From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9333FC31E50 for ; Sun, 16 Jun 2019 23:56:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6801620818 for ; Sun, 16 Jun 2019 23:56:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=axtens.net header.i=@axtens.net header.b="mjFgfEh9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727322AbfFPX4L (ORCPT ); Sun, 16 Jun 2019 19:56:11 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:36111 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726069AbfFPX4L (ORCPT ); Sun, 16 Jun 2019 19:56:11 -0400 Received: by mail-pg1-f193.google.com with SMTP id f21so4728617pgi.3 for ; Sun, 16 Jun 2019 16:56:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=eKbpzEiJylVko/AqUmYGdm35tR1kAF8kyTrOQOn/LZY=; b=mjFgfEh9DpnUyYJnmm10xCAA44rjQ5vM3POmL21L1yxtntOM4gCLmgenR1CUMVLdRK bKJ5vWJRNlNGEcrq4IdxzCEHcpIe7vlLMfhuxhzjrr57rEblFOm2QshpZwxJlJUsK8FS r9C0ItB6L+JRovFIxzCuNpKzuioK88/Kll0kA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=eKbpzEiJylVko/AqUmYGdm35tR1kAF8kyTrOQOn/LZY=; b=eYE5yCeZ/NpqWMlLXuD1OoYZZLBWoH8YQxBjwC9F6pHAW8VMt45TNSsbqOYjgH3LYa /I7lsAz5S4pEZWioxi/lJJfVEVncld112Ezx0ZoisjGbZhmUYyrUZ86yfQs5DgyALMCD uu766hha0J8OiCBGJJ4m3SQ9o4lF3PahY2ha8EznevJzK07ddtCNdE6ARV5u3Etx4CUS v1t3fcWz2gCg/nKJSmvqUNgfusKqUm+3fGMbvYRTY42fsTeXZvdRd5zPuyZEMtDz+PsJ CSwjVDNPbEDDOU8boU4RcKRFVx/DkRjkRys94T8ZoHtCFgcN94YpixDF8oXOGiUHeUC2 HFHA== X-Gm-Message-State: APjAAAWypnnvjdT6/PJLVN2gT/o8pYDHlkke3303Fa5vYl/lpVYOdrmK 2+Ke1zmvMIxFGZ0AcXqLZHtvh2u7nj4= X-Google-Smtp-Source: APXvYqzVFXwvbw+h8Vy5oNuVgOROK+vJF9NO7ccBNAEWTkL02XdJ05Npe6ZqjRHegh2kVzPtwd85kA== X-Received: by 2002:a63:6981:: with SMTP id e123mr22346754pgc.136.1560729370570; Sun, 16 Jun 2019 16:56:10 -0700 (PDT) Received: from localhost (ppp167-251-205.static.internode.on.net. [59.167.251.205]) by smtp.gmail.com with ESMTPSA id v4sm9131345pfb.14.2019.06.16.16.56.08 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sun, 16 Jun 2019 16:56:09 -0700 (PDT) From: Daniel Axtens To: Nayna Cc: Nayna Jain , linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Ellerman , Paul Mackerras , Benjamin Herrenschmidt , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Mimi Zohar , Claudio Carvalho , Eric Richter Subject: Re: [PATCH v3 1/3] powerpc/powernv: Add OPAL API interface to get secureboot state In-Reply-To: References: <1560198837-18857-1-git-send-email-nayna@linux.ibm.com> <1560198837-18857-2-git-send-email-nayna@linux.ibm.com> <87ftofpbth.fsf@dja-thinkpad.axtens.net> <87d0jipfr9.fsf@dja-thinkpad.axtens.net> Date: Mon, 17 Jun 2019 09:56:05 +1000 Message-ID: <87tvcp2iga.fsf@dja-thinkpad.axtens.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Hi Nayna, >> I guess I also somewhat object to calling it a 'backend' if we're using >> it as a version scheme. I think the skiboot storage backends are true >> backends - they provide different implementations of the same >> functionality with the same API, but this seems like you're using it to >> indicate different functionality. It seems like we're using it as if it >> were called OPAL_SECVAR_VERSION. > > We are changing how we are exposing the version to the kernel. The=20 > version will be exposed as device-tree entry rather than a OPAL runtime=20 > service. We are not tied to the name "backend", we can switch to calling= =20 > it as "scheme" unless there is a better name. This sounds like a good approach to me. Kind regards, Daniel > > Thanks & Regards, > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 - Nayna From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 306DBC31E50 for ; Sun, 16 Jun 2019 23:58:04 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 34C7120818 for ; Sun, 16 Jun 2019 23:58:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=axtens.net header.i=@axtens.net header.b="mjFgfEh9" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 34C7120818 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=axtens.