diff options
| author | Holger Dengler <[email protected]> | 2023-08-11 16:56:20 +0200 |
|---|---|---|
| committer | Heiko Carstens <[email protected]> | 2023-08-18 15:07:57 +0200 |
| commit | 386cb81e4ba7811573765aaaeb91b472639c2bae (patch) | |
| tree | 3ebc14e4894166f58fa4fb555d11e85ae5bd3116 /tools/testing/selftests/bpf/prog_tests/autoload.c | |
| parent | cba33db3fc4dbf2e54294b0e499d2335a3a00d78 (diff) | |
s390/zcrypt_ep11misc: support API ordinal 6 with empty pin-blob
Secure execution guest environments require an empty pinblob in all
key generation and unwrap requests. Empty pinblobs are only available
in EP11 API ordinal 6 or higher.
Add an empty pinblob to key generation and unwrap requests, if the AP
secure binding facility is available. In all other cases, stay with
the empty pin tag (no pinblob) and the current API ordinals.
The EP11 API ordinal also needs to be considered when the pkey module
tries to figure out the list of eligible cards for key operations
with protected keys in secure execution environment.
These changes are transparent to userspace but required for running
an secure execution guest with handling key generate and key derive
(e.g. secure key to protected key) correct. Especially using EP11
secure keys with the kernel dm-crypt layer requires this patch.
Co-developed-by: Harald Freudenberger <[email protected]>
Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Holger Dengler <[email protected]>
Reviewed-by: Ingo Franzki <[email protected]>
Signed-off-by: Heiko Carstens <[email protected]>
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/autoload.c')
0 files changed, 0 insertions, 0 deletions