From: Collin Walling <walling@linux.ibm.com>
DIAG 508 subcode 1 performs signature-verification on signed components.
A signed component may be a Linux kernel image, or any other signed
binary. **Verification of initrd is not supported.**
The instruction call expects two item-pairs: an address of a device
component, an address of the analogous signature file (in PKCS#7 DER format),
and their respective lengths. All of this data should be encapsulated
within a Diag508SigVerifBlock.
The DIAG handler will read from the provided addresses
to retrieve the necessary data, parse the signature file, then
perform the signature-verification. Because there is no way to
correlate a specific certificate to a component, each certificate
in the store is tried until either verification succeeds, or all
certs have been exhausted.
The subcode value is denoted by setting the second-to-left-most bit of
a 2-byte field.
A return code of 1 indicates success, and the index and length of the
corresponding certificate will be set in the Diag508SigVerifBlock.
The following values indicate failure:
0x0102: certificate not available
0x0202: component data is invalid
0x0302: signature is not in PKCS#7 format
0x0402: signature-verification failed
0x0502: length of Diag508SigVerifBlock is invalid
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 5 ++
include/hw/s390x/ipl/diag508.h | 23 +++++++
target/s390x/diag.c | 115 +++++++++++++++++++++++++++++++-
3 files changed, 142 insertions(+), 1 deletion(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index 0919425e9a..eec368d17b 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -66,3 +66,8 @@ that requires assistance from QEMU.
Subcode 0 - query installed subcodes
Returns a 64-bit mask indicating which subcodes are supported.
+
+Subcode 1 - perform signature verification
+ Perform signature-verification on a signed component, using certificates
+ from the certificate store and leveraging qcrypto libraries to perform
+ this operation.
diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
index 6281ad8299..ad401cc867 100644
--- a/include/hw/s390x/ipl/diag508.h
+++ b/include/hw/s390x/ipl/diag508.h
@@ -11,5 +11,28 @@
#define S390X_DIAG508_H
#define DIAG_508_SUBC_QUERY_SUBC 0x0000
+#define DIAG_508_SUBC_SIG_VERIF 0x8000
+
+#define DIAG_508_RC_OK 0x0001
+#define DIAG_508_RC_NO_CERTS 0x0102
+#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
+#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
+#define DIAG_508_RC_FAIL_VERIF 0x0402
+#define DIAG_508_RC_INVAL_LEN 0x0502
+
+struct Diag508SigVerifBlock {
+ uint32_t length;
+ uint8_t reserved0[3];
+ uint8_t version;
+ uint32_t reserved[2];
+ uint8_t cert_store_index;
+ uint8_t reserved1[7];
+ uint64_t cert_len;
+ uint64_t comp_len;
+ uint64_t comp_addr;
+ uint64_t sig_len;
+ uint64_t sig_addr;
+};
+typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index ee64257dbc..379fb8f2b4 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -602,9 +602,112 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
}
}
+static int diag_508_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size)
+{
+ g_autofree uint8_t *sig_pem = NULL;
+ size_t sig_size_pem;
+ int rc;
+
+ /*
+ * PKCS#7 signature with DER format
+ * Convert to PEM format for signature verification
+ */
+ rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
+ if (rc < 0) {
+ return -1;
+ }
+
+ rc = qcrypto_x509_verify_sig(cert, cert_size,
+ comp, comp_size,
+ sig_pem, sig_size_pem, NULL);
+ if (rc < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
+ S390IPLCertificateStore *qcs)
+{
+ int rc;
+ int verified;
+ uint32_t svb_len;
+ uint64_t comp_len, comp_addr;
+ uint64_t sig_len, sig_addr;
+ g_autofree uint8_t *svb_comp = NULL;
+ g_autofree uint8_t *svb_sig = NULL;
+ g_autofree Diag508SigVerifBlock *svb = NULL;
+
+ if (!qcs || !qcs->count) {
+ return DIAG_508_RC_NO_CERTS;
+ }
+
+ svb = g_new0(Diag508SigVerifBlock, 1);
+ cpu_physical_memory_read(addr, svb, svb_size);
+
+ svb_len = be32_to_cpu(svb->length);
+ if (svb_len != svb_size) {
+ return DIAG_508_RC_INVAL_LEN;
+ }
+
+ comp_len = be64_to_cpu(svb->comp_len);
+ comp_addr = be64_to_cpu(svb->comp_addr);
+ sig_len = be64_to_cpu(svb->sig_len);
+ sig_addr = be64_to_cpu(svb->sig_addr);
+
+ if (!comp_len || !comp_addr) {
+ return DIAG_508_RC_INVAL_COMP_DATA;
+ }
+
+ if (!sig_len || !sig_addr) {
+ return DIAG_508_RC_INVAL_PKCS7_SIG;
+ }
+
+ svb_comp = g_malloc0(comp_len);
+ cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
+
+ svb_sig = g_malloc0(sig_len);
+ cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
+
+ rc = DIAG_508_RC_FAIL_VERIF;
+ /*
+ * It is uncertain which certificate contains
+ * the analogous key to verify the signed data
+ *
+ * Ignore errors from signature format convertion and verification,
+ * because currently in the certificate lookup process.
