PowerVM provides an isolated Platform KeyStore(PKS)[1] storage allocation for each partition(LPAR) with individually managed access controls to store sensitive information securely. The Linux Kernel can access this storage by interfacing with the hypervisor using a new set of hypervisor calls.
This storage can be used for multiple purposes. The current two usecases are: 1. Guest Secure Boot on PowerVM[2] 2. Self Encrypting Drives(SED) on PowerVM[3] Initially, the PowerVM LPAR Platform KeyStore(PLPKS) driver was defined as part of RFC patches which included the user interface design for guest secure boot[2]. While this interface is still in progress, the same driver is also required for Self Encrypting Drives(SED) support. For this reason, the driver is being split from the patchset[1] and is now separately posted with SED arch-specific code. This patchset provides driver for PowerVM LPAR Platform KeyStore and also arch-specific code for SED to make use of it. The patch series[3] is pre-requisite to build Patch 2/2. The PLPKS driver can be built of its own. [1]https://community.ibm.com/community/user/power/blogs/chris-engel1/2020/11/20/powervm-introduces-the-platform-keystore [2]https://lore.kernel.org/linuxppc-dev/20220622215648.96723-1-na...@linux.ibm.com/ [3]https://lore.kernel.org/keyrings/20220706023935.875994-1-gjo...@linux.vnet.ibm.com/T/#mc32b51991bf825ec6f90af010998ec7cd2b9624a Greg Joyce (1): powerpc/pseries: kernel interfaces to PLPKS platform driver Nayna Jain (1): powerpc/pseries: define driver for Platform KeyStore arch/powerpc/include/asm/hvcall.h | 9 + arch/powerpc/include/asm/plpks.h | 90 ++++ arch/powerpc/platforms/pseries/Kconfig | 13 + arch/powerpc/platforms/pseries/Makefile | 2 + arch/powerpc/platforms/pseries/plpks/Makefile | 8 + arch/powerpc/platforms/pseries/plpks/plpks.c | 509 ++++++++++++++++++ .../platforms/pseries/plpks/plpks_arch_ops.c | 163 ++++++ 7 files changed, 794 insertions(+) create mode 100644 arch/powerpc/include/asm/plpks.h create mode 100644 arch/powerpc/platforms/pseries/plpks/Makefile create mode 100644 arch/powerpc/platforms/pseries/plpks/plpks.c create mode 100644 arch/powerpc/platforms/pseries/plpks/plpks_arch_ops.c -- 2.27.0