[PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Bloc

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Bloc

From:	Zhuoying Cai
Subject:	[PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)
Date:	Thu, 8 May 2025 18:50:26 -0400

The IPL information report block (IIRB) contains information used
to locate IPL records and to report the results of signature verification
of one or more secure components of the load device.

IIRB is stored immediately following the IPL Parameter Block. Results on
component verification in any case (failure or success) are stored.

Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
 pc-bios/s390-ccw/iplb.h | 62 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
index 08f259ff31..bdbc733e16 100644
--- a/pc-bios/s390-ccw/iplb.h
+++ b/pc-bios/s390-ccw/iplb.h
@@ -23,6 +23,68 @@ extern QemuIplParameters qipl;
 extern IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
 extern bool have_iplb;
 
+struct IplInfoReportBlockHeader {
+    uint32_t len;
+    uint8_t  iirb_flags;
+    uint8_t  reserved1[2];
+    uint8_t  version;
+    uint8_t  reserved2[8];
+} __attribute__ ((packed));
+typedef struct IplInfoReportBlockHeader IplInfoReportBlockHeader;
+
+struct IplInfoBlockHeader {
+    uint32_t len;
+    uint8_t  ibt;
+    uint8_t  reserved1[3];
+    uint8_t  reserved2[8];
+} __attribute__ ((packed));
+typedef struct IplInfoBlockHeader IplInfoBlockHeader;
+
+enum IplIbt {
+    IPL_IBT_CERTIFICATES = 1,
+    IPL_IBT_COMPONENTS = 2,
+};
+
+struct IplSignatureCertificateEntry {
+    uint64_t addr;
+    uint64_t len;
+} __attribute__ ((packed));
+typedef struct IplSignatureCertificateEntry IplSignatureCertificateEntry;
+
+struct IplSignatureCertificateList {
+    IplInfoBlockHeader            ipl_info_header;
+    IplSignatureCertificateEntry  cert_entries[MAX_CERTIFICATES];
+} __attribute__ ((packed));
+typedef struct IplSignatureCertificateList IplSignatureCertificateList;
+
+#define S390_IPL_COMPONENT_FLAG_SC  0x80
+#define S390_IPL_COMPONENT_FLAG_CSV 0x40
+
+struct IplDeviceComponentEntry {
+    uint64_t addr;
+    uint64_t len;
+    uint8_t  flags;
+    uint8_t  reserved1[5];
+    uint16_t cert_index;
+    uint8_t  reserved2[8];
+} __attribute__ ((packed));
+typedef struct IplDeviceComponentEntry IplDeviceComponentEntry;
+
+struct IplDeviceComponentList {
+    IplInfoBlockHeader       ipl_info_header;
+    IplDeviceComponentEntry  device_entries[MAX_CERTIFICATES];
+} __attribute__ ((packed));
+typedef struct IplDeviceComponentList IplDeviceComponentList;
+
+#define COMP_LIST_MAX   sizeof(IplDeviceComponentList)
+#define CERT_LIST_MAX   sizeof(IplSignatureCertificateList)
+
+struct IplInfoReportBlock {
+    IplInfoReportBlockHeader     hdr;
+    uint8_t                      info_blks[COMP_LIST_MAX + CERT_LIST_MAX];
+} __attribute__ ((packed));
+typedef struct IplInfoReportBlock IplInfoReportBlock;
+
 #define S390_IPL_TYPE_FCP 0x00
 #define S390_IPL_TYPE_CCW 0x02
 #define S390_IPL_TYPE_QEMU_SCSI 0xff
-- 
2.49.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 00/25] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices, Zhuoying Cai, 2025/05/08
- [PATCH v2 01/25] Add -boot-certificates to s390-ccw-virtio machine type option, Zhuoying Cai, 2025/05/08
- [PATCH v2 02/25] hw/s390x/ipl: Create certificate store, Zhuoying Cai, 2025/05/08
- [PATCH v2 03/25] s390x: Guest support for Certificate Store Facility (CS), Zhuoying Cai, 2025/05/08
- [PATCH v2 04/25] s390x/diag: Introduce DIAG 320 for certificate store facility, Zhuoying Cai, 2025/05/08
- [PATCH v2 05/25] s390x/diag: Refactor address validation check from diag308_parm_check, Zhuoying Cai, 2025/05/08
- [PATCH v2 06/25] s390x/diag: Implement DIAG 320 subcode 1, Zhuoying Cai, 2025/05/08
- [PATCH v2 07/25] s390x/diag: Implement DIAG 320 subcode 2, Zhuoying Cai, 2025/05/08
- [PATCH v2 08/25] s390x/diag: Introduce DIAG 508 for secure IPL operations, Zhuoying Cai, 2025/05/08
- [PATCH v2 09/25] s390x/diag: Implement DIAG 508 subcode 1 for signature verification, Zhuoying Cai, 2025/05/08
- [PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB), Zhuoying Cai <=
- [PATCH v2 12/25] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block, Zhuoying Cai, 2025/05/08
- [PATCH v2 13/25] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block, Zhuoying Cai, 2025/05/08
- [PATCH v2 11/25] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers, Zhuoying Cai, 2025/05/08
- [PATCH v2 14/25] s390x: Guest support for Secure-IPL Facility, Zhuoying Cai, 2025/05/08
- [PATCH v2 15/25] pc-bios/s390-ccw: Refactor zipl_run(), Zhuoying Cai, 2025/05/08
- [PATCH v2 16/25] pc-bios/s390-ccw: Refactor zipl_load_segment function, Zhuoying Cai, 2025/05/08
- [PATCH v2 17/25] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode, Zhuoying Cai, 2025/05/08
- [PATCH v2 18/25] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF), Zhuoying Cai, 2025/05/08
- [PATCH v2 19/25] pc-bios/s390-ccw: Add additional security checks for secure boot, Zhuoying Cai, 2025/05/08
- [PATCH v2 20/25] Add -secure-boot to s390-ccw-virtio machine type option, Zhuoying Cai, 2025/05/08

Prev by Date: [PATCH v2 09/25] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
Next by Date: [PATCH v2 12/25] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block
Previous by thread: [PATCH v2 09/25] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
Next by thread: [PATCH v2 12/25] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block
Index(es):
- Date
- Thread