+ *
+ * Any error is treated as a verification failure,
+ * and the final result (verified or not) will be reported later.
+ */
+ for (int i = 0; i < qcs->count; i++) {
+ verified = diag_508_verify_sig(qcs->certs[i].raw,
+ qcs->certs[i].size,
+ svb_comp, comp_len,
+ svb_sig, sig_len);
+ if (verified == 0) {
+ svb->cert_store_index = i;
+ svb->cert_len = cpu_to_be64(qcs->certs[i].der_size);
+ cpu_physical_memory_write(addr, svb, be32_to_cpu(svb_size));
+ rc = DIAG_508_RC_OK;
+ break;
+ }
+ }
+
+ return rc;
+}
+
+QEMU_BUILD_BUG_MSG(sizeof(Diag508SigVerifBlock) != 64,
+ "size of Diag508SigVerifBlock is wrong");
+
void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
+ S390IPLCertificateStore *qcs = s390_ipl_get_certificate_store();
uint64_t subcode = env->regs[r3];
+ uint64_t addr = env->regs[r1];
int rc;
if (env->psw.mask & PSW_MASK_PSTATE) {
@@ -619,7 +722,17 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
switch (subcode) {
case DIAG_508_SUBC_QUERY_SUBC:
- rc = 0;
+ rc = DIAG_508_SUBC_SIG_VERIF;
+ break;
+ case DIAG_508_SUBC_SIG_VERIF:
+ size_t svb_size = sizeof(Diag508SigVerifBlock);
+
+ if (!diag_parm_addr_valid(addr, svb_size, true)) {
+ s390_program_interrupt(env, PGM_ADDRESSING, ra);
+ return;
+ }
+
+ rc = handle_diag508_sig_verif(addr, svb_size, qcs);
break;
default:
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
--
2.50.1On 9/17/25 19:21, Zhuoying Cai wrote:
Just some nits below based on how far along this patch has come.
> From: Collin Walling <walling@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
The initrd case should be included in the document as well for subcode 1.
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 DER format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SigVerifBlock.
>
> The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
Remove the sentence above. As for the info below, it should also be
included in the document under subcode 1.
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the Diag508SigVerifBlock.
> The following values indicate failure:
>
> 0x0102: certificate not available
Change to: no certificates are available in the store
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
> 0x0502: length of Diag508SigVerifBlock is invalid
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 5 ++
> include/hw/s390x/ipl/diag508.h | 23 +++++++
> target/s390x/diag.c | 115 +++++++++++++++++++++++++++++++-
> 3 files changed, 142 insertions(+), 1 deletion(-)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 0919425e9a..eec368d17b 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -66,3 +66,8 @@ that requires assistance from QEMU.
>
> Subcode 0 - query installed subcodes
> Returns a 64-bit mask indicating which subcodes are supported.
> +
> +Subcode 1 - perform signature verification
> + Perform signature-verification on a signed component, using certificates
> + from the certificate store and leveraging qcrypto libraries to perform
> + this operation.
> diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
> index 6281ad8299..ad401cc867 100644
> --- a/include/hw/s390x/ipl/diag508.h
> +++ b/include/hw/s390x/ipl/diag508.h
> @@ -11,5 +11,28 @@
> #define S390X_DIAG508_H
>
> #define DIAG_508_SUBC_QUERY_SUBC 0x0000
> +#define DIAG_508_SUBC_SIG_VERIF 0x8000
> +
> +#define DIAG_508_RC_OK 0x0001
> +#define DIAG_508_RC_NO_CERTS 0x0102
> +#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
> +#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
> +#define DIAG_508_RC_FAIL_VERIF 0x0402
> +#define DIAG_508_RC_INVAL_LEN 0x0502
> +
> +struct Diag508SigVerifBlock {
> + uint32_t length;
> + uint8_t reserved0[3];
> + uint8_t version;
> + uint32_t reserved[2];
> + uint8_t cert_store_index;
> + uint8_t reserved1[7];
> + uint64_t cert_len;
> + uint64_t comp_len;
> + uint64_t comp_addr;
> + uint64_t sig_len;
> + uint64_t sig_addr;
> +};
> +typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
>
> #endif
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index ee64257dbc..379fb8f2b4 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -602,9 +602,112 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> }
> }
>
> +static int diag_508_verify_sig(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size)
> +{
> + g_autofree uint8_t *sig_pem = NULL;
> + size_t sig_size_pem;
> + int rc;
> +
> + /*
> + * PKCS#7 signature with DER format
> + * Convert to PEM format for signature verification
> + */
> + rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + rc = qcrypto_x509_verify_sig(cert, cert_size,
> + comp, comp_size,
> + sig_pem, sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
> + S390IPLCertificateStore *qcs)
> +{
> + int rc;
> + int verified;
> + uint32_t svb_len;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + g_autofree uint8_t *svb_comp = NULL;
> + g_autofree uint8_t *svb_sig = NULL;
nit: maybe just call these comp and sig?
> + g_autofree Diag508SigVerifBlock *svb = NULL;
> +
> + if (!qcs || !qcs->count) {
> + return DIAG_508_RC_NO_CERTS;
> + }
> +
> + svb = g_new0(Diag508SigVerifBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + svb_len = be32_to_cpu(svb->length);
> + if (svb_len != svb_size) {
> + return DIAG_508_RC_INVAL_LEN;
> + }
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + return DIAG_508_RC_INVAL_COMP_DATA;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + return DIAG_508_RC_INVAL_PKCS7_SIG;
> + }
> +
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + *
> + * Ignore errors from signature format convertion and verification,
> + * because currently in the certificate lookup process.
> + *
> + * Any error is treated as a verification failure,
> + * and the final result (verified or not) will be reported later.
> + */
I think these comments may now be rendered redundant, now with the
for-loop significantly simplified since it was originally put in place.
You can remove them.
As for mentioning how errors are handled, you could put that comment in
diag_508_verify_sig since that's where the errors are being ignored.
> + for (int i = 0; i < qcs->count; i++) {
> + verified = diag_508_verify_sig(qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len);
> + if (verified == 0) {
> + svb->cert_store_index = i;
> + svb->cert_len = cpu_to_be64(qcs->certs[i].der_size);
> + cpu_physical_memory_write(addr, svb, be32_to_cpu(svb_size));
> + rc = DIAG_508_RC_OK;
Could just return DIAG_508_RC_OK...
> + break;
> + }
> + }
> +
> + return rc;
...and here return DIAG_508_RC_FAIL_VERIF
Then get rid of rc.
> +}
> +
> +QEMU_BUILD_BUG_MSG(sizeof(Diag508SigVerifBlock) != 64,
> + "size of Diag508SigVerifBlock is wrong");
> +
> void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> {
> + S390IPLCertificateStore *qcs = s390_ipl_get_certificate_store();
Move this line into handle_diag508_sig_verif() and remove the qcs param
from the function.
