Changes in sysfs-secvar en Copyright 2015 Java ccadf154 - powerpc/pseries: Implement secvars for dynamic secure boot http://172.16.0.5:8080/history/linux-6.15/Documentation/ABI/testing/sysfs-secvar#ccadf154 powerpc/pseries: Implement secvars for dynamic secure bootThe pseries platform can support dynamic secure boot (i.e. secure bootusing user-defined keys) using variables contained with the PowerVM LPARPlatform KeyStore (PLPKS). Using the powerpc secvar API, expose therelevant variables for pseries dynamic secure boot through the existingsecvar filesystem layout.The relevant variables for dynamic secure boot are signed in thekeystore, and can only be modified using the H_PKS_SIGNED_UPDATE hcall.Object labels in the keystore are encoded using ucs2 format. With ourfixed variable names we don't have to care about encoding outside of thenecessary byte padding.When a user writes to a variable, the first 8 bytes of data must containthe signed update flags as defined by the hypervisor.When a user reads a variable, the first 4 bytes of data contain thepolicies defined for the object.Limitations exist due to the underlying implementation of sysfs binaryattributes, as is the case for the OPAL secvar implementation -partial writes are unsupported and writes cannot be larger than PAGE_SIZE.(Even when using bin_attributes, which can be larger than a single page,sysfs only gives us one page's worth of write buffer at a time, and thehypervisor does not expose an interface for partial writes.)Co-developed-by: Nayna Jain <nayna@linux.ibm.com>Signed-off-by: Nayna Jain <nayna@linux.ibm.com>Co-developed-by: Andrew Donnellan <ajd@linux.ibm.com>Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>Signed-off-by: Russell Currey <ruscur@russell.cc>[mpe: Add NLS dependency to fix build errors, squash fix from ajd]Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>Link: https://lore.kernel.org/r/20230210080401.345462-25-ajd@linux.ibm.com List of files: /linux-6.15/Documentation/ABI/testing/sysfs-secvar Fri, 10 Feb 2023 08:03:59 +0000 Russell Currey <ruscur@russell.cc> bd5d9c74 - powerpc: expose secure variables to userspace via sysfs http://172.16.0.5:8080/history/linux-6.15/Documentation/ABI/testing/sysfs-secvar#bd5d9c74 powerpc: expose secure variables to userspace via sysfsPowerNV secure variables, which store the keys used for OS kernelverification, are managed by the firmware. These secure variables need tobe accessed by the userspace for addition/deletion of the certificates.This patch adds the sysfs interface to expose secure variables for PowerNVsecureboot. The users shall use this interface for manipulatingthe keys stored in the secure variables.Signed-off-by: Nayna Jain <nayna@linux.ibm.com>Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>Signed-off-by: Eric Richter <erichte@linux.ibm.com>Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>Link: https://lore.kernel.org/r/1573441836-3632-3-git-send-email-nayna@linux.ibm.com List of files: /linux-6.15/Documentation/ABI/testing/sysfs-secvar Mon, 11 Nov 2019 03:10:34 +0000 Nayna Jain <nayna@linux.ibm.com>