, 0, 0};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX5A_SPEED_IDX[NUM_OPS] = {
8, 9, 20, 18, 66, 458, 0, 0};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX6A_SPEED_IDX[NUM_OPS] = {
6, 9, 20, 17, 65, 438, 0, 0};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX7A_SPEED_IDX[NUM_OPS] = {
6, 8, 17, 15, 54, 362, 0, 0};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX4C_SPEED_IDX[NUM_OPS] = {
59, 69, 308, 83, 278, 2204, 209, 40};
static const int CEX5C_SPEED_IDX[] = {
24, 31, 50, 37, 90, 479, 27, 10};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX6C_SPEED_IDX[NUM_OPS] = {
16, 20, 32, 27, 77, 455, 24, 9};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX7C_SPEED_IDX[NUM_OPS] = {
14, 16, 26, 23, 64, 376, 23, 8};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX4P_SPEED_IDX[NUM_OPS] = {
0, 0, 0, 0, 0, 0, 0, 50};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX5P_SPEED_IDX[NUM_OPS] = {
0, 0, 0, 0, 0, 0, 0, 10};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX6P_SPEED_IDX[NUM_OPS] = {
0, 0, 0, 0, 0, 0, 0, 9};
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
static const int CEX7P_SPEED_IDX[NUM_OPS] = {
0, 0, 0, 0, 0, 0, 0, 8};
struct ap_card *ac = to_ap_card(&ap_dev->device);
struct zcrypt_card *zc;
int rc = 0;
zc = zcrypt_card_alloc();
if (!zc)
return -ENOMEM;
zc->card = ac;
ac->private = zc;
if (ap_test_bit(&ac->functions, AP_FUNC_ACCEL)) {
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
zc->type_string = "CEX4A";
zc->user_space_type = ZCRYPT_CEX4;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX4A_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
zc->type_string = "CEX5A";
zc->user_space_type = ZCRYPT_CEX5;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX5A_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX6) {
zc->type_string = "CEX6A";
zc->user_space_type = ZCRYPT_CEX6;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX6A_SPEED_IDX;
} else {
zc->type_string = "CEX7A";
/* wrong user space type, just for compatibility
* with the ZCRYPT_STATUS_MASK ioctl.
*/
zc->user_space_type = ZCRYPT_CEX6;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX7A_SPEED_IDX;
}
zc->min_mod_size = CEX4A_MIN_MOD_SIZE;
if (ap_test_bit(&ac->functions, AP_FUNC_MEX4K) &&
ap_test_bit(&ac->functions, AP_FUNC_CRT4K)) {
zc->max_mod_size = CEX4A_MAX_MOD_SIZE_4K;
zc->max_exp_bit_length =
CEX4A_MAX_MOD_SIZE_4K;
} else {
zc->max_mod_size = CEX4A_MAX_MOD_SIZE_2K;
zc->max_exp_bit_length =
CEX4A_MAX_MOD_SIZE_2K;
}
} else if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) {
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
zc->type_string = "CEX4C";
/* wrong user space type, must be CEX4
* just keep it for cca compatibility
*/
zc->user_space_type = ZCRYPT_CEX3C;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX4C_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
zc->type_string = "CEX5C";
/* wrong user space type, must be CEX5
* just keep it for cca compatibility
*/
zc->user_space_type = ZCRYPT_CEX3C;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX5C_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX6) {
zc->type_string = "CEX6C";
/* wrong user space type, must be CEX6
* just keep it for cca compatibility
*/
zc->user_space_type = ZCRYPT_CEX3C;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX6C_SPEED_IDX;
} else {
zc->type_string = "CEX7C";
/* wrong user space type, must be CEX7
* just keep it for cca compatibility
*/
zc->user_space_type = ZCRYPT_CEX3C;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX7C_SPEED_IDX;
}
zc->min_mod_size = CEX4C_MIN_MOD_SIZE;
zc->max_mod_size = CEX4C_MAX_MOD_SIZE;
zc->max_exp_bit_length = CEX4C_MAX_MOD_SIZE;
} else if (ap_test_bit(&ac->functions, AP_FUNC_EP11)) {
if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX4) {
zc->type_string = "CEX4P";
zc->user_space_type = ZCRYPT_CEX4;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX4P_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX5) {
zc->type_string = "CEX5P";
zc->user_space_type = ZCRYPT_CEX5;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX5P_SPEED_IDX;
} else if (ac->ap_dev.device_type == AP_DEVICE_TYPE_CEX6) {
zc->type_string = "CEX6P";
zc->user_space_type = ZCRYPT_CEX6;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX6P_SPEED_IDX;
} else {
zc->type_string = "CEX7P";
/* wrong user space type, just for compatibility
* with the ZCRYPT_STATUS_MASK ioctl.