> uint64_t subcode = env->regs[r3];
> + uint64_t addr = env->regs[r1];
> int rc;
>
> if (env->psw.mask & PSW_MASK_PSTATE) {
> @@ -619,7 +722,17 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
>
> switch (subcode) {
> case DIAG_508_SUBC_QUERY_SUBC:
> - rc = 0;
> + rc = DIAG_508_SUBC_SIG_VERIF;
> + break;
> + case DIAG_508_SUBC_SIG_VERIF:
> + size_t svb_size = sizeof(Diag508SigVerifBlock);
Since svb_size is only passed to the functions below, maybe just use
sizeof inline and then you can remove another param from
handle_diag508_sig_verif()? It should fit nicely now that the struct is
less verbose.
> +
> + if (!diag_parm_addr_valid(addr, sizeof(Diag508SigVerifBlock), true)) {
> + s390_program_interrupt(env, PGM_ADDRESSING, ra);
> + return;
> + }
> +
> + rc = handle_diag508_sig_verif(addr, svb_size, qcs);
> break;
> default:
> s390_program_interrupt(env, PGM_SPECIFICATION, ra);
--
Regards,
Collin
On 18/09/2025 01.21, Zhuoying Cai wrote:
> From: Collin Walling <walling@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 DER format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SigVerifBlock.
>
> The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the Diag508SigVerifBlock.
> The following values indicate failure:
>
> 0x0102: certificate not available
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
> 0x0502: length of Diag508SigVerifBlock is invalid
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 5 ++
> include/hw/s390x/ipl/diag508.h | 23 +++++++
> target/s390x/diag.c | 115 +++++++++++++++++++++++++++++++-
> 3 files changed, 142 insertions(+), 1 deletion(-)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 0919425e9a..eec368d17b 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -66,3 +66,8 @@ that requires assistance from QEMU.
>
> Subcode 0 - query installed subcodes
> Returns a 64-bit mask indicating which subcodes are supported.
> +
> +Subcode 1 - perform signature verification
> + Perform signature-verification on a signed component, using certificates
> + from the certificate store and leveraging qcrypto libraries to perform
> + this operation.
> diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
> index 6281ad8299..ad401cc867 100644
> --- a/include/hw/s390x/ipl/diag508.h
> +++ b/include/hw/s390x/ipl/diag508.h
> @@ -11,5 +11,28 @@
> #define S390X_DIAG508_H
>
> #define DIAG_508_SUBC_QUERY_SUBC 0x0000
> +#define DIAG_508_SUBC_SIG_VERIF 0x8000
> +
> +#define DIAG_508_RC_OK 0x0001
> +#define DIAG_508_RC_NO_CERTS 0x0102
> +#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
> +#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
> +#define DIAG_508_RC_FAIL_VERIF 0x0402
> +#define DIAG_508_RC_INVAL_LEN 0x0502
> +
> +struct Diag508SigVerifBlock {
> + uint32_t length;
> + uint8_t reserved0[3];
> + uint8_t version;
> + uint32_t reserved[2];
> + uint8_t cert_store_index;
> + uint8_t reserved1[7];
> + uint64_t cert_len;
> + uint64_t comp_len;
> + uint64_t comp_addr;
> + uint64_t sig_len;
> + uint64_t sig_addr;
> +};
> +typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
>
> #endif
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index ee64257dbc..379fb8f2b4 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -602,9 +602,112 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> }
> }
>
> +static int diag_508_verify_sig(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size)
> +{
> + g_autofree uint8_t *sig_pem = NULL;
> + size_t sig_size_pem;
> + int rc;
> +
> + /*
> + * PKCS#7 signature with DER format
> + * Convert to PEM format for signature verification
> + */
> + rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + rc = qcrypto_x509_verify_sig(cert, cert_size,
> + comp, comp_size,
> + sig_pem, sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
> + S390IPLCertificateStore *qcs)
> +{
> + int rc;
> + int verified;
> + uint32_t svb_len;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + g_autofree uint8_t *svb_comp = NULL;
> + g_autofree uint8_t *svb_sig = NULL;
> + g_autofree Diag508SigVerifBlock *svb = NULL;
> +
> + if (!qcs || !qcs->count) {
> + return DIAG_508_RC_NO_CERTS;
> + }
> +
> + svb = g_new0(Diag508SigVerifBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + svb_len = be32_to_cpu(svb->length);
> + if (svb_len != svb_size) {
> + return DIAG_508_RC_INVAL_LEN;
> + }
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + return DIAG_508_RC_INVAL_COMP_DATA;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + return DIAG_508_RC_INVAL_PKCS7_SIG;
> + }
I think there should also be something like an upper limit for comp_len and
sign_len here. Otherwise a malicious guest could force QEMU into allocating
giga- or terabytes of memory here to cause out-of-memory situations in the host.
