- 论坛徽章:
- 0
|
We can use skeyctl to view and change settings related to storage key.
Usage: skeyctl [-D]
skeyctl [-h <nhkeys>] [-u <nukeys>/off] [-k on/off/default] [-x kkey ]
skeyctl [-v [now|default|boot]
where:
-h <nhkeys> # number of hardware keys (0, 2-31)
-u <nukeys> # number of user keys (2 - max. no. of hardware keys)
-u off # disable user keys
-k on/off # enable/disable kernel keys
-k default # set default kernel key state
-x <kkey> # kernel key mapped exclusively
to a hardware key
-D # use defaults
-v now # view current settings
-v default # view defaults
-v boot # view settings for next boot
Since I am only interested with kernel key state, I will just focus on it in following analysis.
> skeyctl -v now
Storage Key attributes for current boot session:
Max. number of hardware keys = 8
Number of hardware keys enabled = 8
Number of user keys = 2
Kernel keys state = enabled <==
Exclusive kernel key value = disabled
(0)> dw skey_kmode
skey_kmode+000000: 00000001 <== "skeyctl -v now" just reads skey_kmode from memory and display it.
>skeyctl -v boot
Storage Key attributes for next boot session:
Max. number of hardware keys = default
Number of hardware keys enabled = default
Number of user keys = default
Kernel keys state = disabled <==
Exclusive kernel key value = disabled
> odmget -q "attribute = storage_key_kmode" SWservAt
SWservAt:
attribute = "storage_key_kmode"
deflt = "-1"
value = "0" <== "skeyctl -v boot" read this value
"skeyctl -k" will write the value to SWservAt.
> skeyctl -k on
> odmget -q "attribute = storage_key_kmode" SWservAt
SWservAt:
attribute = "storage_key_kmode"
deflt = "-1"
value = "1" <== Now this value has been changed
> skeyctl -v boot
Storage Key attributes for next boot session:
Max. number of hardware keys = default
Number of hardware keys enabled = default
Number of user keys = default
Kernel keys state = enabled <==
Exclusive kernel key value = disabled
After using "skeyctl -k" we must run bosboot before reboot,
otherwise the changing will not happen.
That is why?
The answer is in /usr/sbin/bosboot.
We can find:
zap_var $kmode $sk_kmode $kmode_sz
The $kmode is skey_kmode, and $sk_kmode is the storage_key_kmode value in SWservAt.
So bosboot just use zap_var to change variable skey_kmode in kernel image.
Then how zap_var did it?
We can find it in bosboot:
integer -i10 byte_offset=$nm_offset-$vtr_int+$raw_int
> nm -X64 /unix | grep skey_kmode
skey_kmode D 45767764 4
so $nm_offset is 0x2BA5C54.
> dump -X64 -h /unix
/unix:
***Section Header Information***
Section Header for .data
PHYaddr VTRaddr SCTsiz RAWptr RELptr
0x02000000 0x02000000 0x00bad9b8 0x009f0288 0x01919ec4
So $vtr_int is 0x02000000 and $raw_int is 0x009f0288.
Thus byte_offset is 0x2BA5C54 - 0x02000000 + 0x009f0288 = 0x1595EDC.
Now we can check the skey_kmode in kernel image by ourselves:
> lquerypv -h /unix 0x1595EDC 4
01595ED0 00000000 00000000 FFFFFFFF FFFFFFFF <== default value is -1
We can extract kernel image from hd5 using blvinfo and check it:
> ./blvinfo -k /dev/hdisk0
> uncompress unix.Z
> lquerypv -h ./unix 0x1595EDC 4
01595ED0 00000000 00000000 FFFFFFFF 00000000 <== next boot skey_kmode is 0
we can change it and check again:
> skeyctl -k on
> bosboot -ad /dev/hdisk0
> ./blvinfo -k /dev/hdisk0
> uncompress unix.Z
> lquerypv -h ./unix 0x1595EDC 4
01595ED0 00000000 00000000 FFFFFFFF 00000001 <== next boot skey_kmode is changed to 1!
Note: the tool blvinfo can be downloaded in my blog:
https://www.ibm.com/developerwor ... s/aixworld/?lang=en
|
|