*/
zc->user_space_type = ZCRYPT_CEX6;
s390/zcrypt: introduce msg tracking in zcrypt functions Introduce a new internal struct zcrypt_track with an retry counter field and a last return code field. Fill and update these fields at certain points during processing of an request/reply. This tracking info is then used to - avoid trying to resend the message forever. Now each message is tried to be send TRACK_AGAIN_MAX (currently 10) times and then the ioctl returns to userspace with errno EAGAIN. - avoid trying to resend the message on the very same card/domain. If possible (more than one APQN with same quality) don't use the very same qid as the previous attempt when again scheduling the request. This is done by adding penalty weight values when the dispatching takes place. There is a penalty TRACK_AGAIN_CARD_WEIGHT_PENALTY for using the same card as previously and another penalty define TRACK_AGAIN_QUEUE_WEIGHT_PENALTY to be considered when the same qid as the previous sent attempt is calculated. Both values make it harder to choose the very same card/domain but not impossible. For example when only one APQN is available a resend can only address the very same APQN. There are some more ideas for the future to extend the use of this tracking information. For example the last response code at NQAP and DQAP could be stored there, giving the possibility to extended tracing and debugging about requests failing to get processed properly. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2020-07-02 17:10:11 +08:00
zc->speed_rating = CEX7P_SPEED_IDX;
}
zc->min_mod_size = CEX4C_MIN_MOD_SIZE;
zc->max_mod_size = CEX4C_MAX_MOD_SIZE;
zc->max_exp_bit_length = CEX4C_MAX_MOD_SIZE;
} else {
zcrypt_card_free(zc);
return -ENODEV;
}
zc->online = 1;
rc = zcrypt_card_register(zc);
if (rc) {
ac->private = NULL;
zcrypt_card_free(zc);
return rc;
}
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
if (ap_test_bit(&ac->functions, AP_FUNC_COPRO)) {
rc = sysfs_create_group(&ap_dev->device.kobj,
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
&cca_card_attr_grp);
if (rc) {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
zcrypt_card_unregister(zc);
ac->private = NULL;
zcrypt_card_free(zc);
}
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else if (ap_test_bit(&ac->functions, AP_FUNC_EP11)) {
rc = sysfs_create_group(&ap_dev->device.kobj,
&ep11_card_attr_grp);
if (rc) {
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
zcrypt_card_unregister(zc);
ac->private = NULL;
zcrypt_card_free(zc);
}
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
}
return rc;
}
/**
* This is called to remove the CEX4/CEX5/CEX6/CEX7 card driver
* information if an AP card device is removed.