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + *
> + * Ignore errors from signature format convertion and verification,
> + * because currently in the certificate lookup process.
The second half of above sentence looks incomplete?
> + *
> + * Any error is treated as a verification failure,
> + * and the final result (verified or not) will be reported later.
> + */
> + for (int i = 0; i < qcs->count; i++) {
> + verified = diag_508_verify_sig(qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len);
> + if (verified == 0) {
> + svb->cert_store_index = i;
> + svb->cert_len = cpu_to_be64(qcs->certs[i].der_size);
> + cpu_physical_memory_write(addr, svb, be32_to_cpu(svb_size));
> + rc = DIAG_508_RC_OK;
> + break;
> + }
> + }
> +
> + return rc;
> +}
Thomas
On 10/7/25 6:27 AM, Thomas Huth wrote:
> On 18/09/2025 01.21, Zhuoying Cai wrote:
>> From: Collin Walling <walling@linux.ibm.com>
>>
>> DIAG 508 subcode 1 performs signature-verification on signed components.
>> A signed component may be a Linux kernel image, or any other signed
>> binary. **Verification of initrd is not supported.**
>>
>> The instruction call expects two item-pairs: an address of a device
>> component, an address of the analogous signature file (in PKCS#7 DER format),
>> and their respective lengths. All of this data should be encapsulated
>> within a Diag508SigVerifBlock.
>>
>> The DIAG handler will read from the provided addresses
>> to retrieve the necessary data, parse the signature file, then
>> perform the signature-verification. Because there is no way to
>> correlate a specific certificate to a component, each certificate
>> in the store is tried until either verification succeeds, or all
>> certs have been exhausted.
>>
>> The subcode value is denoted by setting the second-to-left-most bit of
>> a 2-byte field.
>>
>> A return code of 1 indicates success, and the index and length of the
>> corresponding certificate will be set in the Diag508SigVerifBlock.
>> The following values indicate failure:
>>
>> 0x0102: certificate not available
>> 0x0202: component data is invalid
>> 0x0302: signature is not in PKCS#7 format
>> 0x0402: signature-verification failed
>> 0x0502: length of Diag508SigVerifBlock is invalid
>>
>> Signed-off-by: Collin Walling <walling@linux.ibm.com>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
[...]
>> +
>> +static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
>> + S390IPLCertificateStore *qcs)
>> +{
>> + int rc;
>> + int verified;
>> + uint32_t svb_len;
>> + uint64_t comp_len, comp_addr;
>> + uint64_t sig_len, sig_addr;
>> + g_autofree uint8_t *svb_comp = NULL;
>> + g_autofree uint8_t *svb_sig = NULL;
>> + g_autofree Diag508SigVerifBlock *svb = NULL;
>> +
>> + if (!qcs || !qcs->count) {
>> + return DIAG_508_RC_NO_CERTS;
>> + }
>> +
>> + svb = g_new0(Diag508SigVerifBlock, 1);
>> + cpu_physical_memory_read(addr, svb, svb_size);
>> +
>> + svb_len = be32_to_cpu(svb->length);
>> + if (svb_len != svb_size) {
>> + return DIAG_508_RC_INVAL_LEN;
>> + }
>> +
>> + comp_len = be64_to_cpu(svb->comp_len);
>> + comp_addr = be64_to_cpu(svb->comp_addr);
>> + sig_len = be64_to_cpu(svb->sig_len);
>> + sig_addr = be64_to_cpu(svb->sig_addr);
>> +
>> + if (!comp_len || !comp_addr) {
>> + return DIAG_508_RC_INVAL_COMP_DATA;
>> + }
>> +
>> + if (!sig_len || !sig_addr) {
>> + return DIAG_508_RC_INVAL_PKCS7_SIG;
>> + }
>
> I think there should also be something like an upper limit for comp_len and
> sign_len here. Otherwise a malicious guest could force QEMU into allocating
> giga- or terabytes of memory here to cause out-of-memory situations in the host.
