From: "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>
To: David Thompson <davthompson@nvidia.com>
Cc: Hans de Goede <hdegoede@redhat.com>,
markgross@kernel.org, vadimp@nvidia.com,
platform-driver-x86@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
kblaiech@nvidia.com
Subject: Re: [PATCH v3] mlxbf-bootctl: correctly identify secure boot with development keys
Date: Mon, 4 Dec 2023 15:09:18 +0200 (EET) [thread overview]
Message-ID: <c1be334-ed14-29f-e6-2f5d4f743b3@linux.intel.com> (raw)
In-Reply-To: <20231130183515.17214-1-davthompson@nvidia.com>
[-- Attachment #1: Type: text/plain, Size: 1577 bytes --]
On Thu, 30 Nov 2023, David Thompson wrote:
> The secure boot state of the BlueField SoC is represented by two bits:
> 0 = production state
> 1 = secure boot enabled
> 2 = non-secure (secure boot disabled)
> 3 = RMA state
> There is also a single bit to indicate whether production keys or
> development keys are being used when secure boot is enabled.
> This single bit (specified by MLXBF_BOOTCTL_SB_DEV_MASK) only has
> meaning if secure boot state equals 1 (secure boot enabled).
>
> The secure boot states are as follows:
> - “GA secured” is when secure boot is enabled with official production keys.
> - “Secured (development)” is when secure boot is enabled with development keys.
>
> Without this fix “GA Secured” is displayed on development cards which is
> misleading. This patch updates the logic in "lifecycle_state_show()" to
> handle the case where the SoC is configured for secure boot and is using
> development keys.
>
> Fixes: 79e29cb8fbc5c ("platform/mellanox: Add bootctl driver for Mellanox BlueField Soc")
> Reviewed-by: Khalil Blaiech <kblaiech@nvidia.com>
> Signed-off-by: David Thompson <davthompson@nvidia.com>
> ---
> + } else if ((use_dev_key) &&
> + (lc_state == MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE)) {
> + return sprintf(buf, "Secured (development)\n");
> }
Thanks for the update. Applied to review-ilpo and will propagate into
fixes once LKP has built it.
I removed the unnecessary parenthesis around that use_dev_key while
applying the patch.
--
i.
prev parent reply other threads:[~2023-12-04 13:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-30 18:35 [PATCH v3] mlxbf-bootctl: correctly identify secure boot with development keys David Thompson
2023-12-04 13:09 ` Ilpo Järvinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c1be334-ed14-29f-e6-2f5d4f743b3@linux.intel.com \
--to=ilpo.jarvinen@linux.intel.com \
--cc=davthompson@nvidia.com \
--cc=hdegoede@redhat.com \
--cc=kblaiech@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=markgross@kernel.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=vadimp@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.