*/
static void zcrypt_cex4_card_remove(struct ap_device *ap_dev)
{
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
struct ap_card *ac = to_ap_card(&ap_dev->device);
struct zcrypt_card *zc = ac->private;
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
if (ap_test_bit(&ac->functions, AP_FUNC_COPRO))
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
sysfs_remove_group(&ap_dev->device.kobj, &cca_card_attr_grp);
else if (ap_test_bit(&ac->functions, AP_FUNC_EP11))
sysfs_remove_group(&ap_dev->device.kobj, &ep11_card_attr_grp);
if (zc)
zcrypt_card_unregister(zc);
}
static struct ap_driver zcrypt_cex4_card_driver = {
.probe = zcrypt_cex4_card_probe,
.remove = zcrypt_cex4_card_remove,
.ids = zcrypt_cex4_card_ids,
s390/zcrypt: AP bus support for alternate driver(s) The current AP bus, AP devices and AP device drivers implementation uses a clearly defined mapping for binding AP devices to AP device drivers. So for example a CEX6C queue will always be bound to the cex4queue device driver. The Linux Device Driver model has no sensitivity for more than one device driver eligible for one device type. If there exist more than one drivers matching to the device type, simple all drivers are tried consecutively. There is no way to determine and influence the probing order of the drivers. With KVM there is a need to provide additional device drivers matching to the very same type of AP devices. With a simple implementation the KVM drivers run in competition to the regular drivers. Whichever 'wins' a device depends on build order and implementation details within the common Linux Device Driver Model and is not deterministic. However, a userspace process could figure out which device should be bound to which driver and sort out the correct binding by manipulating attributes in the sysfs. If for security reasons a AP device must not get bound to the 'wrong' device driver the sorting out has to be done within the Linux kernel by the AP bus code. This patch modifies the behavior of the AP bus for probing drivers for devices in a way that two sets of drivers are usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a subset of the APQN range for 'usable by the ap bus and the default drivers' or 'not usable by the default drivers and thus available for alternate drivers like vfio-xxx'. So an APQN which is addressed by this masking only the default drivers will be probed. In contrary an APQN which is not addressed by the masks will never be probed and bound to default drivers but onny to alternate drivers. Eventually the two masks give a way to divide the range of APQNs into two pools: one pool of APQNs used by the AP bus and the default drivers and thus via zcrypt drivers available to the userspace of the system. And another pool where no zcrypt drivers are bound to and which can be used by alternate drivers (like vfio-xxx) for their needs. This division is hot-plug save and makes sure a APQN assigned to an alternate driver is at no time somehow exploitable by the wrong party. The two masks are located in sysfs at /sys/bus/ap/apmask and /sys/bus/ap/aqmask. The mask syntax is exactly the same as the already existing mask attributes in the /sys/bus/ap directory (for example ap_usage_domain_mask and ap_control_domain_mask). By default all APQNs belong to the ap bus and the default drivers: cat /sys/bus/ap/apmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff cat /sys/bus/ap/aqmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff The masks can be changed at boot time with the kernel command line like this: ... ap.apmask=0xffff ap.aqmask=0x40 This would give these two pools: default drivers pool: adapter 0 - 15, domain 1 alternate drivers pool: adapter 0 - 15, all but domain 1 adapter 16-255, all domains The sysfs attributes for this two masks are writeable and an administrator is able to reconfigure the assignements on the fly by writing new mask values into. With changing the mask(s) a revision of the existing queue to driver bindings is done. So all APQNs which are bound to the 'wrong' driver are reprobed via kernel function device_reprobe() and thus the new correct driver will be assigned with respect of the changed apmask and aqmask bits. The mask values are bitmaps in big endian order starting with bit 0. So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs attributes accept 2 different formats: - Absolute hex string starting with 0x like "0x12345678" does set the mask starting from left to right. If the given string is shorter than the mask it is padded with 0s on the right. If the string is longer than the mask an error comes back (EINVAL). - '+' or '-' followed by a numerical value. Valid examples are "+1", "-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed bit in the mask is switched on ('+') or off ('-'). This patch will also be the base for an upcoming extension to the zcrypt drivers to be able to provide additional zcrypt device nodes with filtering based on ap and aq masks. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 14:36:53 +08:00
.flags = AP_DRIVER_FLAG_DEFAULT,
};
/**
* Probe function for CEX4/CEX5/CEX6/CEX7 queue device. It always
* accepts the AP device since the bus_match already checked
* the hardware type.