>
Thank you for the suggestion. I agree that setting an upper limit would
help prevent unreasonable memory requests. I think it makes sense to
choose a reasonable value so we don't have to adjust it too often, but
I'm not entirely sure how to determine an appropriate upper bound.
Re: sig_len - the signature length can vary depending on the
cryptographic algorithm, and I don't believe there's a strict limit.
(FYI, in a somewhat similar situation, we haven't enforced a maximum
size on certificate files when loading them into memory, since they're
assumed to be trusted, as Daniel previously suggested -
https://lists.gnu.org/archive/html/qemu-s390x/2025-06/msg00049.html).
If we'd like to set an upper limit for sig_len, the largest signature
I've tested is 1165 bytes, signed with an RSA certificate using an
8192-bit key. Would 4096 be a reasonable upper bound?
Re: comp_len - the size of the guest kernel I'm currently using is
14,184,448 (0xD87000). When I built a kernel with make allyesconfig, the
size can reach 261,005,383 (0xF8EA047). Based on this value, would
262,000,000 (0xF9DCD80) an appropriate upper limit?
>> + svb_comp = g_malloc0(comp_len);
>> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
>> +
>> + svb_sig = g_malloc0(sig_len);
>> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
>> +
>> + rc = DIAG_508_RC_FAIL_VERIF;
>> + /*
>> + * It is uncertain which certificate contains
>> + * the analogous key to verify the signed data
>> + *
>> + * Ignore errors from signature format convertion and verification,
>> + * because currently in the certificate lookup process.
>
> The second half of above sentence looks incomplete?
>
>> + *
>> + * Any error is treated as a verification failure,
>> + * and the final result (verified or not) will be reported later.
>> + */
>> + for (int i = 0; i < qcs->count; i++) {
>> + verified = diag_508_verify_sig(qcs->certs[i].raw,
>> + qcs->certs[i].size,
>> + svb_comp, comp_len,
>> + svb_sig, sig_len);
>> + if (verified == 0) {
>> + svb->cert_store_index = i;
>> + svb->cert_len = cpu_to_be64(qcs->certs[i].der_size);
>> + cpu_physical_memory_write(addr, svb, be32_to_cpu(svb_size));
>> + rc = DIAG_508_RC_OK;
>> + break;
>> + }
>> + }
>> +
>> + return rc;
>> +}
>
> Thomas
>
On 10/10/2025 18.37, Zhuoying Cai wrote:
> On 10/7/25 6:27 AM, Thomas Huth wrote:
>> On 18/09/2025 01.21, Zhuoying Cai wrote:
>>> From: Collin Walling <walling@linux.ibm.com>
>>>
>>> DIAG 508 subcode 1 performs signature-verification on signed components.
>>> A signed component may be a Linux kernel image, or any other signed
>>> binary. **Verification of initrd is not supported.**
>>>
>>> The instruction call expects two item-pairs: an address of a device
>>> component, an address of the analogous signature file (in PKCS#7 DER format),
>>> and their respective lengths. All of this data should be encapsulated
>>> within a Diag508SigVerifBlock.
>>>
>>> The DIAG handler will read from the provided addresses
>>> to retrieve the necessary data, parse the signature file, then
>>> perform the signature-verification. Because there is no way to
>>> correlate a specific certificate to a component, each certificate
>>> in the store is tried until either verification succeeds, or all
>>> certs have been exhausted.
>>>
>>> The subcode value is denoted by setting the second-to-left-most bit of
>>> a 2-byte field.
