git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Srish Srinivasan <ssrish@linux.ibm.com>
	Tue, 27 Jan 2026 14:52:26 +0000 (20:22 +0530)
committer	Madhavan Srinivasan <maddy@linux.ibm.com>
	Fri, 30 Jan 2026 03:57:26 +0000 (09:27 +0530)
commit	133aa79e211d2572c5c9b9671461a55d50bebda8
tree	cf937f7e6397eb1d901baffe39a0b0fa4c48c4c8	tree
parent	447eb1d5ef00f7da918221ed690cac980385d993	commit \| diff

pseries/plpks: add HCALLs for PowerVM Key Wrapping Module

The hypervisor generated wrapping key is an AES-GCM-256 symmetric key which
is stored in a non-volatile, secure, and encrypted storage called the Power
LPAR Platform KeyStore. It has policy based protections that prevent it
from being read out or exposed to the user.

Implement H_PKS_GEN_KEY, H_PKS_WRAP_OBJECT, and H_PKS_UNWRAP_OBJECT HCALLs
to enable using the PowerVM Key Wrapping Module (PKWM) as a new trust
source for trusted keys. Disallow H_PKS_READ_OBJECT, H_PKS_SIGNED_UPDATE,
and H_PKS_WRITE_OBJECT for objects with the 'wrapping key' policy set.
Capture the availability status for the H_PKS_WRAP_OBJECT interface.

Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20260127145228.48320-5-ssrish@linux.ibm.com

Documentation/arch/powerpc/papr_hcalls.rst		diff \| blob \| blame \| history
arch/powerpc/include/asm/plpks.h		diff \| blob \| blame \| history
arch/powerpc/platforms/pseries/plpks.c		diff \| blob \| blame \| history