* @ap_dev: pointer to the AP device.
*/
static int zcrypt_cex4_queue_probe(struct ap_device *ap_dev)
{
struct ap_queue *aq = to_ap_queue(&ap_dev->device);
struct zcrypt_queue *zq;
int rc;
if (ap_test_bit(&aq->card->functions, AP_FUNC_ACCEL)) {
zq = zcrypt_queue_alloc(CEX4A_MAX_MESSAGE_SIZE);
if (!zq)
return -ENOMEM;
zq->ops = zcrypt_msgtype(MSGTYPE50_NAME,
MSGTYPE50_VARIANT_DEFAULT);
} else if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) {
zq = zcrypt_queue_alloc(CEX4C_MAX_MESSAGE_SIZE);
if (!zq)
return -ENOMEM;
zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
MSGTYPE06_VARIANT_DEFAULT);
} else if (ap_test_bit(&aq->card->functions, AP_FUNC_EP11)) {
zq = zcrypt_queue_alloc(CEX4C_MAX_MESSAGE_SIZE);
if (!zq)
return -ENOMEM;
zq->ops = zcrypt_msgtype(MSGTYPE06_NAME,
MSGTYPE06_VARIANT_EP11);
} else {
return -ENODEV;
}
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
zq->queue = aq;
zq->online = 1;
atomic_set(&zq->load, 0);
ap_queue_init_state(aq);
ap_queue_init_reply(aq, &zq->reply);
aq->request_timeout = CEX4_CLEANUP_TIME;
aq->private = zq;
rc = zcrypt_queue_register(zq);
if (rc) {
aq->private = NULL;
zcrypt_queue_free(zq);
return rc;
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
}
if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO)) {
rc = sysfs_create_group(&ap_dev->device.kobj,
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
&cca_queue_attr_grp);
if (rc) {
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
zcrypt_queue_unregister(zq);
aq->private = NULL;
zcrypt_queue_free(zq);
}
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
} else if (ap_test_bit(&aq->card->functions, AP_FUNC_EP11)) {
rc = sysfs_create_group(&ap_dev->device.kobj,
&ep11_queue_attr_grp);
if (rc) {
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
zcrypt_queue_unregister(zq);
aq->private = NULL;
zcrypt_queue_free(zq);
}
}
return rc;
}
/**
* This is called to remove the CEX4/CEX5/CEX6/CEX7 queue driver
* information if an AP queue device is removed.
*/
static void zcrypt_cex4_queue_remove(struct ap_device *ap_dev)
{
struct ap_queue *aq = to_ap_queue(&ap_dev->device);
struct zcrypt_queue *zq = aq->private;
s390/zcrypt: new sysfs attributes serialnr and mkvps This patch extends the sysfs interface with two new attributes for the CEX4, CEX5 and CEX6 crypto cards/queues in coprocessor ('CCA') mode: /sys/devices/ap/cardxx/serialnr /sys/devices/ap/cardxx/xx.yyyy/mkvps The serialnr attribute is card based and shows the 8 character ASCII serial number string which should unique identify the card. The mkvps is queue based and displays 3 lines of information about the new, current and old master key register: AES NEW: <new_aes_mk_state> <new_aes_mk_mkvp> AES CUR: <cur_aes_mk_state> <cur_aes_mk_mkvp> AES OLD: <old_aes_mk_state> <old_aes_mk_mkvp> with <new_aes_mk_state>: 'empty' or 'partial' or 'full' <cur_aes_mk_state>: 'valid' or 'invalid' <old_aes_mk_state>: 'valid' or 'invalid' <new_aes_mk_mkvp>, <cur_aes_mk_mkvp>, <old_aes_mk_mkvp> 8 byte hex string with leading 0x MKVP means Master Key Verification Pattern and is a folded hash over the key value. Only the states 'full' and 'valid' result in displaying a useful mkvp, otherwise a mkvp of all bytes zero is shown. If for any reason the FQ fails and the (cached) information is not available, the state '-' will be shown with the mkvp value also '-'. The values shown here are the very same as the cca panel tools displays. As of now only the AES master keys states and verification patterns are shown. A CCA APQN also has similar master key registers for DES, RSA and ECC. So the content of this attribute may get extended. Reading the sysfs attribute automatically triggers an FQ CPRB to be sent to the queue as long as the queue is (soft-) online. For the serialnr attribute the queue with the default domain id is addressed (if available and valid). This is reasonable as it is assumed that this sysfs interface is not performance critical and on the other side a master key change should be visiable as soon as possible. When a queue is (soft-) offline however, the cached values are displayed. If no cached values are available, the serial number string will be empty and the mkvp lines will show state '-' and mkvp value '-'. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-06-12 21:05:34 +08:00