>>>
>>> A return code of 1 indicates success, and the index and length of the
>>> corresponding certificate will be set in the Diag508SigVerifBlock.
>>> The following values indicate failure:
>>>
>>> 0x0102: certificate not available
>>> 0x0202: component data is invalid
>>> 0x0302: signature is not in PKCS#7 format
>>> 0x0402: signature-verification failed
>>> 0x0502: length of Diag508SigVerifBlock is invalid
>>>
>>> Signed-off-by: Collin Walling <walling@linux.ibm.com>
>>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>
> [...]
>
>>> +
>>> +static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
>>> + S390IPLCertificateStore *qcs)
>>> +{
>>> + int rc;
>>> + int verified;
>>> + uint32_t svb_len;
>>> + uint64_t comp_len, comp_addr;
>>> + uint64_t sig_len, sig_addr;
>>> + g_autofree uint8_t *svb_comp = NULL;
>>> + g_autofree uint8_t *svb_sig = NULL;
>>> + g_autofree Diag508SigVerifBlock *svb = NULL;
>>> +
>>> + if (!qcs || !qcs->count) {
>>> + return DIAG_508_RC_NO_CERTS;
>>> + }
>>> +
>>> + svb = g_new0(Diag508SigVerifBlock, 1);
>>> + cpu_physical_memory_read(addr, svb, svb_size);
>>> +
>>> + svb_len = be32_to_cpu(svb->length);
>>> + if (svb_len != svb_size) {
>>> + return DIAG_508_RC_INVAL_LEN;
>>> + }
>>> +
>>> + comp_len = be64_to_cpu(svb->comp_len);
>>> + comp_addr = be64_to_cpu(svb->comp_addr);
>>> + sig_len = be64_to_cpu(svb->sig_len);
>>> + sig_addr = be64_to_cpu(svb->sig_addr);
>>> +
>>> + if (!comp_len || !comp_addr) {
>>> + return DIAG_508_RC_INVAL_COMP_DATA;
>>> + }
>>> +
>>> + if (!sig_len || !sig_addr) {
>>> + return DIAG_508_RC_INVAL_PKCS7_SIG;
>>> + }
>>
>> I think there should also be something like an upper limit for comp_len and
>> sign_len here. Otherwise a malicious guest could force QEMU into allocating
>> giga- or terabytes of memory here to cause out-of-memory situations in the host.
>>
>
> Thank you for the suggestion. I agree that setting an upper limit would
> help prevent unreasonable memory requests. I think it makes sense to
> choose a reasonable value so we don't have to adjust it too often, but
> I'm not entirely sure how to determine an appropriate upper bound.
>
> Re: sig_len - the signature length can vary depending on the
> cryptographic algorithm, and I don't believe there's a strict limit.
> (FYI, in a somewhat similar situation, we haven't enforced a maximum
> size on certificate files when loading them into memory, since they're
> assumed to be trusted, as Daniel previously suggested -
> https://lists.gnu.org/archive/html/qemu-s390x/2025-06/msg00049.html).
>
> If we'd like to set an upper limit for sig_len, the largest signature
> I've tested is 1165 bytes, signed with an RSA certificate using an
> 8192-bit key. Would 4096 be a reasonable upper bound?
Sounds reasonable, yes.
> Re: comp_len - the size of the guest kernel I'm currently using is
> 14,184,448 (0xD87000). When I built a kernel with make allyesconfig, the
> size can reach 261,005,383 (0xF8EA047). Based on this value, would
> 262,000,000 (0xF9DCD80) an appropriate upper limit?
Make it 0x10000000 = 268435456 Bytes, that feels like a round boundary ;-)
Thomas
On 9/17/2025 4:21 PM, Zhuoying Cai wrote:
> From: Collin Walling <walling@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 DER format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SigVerifBlock.
>
> The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the Diag508SigVerifBlock.
