[M][PATCH 0/1] pkey: support EP11 API ordinal 6 for secure guests (LP: 2029390)
frank.heimes at canonical.com
frank.heimes at canonical.com
Wed Sep 6 13:30:30 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2029390
Secure Execution guests must use the EP11 API ordinal 6 to create (generate,
unwrap, derive) secure keys which encodes a NULL PIN (no session) as a string
of zero-bytes.
Therefore, the pkey module must be updated to check whether the Linux system
is running as a secure guest and if so modify secure key creating requests
(key(pair) gen, unwrap) to use ordinal 6 API.
As pre-requirement, the PR for LP: 2028937 need to be applied prior to this.
Holger Dengler (1):
s390/zcrypt_ep11misc: support API ordinal 6 with empty pin-blob
drivers/s390/crypto/ap_bus.c | 9 ++++
drivers/s390/crypto/ap_bus.h | 1 +
drivers/s390/crypto/pkey_api.c | 27 ++++++++----
drivers/s390/crypto/zcrypt_ep11misc.c | 60 ++++++++++++++++++++-------
drivers/s390/crypto/zcrypt_ep11misc.h | 4 +-
5 files changed, 76 insertions(+), 25 deletions(-)
--
2.25.1
More information about the kernel-team
mailing list