if (ap_test_bit(&aq->card->functions, AP_FUNC_COPRO))
s390/zcrypt: extend EP11 card and queue sysfs attributes This patch introduces new sysfs attributes for EP11 cards and queues: An EP11 card gets four new sysfs attributes: /sys/devices/ap/cardxx/API_ordinalnr The EP11 card firmware API ordinal number. /sys/devices/ap/cardxx/FW_version The EP11 card firmware major and minor version. /sys/devices/ap/cardxx/serialnr Displays the serial number of the EP11 card. The serial number is a 16 character string unique for this EP11 card. /sys/devices/ap/cardxx/op_modes Displays operation modes for this EP11 card. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The EP11 queues get two new sysfs attributes: /sys/devices/ap/cardxx/xx.yyyy/mkvps Displays information about the master key(s) states and verification patterns. Two lines are displayed: WK CUR: <wk_cur_state> <wk_cur_vp> WK NEW: <wk_new_state> <wk_new_vp> with <wk_cur_state>: 'invalid' or 'valid' <wk_new_state>: 'empty' or 'uncommitted' or 'committed' <wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern /sys/devices/ap/cardxx/xx.yyyy/op_modes Displays operation modes for this EP11 queue. Known operation modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017. The card information displayed with the sysfs attributes is fresh fetched from the card if the card is online, otherwise cached values are used. The queue information displayed with the sysfs attributes is always fetched on the fly and not cached. So each read of any of these sysfs attributes will cause an request/reply CPRB communication with the EP11 crypto card. The queue attributes address the corresponding EP11 domain within the EP11 card. The card attributes addresses any domain within the EP11 card (subject to the dispatch algorithm within the zcrypt device driver). If the addressed domain is offline or for card addressing all domains are offline the attributes will display '-' for state and verification patterns and an empty string for op mode, serial number, API_ordinalnr and FW_version. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-08-30 22:17:47 +08:00
sysfs_remove_group(&ap_dev->device.kobj, &cca_queue_attr_grp);
else if (ap_test_bit(&aq->card->functions, AP_FUNC_EP11))
sysfs_remove_group(&ap_dev->device.kobj, &ep11_queue_attr_grp);
if (zq)
zcrypt_queue_unregister(zq);
}
static struct ap_driver zcrypt_cex4_queue_driver = {
.probe = zcrypt_cex4_queue_probe,
.remove = zcrypt_cex4_queue_remove,
.ids = zcrypt_cex4_queue_ids,
s390/zcrypt: AP bus support for alternate driver(s) The current AP bus, AP devices and AP device drivers implementation uses a clearly defined mapping for binding AP devices to AP device drivers. So for example a CEX6C queue will always be bound to the cex4queue device driver. The Linux Device Driver model has no sensitivity for more than one device driver eligible for one device type. If there exist more than one drivers matching to the device type, simple all drivers are tried consecutively. There is no way to determine and influence the probing order of the drivers. With KVM there is a need to provide additional device drivers matching to the very same type of AP devices. With a simple implementation the KVM drivers run in competition to the regular drivers. Whichever 'wins' a device depends on build order and implementation details within the common Linux Device Driver Model and is not deterministic. However, a userspace process could figure out which