> The following values indicate failure:
>
> 0x0102: certificate not available
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
> 0x0502: length of Diag508SigVerifBlock is invalid
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 5 ++
> include/hw/s390x/ipl/diag508.h | 23 +++++++
> target/s390x/diag.c | 115 +++++++++++++++++++++++++++++++-
> 3 files changed, 142 insertions(+), 1 deletion(-)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 0919425e9a..eec368d17b 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -66,3 +66,8 @@ that requires assistance from QEMU.
>
> Subcode 0 - query installed subcodes
> Returns a 64-bit mask indicating which subcodes are supported.
> +
> +Subcode 1 - perform signature verification
> + Perform signature-verification on a signed component, using certificates
> + from the certificate store and leveraging qcrypto libraries to perform
> + this operation.
> diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
> index 6281ad8299..ad401cc867 100644
> --- a/include/hw/s390x/ipl/diag508.h
> +++ b/include/hw/s390x/ipl/diag508.h
> @@ -11,5 +11,28 @@
> #define S390X_DIAG508_H
>
> #define DIAG_508_SUBC_QUERY_SUBC 0x0000
> +#define DIAG_508_SUBC_SIG_VERIF 0x8000
> +
> +#define DIAG_508_RC_OK 0x0001
> +#define DIAG_508_RC_NO_CERTS 0x0102
> +#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
> +#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
> +#define DIAG_508_RC_FAIL_VERIF 0x0402
> +#define DIAG_508_RC_INVAL_LEN 0x0502
> +
> +struct Diag508SigVerifBlock {
> + uint32_t length;
> + uint8_t reserved0[3];
> + uint8_t version;
> + uint32_t reserved[2];
> + uint8_t cert_store_index;
> + uint8_t reserved1[7];
> + uint64_t cert_len;
> + uint64_t comp_len;
> + uint64_t comp_addr;
> + uint64_t sig_len;
> + uint64_t sig_addr;
> +};
> +typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
>
> #endif
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index ee64257dbc..379fb8f2b4 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -602,9 +602,112 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> }
> }
>
> +static int diag_508_verify_sig(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size)
Nit we could change the function definition from an int to bool, this
would make reading easier.
> +{
> + g_autofree uint8_t *sig_pem = NULL;
> + size_t sig_size_pem;
> + int rc;
> +
> + /*
> + * PKCS#7 signature with DER format
> + * Convert to PEM format for signature verification
> + */
> + rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + rc = qcrypto_x509_verify_sig(cert, cert_size,
> + comp, comp_size,
> + sig_pem, sig_size_pem, NULL);
> + if (rc < 0) {
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +static int handle_diag508_sig_verif(uint64_t addr, size_t svb_size,
> + S390IPLCertificateStore *qcs)
> +{
> + int rc;
> + int verified;
> + uint32_t svb_len;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + g_autofree uint8_t *svb_comp = NULL;
> + g_autofree uint8_t *svb_sig = NULL;
> + g_autofree Diag508SigVerifBlock *svb = NULL;
> +
> + if (!qcs || !qcs->count) {
> + return DIAG_508_RC_NO_CERTS;
> + }
> +
> + svb = g_new0(Diag508SigVerifBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + svb_len = be32_to_cpu(svb->length);
> + if (svb_len != svb_size) {
> + return DIAG_508_RC_INVAL_LEN;
> + }
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + return DIAG_508_RC_INVAL_COMP_DATA;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + return DIAG_508_RC_INVAL_PKCS7_SIG;
> + }
> +
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + *
> + * Ignore errors from signature format convertion and verification,
> + * because currently in the certificate lookup process.
> + *
> + * Any error is treated as a verification failure,
> + * and the final result (verified or not) will be reported later.
> + */
> + for (int i = 0; i < qcs->count; i++) {
> + verified = diag_508_verify_sig(qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len);
> + if (verified == 0) {
> + svb->cert_store_index = i;
> + svb->cert_len = cpu_to_be64(qcs->certs[i].der_size);
> + cpu_physical_memory_write(addr, svb, be32_to_cpu(svb_size));
Converting svb_size looks incorrect, shouldn't we just write svb_size
bytes?
Thanks
Farhan
© 2016 - 2025 Red Hat, Inc.