SLFO-pool/s390-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
s390-tools/s390-tools-pvimg-additional-01.patch

168 lines
8.1 KiB
Diff
Raw Permalink Blame History

From 5b6d7a467dc342c9c25a0af72b2d5546798cdc94 Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Date: Thu, 12 Dec 2024 20:19:56 +0100
Subject: [PATCH] rust/pvimg: Add '--cck <FILE>' command line option and make
'--comm-key' an alias
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add '--cck <FILE>' as an command line option and make '--comm-key' an
alias of it. This makes the command line more similar to the other
Secure Execution related PV-tools (e.g. pvattest and pvsecret).
Suggested-by: Reinhard Bündgen <buendgen@de.ibm.com>
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
rust/pvimg/man/genprotimg.1 | 11 +++++------
rust/pvimg/man/pvimg-create.1 | 11 +++++------
rust/pvimg/src/cli.rs | 14 ++++++++------
rust/pvimg/src/cmd/create.rs | 3 +--
4 files changed, 19 insertions(+), 20 deletions(-)
Index: s390-tools-2.36.0/rust/pvimg/man/genprotimg.1
===================================================================
--- s390-tools-2.36.0.orig/rust/pvimg/man/genprotimg.1
+++ s390-tools-2.36.0/rust/pvimg/man/genprotimg.1
@@ -123,7 +123,7 @@ Overwrite an existing Secure Execution b
.RE
.RE
.PP
-\-\-comm\-key <FILE>
+\-\-cck, \-\-comm\-key <FILE>
.RS 4
Use the content of FILE as the customer\-communication key (CCK). The file must
contain exactly 32 bytes of data.
@@ -133,7 +133,7 @@ contain exactly 32 bytes of data.
\-\-enable\-dump
.RS 4
Enable Secure Execution guest dump support. This option requires the
-\fB\-\-comm\-key\fR option.
+\fB\-\-cck\fR option.
.RE
.RE
.PP
@@ -146,8 +146,7 @@ Disable Secure Execution guest dump supp
\-\-enable\-cck\-extension\-secret
.RS 4
Add\-secret requests must provide an extension secret that matches the
-CCK\-derived extension secret. This option requires the \fB\-\-comm\-key\fR
-option.
+CCK\-derived extension secret. This option requires the \fB\-\-cck\fR option.
.RE
.RE
.PP
@@ -268,7 +267,7 @@ Generate an IBM Secure Execution image:
Generate an IBM Secure Execution image with Secure Execution guest dump support:
.PP
-.B genprotimg \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-comm\-key \fI\,comm-key\fR
+.B genprotimg \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-cck \fI\,comm-key\fR
.SH NOTES
.IP "1." 4
The \fBgenprotimg\fR(1) command is a symbolic link to the \fBpvimg-create\fR(1) command.
Index: s390-tools-2.36.0/rust/pvimg/man/pvimg-create.1
===================================================================
--- s390-tools-2.36.0.orig/rust/pvimg/man/pvimg-create.1
+++ s390-tools-2.36.0/rust/pvimg/man/pvimg-create.1
@@ -122,7 +122,7 @@ Overwrite an existing Secure Execution b
.RE
.RE
.PP
-\-\-comm\-key <FILE>
+\-\-cck, \-\-comm\-key <FILE>
.RS 4
Use the content of FILE as the customer\-communication key (CCK). The file must
contain exactly 32 bytes of data.
@@ -132,7 +132,7 @@ contain exactly 32 bytes of data.
\-\-enable\-dump
.RS 4
Enable Secure Execution guest dump support. This option requires the
-\fB\-\-comm\-key\fR option.
+\fB\-\-cck\fR option.
.RE
.RE
.PP
@@ -145,8 +145,7 @@ Disable Secure Execution guest dump supp
\-\-enable\-cck\-extension\-secret
.RS 4
Add\-secret requests must provide an extension secret that matches the
-CCK\-derived extension secret. This option requires the \fB\-\-comm\-key\fR
-option.
+CCK\-derived extension secret. This option requires the \fB\-\-cck\fR option.
