mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/arch/powerpc/platforms/powernv
History
Michael Ellerman d34a5709be Merge branch 'topic/secureboot' into next 
Merge the secureboot support, as well as the IMA changes needed to
support it.

From Nayna's cover letter:
  In order to verify the OS kernel on PowerNV systems, secure boot
  requires X.509 certificates trusted by the platform. These are
  stored in secure variables controlled by OPAL, called OPAL secure
  variables. In order to enable users to manage the keys, the secure
  variables need to be exposed to userspace.

  OPAL provides the runtime services for the kernel to be able to
  access the secure variables. This patchset defines the kernel
  interface for the OPAL APIs. These APIs are used by the hooks, which
  load these variables to the keyring and expose them to the userspace
  for reading/writing.

  Overall, this patchset adds the following support:
    * expose secure variables to the kernel via OPAL Runtime API interface
    * expose secure variables to the userspace via kernel sysfs interface
    * load kernel verification and revocation keys to .platform and
      .blacklist keyring respectively.

  The secure variables can be read/written using simple linux
  utilities cat/hexdump.

  For example:
  Path to the secure variables is: /sys/firmware/secvar/vars

    Each secure variable is listed as directory.
    $ ls -l
    total 0
    drwxr-xr-x. 2 root root 0 Aug 20 21:20 db
    drwxr-xr-x. 2 root root 0 Aug 20 21:20 KEK
    drwxr-xr-x. 2 root root 0 Aug 20 21:20 PK

  The attributes of each of the secure variables are (for example: PK):
    $ ls -l
    total 0
    -r--r--r--. 1 root root  4096 Oct  1 15:10 data
    -r--r--r--. 1 root root 65536 Oct  1 15:10 size
    --w-------. 1 root root  4096 Oct  1 15:12 update

  The "data" is used to read the existing variable value using
  hexdump. The data is stored in ESL format. The "update" is used to
  write a new value using cat. The update is to be submitted as AUTH
  file.
 		2019-11-13 16:55:50 +11:00
..
Kconfig powerpc/powernv: Move SCOM access code into powernv platform 2019-08-05 18:53:03 +10:00
Makefile powerpc/powernv: Add OPAL API interface to access secure variable 2019-11-13 00:33:22 +11:00
copy-paste.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
eeh-powernv.c powerpc/powernv/eeh: Fix oops when probing cxl devices 2019-10-25 22:08:50 +11:00
idle.c powerpc/powernv: Access LDBAR only if ultravisor disabled 2019-08-30 09:40:16 +10:00
memtrace.c mm/memory_hotplug: rename walk_memory_range() and pass start+size instead of pfns 2019-07-18 17:08:06 -07:00
npu-dma.c powerpc/powernv: Fix build with IOMMU_API=n 2019-09-14 00:03:00 +10:00
ocxl.c ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action 2018-06-03 20:40:32 +10:00
opal-async.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-call.c powerpc/powernv: Add OPAL API interface to access secure variable 2019-11-13 00:33:22 +11:00
opal-core.c powerpc/opalcore: provide an option to invalidate /sys/firmware/opal/core file 2019-09-14 00:04:45 +10:00
opal-dump.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-elog.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-fadump.c powerpc/fadump: support holes in kernel boot memory area 2019-09-14 00:04:46 +10:00
opal-fadump.h powerpc/fadump: support holes in kernel boot memory area 2019-09-14 00:04:46 +10:00
opal-flash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-hmi.c powerpc/powernv: Show checkstop reason for NPU2 HMIs 2019-06-02 19:39:36 +10:00
opal-imc.c powerpc/imc: Dont create debugfs files for cpu-less nodes 2019-09-05 14:22:41 +10:00
opal-irqchip.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-kmsg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-lpc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-memory-errors.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
opal-msglog.c powerpc/powernv/opal-msglog: Refactor memcons code 2019-08-30 09:40:16 +10:00
opal-nvram.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-power.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-powercap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-prd.c powerpc/powernv: Add new opal message type 2019-09-12 09:27:00 +10:00
opal-psr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-rtc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-secvar.c powerpc/powernv: Add OPAL API interface to access secure variable 2019-11-13 00:33:22 +11:00
opal-sensor-groups.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-sensor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
opal-sysparam.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
opal-tracepoints.c jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
opal-wrappers.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
opal-xscom.c powerpc/powernv: Fix checkpatch warnings in opal-xscom.c 2019-08-05 18:53:03 +10:00
opal.c Merge branch 'topic/secureboot' into next 2019-11-13 16:55:50 +11:00
pci-cxl.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pci-ioda-tce.c powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window 2019-08-19 13:20:23 +10:00
pci-ioda.c Merge branch 'topic/ppc-kvm' into next 2019-08-30 09:52:57 +10:00
pci.c pci-hotplug/pnv_php: Add support for IODA3 Power9 PHBs 2019-09-05 14:22:39 +10:00
pci.h powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window 2019-08-19 13:20:23 +10:00
powernv.h powerpc/powernv: Add ultravisor message log interface 2019-08-30 09:40:16 +10:00
rng.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
setup.c powerpc/64s/powernv: machine check dump SLB contents 2019-08-30 10:32:35 +10:00
smp.c powerpc/powernv: Fix CPU idle to be called with IRQs disabled 2019-10-29 21:47:01 +11:00
subcore-asm.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
subcore.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
subcore.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ultravisor.c powerpc/powernv: Add ultravisor message log interface 2019-08-30 09:40:16 +10:00
vas-debug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
vas-trace.h powerpc/vas: Add a couple of trace points 2018-03-14 20:13:58 +11:00
vas-window.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
vas.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
vas.h powerpc updates for 5.3 2019-07-13 16:08:36 -07:00