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 45RrrS5M0TzDqZ3 for ; Mon, 17 Jun 2019 09:58:00 +1000 (AEST) Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 45RrpV4ccNzDqWh for ; Mon, 17 Jun 2019 09:56:18 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=axtens.net Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="mjFgfEh9"; dkim-atps=neutral Received: from ozlabs.org (bilbo.ozlabs.org [203.11.71.1]) by bilbo.ozlabs.org (Postfix) with ESMTP id 45RrpV3Pw6z8tFV for ; Mon, 17 Jun 2019 09:56:18 +1000 (AEST) Received: by ozlabs.org (Postfix) id 45RrpV2wQbz9sDX; Mon, 17 Jun 2019 09:56:18 +1000 (AEST) Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::543; helo=mail-pg1-x543.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=axtens.net Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="mjFgfEh9"; dkim-atps=neutral Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com [IPv6:2607:f8b0:4864:20::543]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45RrpS4fMqz9s7h for ; Mon, 17 Jun 2019 09:56:15 +1000 (AEST) Received: by mail-pg1-x543.google.com with SMTP id n65so264345pga.4 for ; Sun, 16 Jun 2019 16:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=eKbpzEiJylVko/AqUmYGdm35tR1kAF8kyTrOQOn/LZY=; b=mjFgfEh9DpnUyYJnmm10xCAA44rjQ5vM3POmL21L1yxtntOM4gCLmgenR1CUMVLdRK bKJ5vWJRNlNGEcrq4IdxzCEHcpIe7vlLMfhuxhzjrr57rEblFOm2QshpZwxJlJUsK8FS r9C0ItB6L+JRovFIxzCuNpKzuioK88/Kll0kA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=eKbpzEiJylVko/AqUmYGdm35tR1kAF8kyTrOQOn/LZY=; b=hXDAB0f4OsJqy9rsJOCqMsIjqmpJEZfVybT0Hg+n/MawDq9fcKJFKxT/3tJJnA71fd eRgga2niSye0xyr9SR/F45/9MmrxKnW9kQim3zYVMAW6nbBGag64h0CfiZBRFnGaz413 BITHuHU/7pJzLPg7V0qc9mNDjLeaU3MnlJucGiciTdm/eeL3f3f4M46HCr+gAkREHxfX HVBkyCIxCi2QNOUrRM0lRQHecUCG6kdRRvf6cF5/yaAVUS6xpT4V96ckrLuSoBey2B+u QuqUenH+Nwyk+F0ehus1JyZCrkOezwx48cxM0wYJMW7RyrUR/Sulue5RYrjmJANGZckj KO/Q== X-Gm-Message-State: APjAAAXbFBQ/5+pD8fFrCybmwisyVrFyihnMZHHbn5y2VCyiErHSesBI tEOx4VFmMwfIGcAZEI8mUiLAxw== X-Google-Smtp-Source: APXvYqzVFXwvbw+h8Vy5oNuVgOROK+vJF9NO7ccBNAEWTkL02XdJ05Npe6ZqjRHegh2kVzPtwd85kA== X-Received: by 2002:a63:6981:: with SMTP id e123mr22346754pgc.136.1560729370570; Sun, 16 Jun 2019 16:56:10 -0700 (PDT) Received: from localhost (ppp167-251-205.static.internode.on.net. [59.167.251.205]) by smtp.gmail.com with ESMTPSA id v4sm9131345pfb.14.2019.06.16.16.56.08 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sun, 16 Jun 2019 16:56:09 -0700 (PDT) From: Daniel Axtens To: Nayna Subject: Re: [PATCH v3 1/3] powerpc/powernv: Add OPAL API interface to get secureboot state In-Reply-To: References: <1560198837-18857-1-git-send-email-nayna@linux.ibm.com> <1560198837-18857-2-git-send-email-nayna@linux.ibm.com> <87ftofpbth.fsf@dja-thinkpad.axtens.net> <87d0jipfr9.fsf@dja-thinkpad.axtens.net> Date: Mon, 17 Jun 2019 09:56:05 +1000 Message-ID: <87tvcp2iga.fsf@dja-thinkpad.axtens.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-efi@vger.kernel.org, Ard Biesheuvel , Eric Richter , Nayna Jain , linux-kernel@vger.kernel.org, Mimi Zohar , Claudio Carvalho , Matthew Garret , linuxppc-dev@ozlabs.org, Paul Mackerras , Jeremy Kerr , linux-integrity@vger.kernel.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" Hi Nayna, >> I guess I also somewhat object to calling it a 'backend' if we're using >> it as a version scheme. I think the skiboot storage backends are true >> backends - they provide different implementations of the same >> functionality with the same API, but this seems like you're using it to >> indicate different functionality. It seems like we're using it as if it >> were called OPAL_SECVAR_VERSION. > > We are changing how we are exposing the version to the kernel. The=20 > version will be exposed as device-tree entry rather than a OPAL runtime=20 > service. We are not tied to the name "backend", we can switch to calling= =20 > it as "scheme" unless there is a better name. This sounds like a good approach to me. Kind regards, Daniel > > Thanks & Regards, > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 - Nayna