.RE
.RE
.PP
@@ -249,7 +248,7 @@ Generate an IBM Secure Execution image:
Generate an IBM Secure Execution image with Secure Execution guest dump support:
.PP
-.B pvimg create \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-comm\-key \fI\,comm-key\fR
+.B pvimg create \-i \fI\,/boot/vmlinuz\/\fR \-r \fI\,/boot/initrd.img\/\fR \-p \fI\,parmfile\/\fR \-k \fI\,host_key.crt\/\fR \-C \fI\,ibm-z-host-key-signing.crt\/\fR \-C \fI\,DigiCertCA.crt\fR \-o \fI\,/boot/secure-linux\/\fR \-\-enable\-dump \-\-cck \fI\,comm-key\fR
.SH NOTES
.IP "1." 4
The \fBgenprotimg\fR(1) command is a symbolic link to the \fBpvimg-create\fR(1) command.
Index: s390-tools-2.36.0/rust/pvimg/src/cli.rs
===================================================================
--- s390-tools-2.36.0.orig/rust/pvimg/src/cli.rs
+++ s390-tools-2.36.0/rust/pvimg/src/cli.rs
@@ -96,8 +96,8 @@ pub struct ComponentPaths {
#[command(group(ArgGroup::new("header-flags").multiple(true).conflicts_with_all(["x_pcf", "x_scf"])))]
pub struct CreateBootImageLegacyFlags {
/// Enable Secure Execution guest dump support. This option requires the
- /// '--comm-key' option.
- #[arg(long, action = clap::ArgAction::SetTrue, requires="comm_key", group="header-flags")]
+ /// '--cck' option.
+ #[arg(long, action = clap::ArgAction::SetTrue, requires="cck", group="header-flags")]
pub enable_dump: Option<bool>,
/// Disable Secure Execution guest dump support (default).
@@ -105,9 +105,9 @@ pub struct CreateBootImageLegacyFlags {
pub disable_dump: Option<bool>,
/// Add-secret requests must provide an extension secret that matches the
- /// CCK-derived extension secret. This option requires the '--comm-key'
+ /// CCK-derived extension secret. This option requires the '--cck'
/// option.
- #[arg(long, action = clap::ArgAction::SetTrue, requires="comm_key", group="header-flags")]
+ #[arg(long, action = clap::ArgAction::SetTrue, requires="cck", group="header-flags")]
pub enable_cck_extension_secret: Option<bool>,
/// Add-secret requests don't have to provide the CCK-derived extension
@@ -328,8 +328,8 @@ pub struct CreateBootImageArgs {
/// Use the content of FILE as the customer-communication key (CCK).
///
/// The file must contain exactly 32 bytes of data.
- #[arg(long, value_name = "FILE")]
- pub comm_key: Option<PathBuf>,
+ #[arg(long, value_name = "FILE", visible_alias = "comm-key")]
+ pub cck: Option<PathBuf>,
#[clap(flatten)]
pub legacy_flags: CreateBootImageLegacyFlags,
@@ -482,6 +482,8 @@ mod test {
flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]),
CliOption::new("comm-key", ["--comm-key", "/dev/null"])])),
flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]),
+ CliOption::new("comm-key", ["--cck", "/dev/null"])])),
+ flat_map_collect(insert(mvca.clone(), vec![CliOption::new("enable-dump", ["--enable-dump"]),
CliOption::new("comm-key", ["--comm-key", "/dev/null"])])),
flat_map_collect(insert(mvca.clone(), vec![CliOption::new("x-pcf", ["--x-pcf", "0x0"]),
CliOption::new("x-scf", ["--x-scf", "0x0"])])),
Index: s390-tools-2.36.0/rust/pvimg/src/cmd/create.rs
===================================================================
--- s390-tools-2.36.0.orig/rust/pvimg/src/cmd/create.rs
+++ s390-tools-2.36.0/rust/pvimg/src/cmd/create.rs
@@ -137,8 +137,7 @@ pub fn create(opt: &CreateBootImageArgs)
let verified_host_keys = opt
.certificate_args
.get_verified_hkds("Secure Execution image")?;
- let user_provided_keys =
- read_user_provided_keys(opt.comm_key.as_deref(), &opt.experimental_args)?;
+ let user_provided_keys = read_user_provided_keys(opt.cck.as_deref(), &opt.experimental_args)?;
let (plaintext_flags, secret_flags) = parse_flags(opt)?;
if plaintext_flags.is_set(PcfV1::NoComponentEncryption) {
Reference in New Issue View Git Blame Copy Permalink