device should be bound to which driver and sort out the correct binding by manipulating attributes in the sysfs. If for security reasons a AP device must not get bound to the 'wrong' device driver the sorting out has to be done within the Linux kernel by the AP bus code. This patch modifies the behavior of the AP bus for probing drivers for devices in a way that two sets of drivers are usable. Two new bitmasks 'apmask' and 'aqmask' are used to mark a subset of the APQN range for 'usable by the ap bus and the default drivers' or 'not usable by the default drivers and thus available for alternate drivers like vfio-xxx'. So an APQN which is addressed by this masking only the default drivers will be probed. In contrary an APQN which is not addressed by the masks will never be probed and bound to default drivers but onny to alternate drivers. Eventually the two masks give a way to divide the range of APQNs into two pools: one pool of APQNs used by the AP bus and the default drivers and thus via zcrypt drivers available to the userspace of the system. And another pool where no zcrypt drivers are bound to and which can be used by alternate drivers (like vfio-xxx) for their needs. This division is hot-plug save and makes sure a APQN assigned to an alternate driver is at no time somehow exploitable by the wrong party. The two masks are located in sysfs at /sys/bus/ap/apmask and /sys/bus/ap/aqmask. The mask syntax is exactly the same as the already existing mask attributes in the /sys/bus/ap directory (for example ap_usage_domain_mask and ap_control_domain_mask). By default all APQNs belong to the ap bus and the default drivers: cat /sys/bus/ap/apmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff cat /sys/bus/ap/aqmask 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff The masks can be changed at boot time with the kernel command line like this: ... ap.apmask=0xffff ap.aqmask=0x40 This would give these two pools: default drivers pool: adapter 0 - 15, domain 1 alternate drivers pool: adapter 0 - 15, all but domain 1 adapter 16-255, all domains The sysfs attributes for this two masks are writeable and an administrator is able to reconfigure the assignements on the fly by writing new mask values into. With changing the mask(s) a revision of the existing queue to driver bindings is done. So all APQNs which are bound to the 'wrong' driver are reprobed via kernel function device_reprobe() and thus the new correct driver will be assigned with respect of the changed apmask and aqmask bits. The mask values are bitmaps in big endian order starting with bit 0. So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs attributes accept 2 different formats: - Absolute hex string starting with 0x like "0x12345678" does set the mask starting from left to right. If the given string is shorter than the mask it is padded with 0s on the right. If the string is longer than the mask an error comes back (EINVAL). - '+' or '-' followed by a numerical value. Valid examples are "+1", "-13", "+0x41", "-0xff" and even "+0" and "-0". Only the addressed bit in the mask is switched on ('+') or off ('-'). This patch will also be the base for an upcoming extension to the zcrypt drivers to be able to provide additional zcrypt device nodes with filtering based on ap and aq masks. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-07-20 14:36:53 +08:00
.flags = AP_DRIVER_FLAG_DEFAULT,
};
int __init zcrypt_cex4_init(void)
{
int rc;
rc = ap_driver_register(&zcrypt_cex4_card_driver,
THIS_MODULE, "cex4card");
if (rc)
return rc;
rc = ap_driver_register(&zcrypt_cex4_queue_driver,
THIS_MODULE, "cex4queue");
if (rc)
ap_driver_unregister(&zcrypt_cex4_card_driver);
return rc;
}
void __exit zcrypt_cex4_exit(void)
{
ap_driver_unregister(&zcrypt_cex4_queue_driver);
ap_driver_unregister(&zcrypt_cex4_card_driver);
}
module_init(zcrypt_cex4_init);
module_exit(zcrypt_cex4_exit);