From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: ajd@linux.ibm.com, alastair@d-silva.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
asteinhauser@google.com, Bjorn Helgaas <bhelgaas@google.com>,
Qian Cai <cai@lca.pw>,
chris.packham@alliedtelesis.co.nz,
chris.smart@humanservices.gov.au,
Christophe Leroy <christophe.leroy@c-s.fr>,
clg@kaod.org, cmr@informatik.wtf,
David Hildenbrand <david@redhat.com>,
debmc@linux.vnet.ibm.com,
Geert Uytterhoeven <geert+renesas@glider.be>,
gwalbon@linux.ibm.com, harish@linux.ibm.com,
hbathini@linux.ibm.com, Christoph Hellwig <hch@lst.de>,
krzk@kernel.org, leonardo@linux.ibm.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
linuxppc-dev@lists.ozlabs.org, linuxram@us.ibm.com,
madalin.bucur@nxp.com, Mathieu Malaterre <malat@debian.org>,
msuchanek@suse.de, Nathan Chancellor <natechancellor@gmail.com>,
nathanl@linux.ibm.com, Nayna Jain <nayna@linux.ibm.com>,
Nick Piggin <npiggin@gmail.com>,
"Oliver O'Halloran" <oohall@gmail.com>,
oss@buserror.net, ravi.bangoria@linux.ibm.com,
Russell Currey <ruscur@russell.cc>,
sbobroff@linux.ibm.com, thuth@redhat.com, tyreld@linux.ibm.com,
vaibhav@linux.ibm.com, valentin@longchamp.me,
yanaijie@huawei.com, YueHaibing <yuehaibing@huawei.com>
Subject: Re: [GIT PULL] Please pull powerpc/linux.git powerpc-5.5-1 tag
Date: Mon, 02 Dec 2019 07:54:27 -0500 [thread overview]
Message-ID: <1575291267.4793.371.camel@linux.ibm.com> (raw)
In-Reply-To: <CAHk-=wj-BW=C8mFr5mWEYyjgngLoq2N6PZ-RKtiL7X-e93poHw@mail.gmail.com>
On Sat, 2019-11-30 at 14:42 -0800, Linus Torvalds wrote:
> [ Only tangentially related to the power parts ]
>
> On Sat, Nov 30, 2019 at 2:41 AM Michael Ellerman <mpe@ellerman.id.au> wrote:
> >
> > There's some changes in security/integrity as part of the secure boot work. They
> > were all either written by or acked/reviewed by Mimi.
>
> -#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390)
> +#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \
> + || defined(CONFIG_PPC_SECURE_BOOT)
>
> This clearly should be its own CONFIG variable, and be generated by
> having the different architectures just select it.
>
> IOW, IMA should probably have a
>
> config IMA_SECURE_BOOT
>
> and then s390 would just do the select unconditionally, while x86 and
> ppc would do
>
> select IMA_SECURE_BOOT if EFI
>
> and
>
> select IMA_SECURE_BOOT if PPC_SECURE_BOOT
>
> respectively.
>
> And then we wouldn't have random architectures adding random "me me me
> tooo!!!" type code.
Agreed, but the naming is a bit off. The flag somehow needs to take
into account "trusted boot" as well. On s390, only secure boot is
enabled, at least for the time being. On x86, both secure and trusted
boot are enabled. On powerpc, the architecture properly enables
secure and/or trusted boot based on OPAL flags.
It's a bit long, but could the flag be named
IMA_SECURE_AND_OR_TRUSTED_BOOT?
thanks,
Mimi
next prev parent reply other threads:[~2019-12-02 12:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-30 10:41 [GIT PULL] Please pull powerpc/linux.git powerpc-5.5-1 tag Michael Ellerman
2019-11-30 22:42 ` Linus Torvalds
2019-12-02 0:06 ` Nayna
2019-12-02 12:54 ` Mimi Zohar [this message]
2019-11-30 23:05 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575291267.4793.371.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=alastair@d-silva.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=asteinhauser@google.com \
--cc=bhelgaas@google.com \
--cc=cai@lca.pw \
--cc=chris.packham@alliedtelesis.co.nz \
--cc=chris.smart@humanservices.gov.au \
--cc=christophe.leroy@c-s.fr \
--cc=clg@kaod.org \
--cc=cmr@informatik.wtf \
--cc=david@redhat.com \
--cc=debmc@linux.vnet.ibm.com \
--cc=geert+renesas@glider.be \
--cc=gwalbon@linux.ibm.com \
--cc=harish@linux.ibm.com \
--cc=hbathini@linux.ibm.com \
--cc=hch@lst.de \
--cc=krzk@kernel.org \
--cc=leonardo@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=madalin.bucur@nxp.com \
--cc=malat@debian.org \
--cc=mpe@ellerman.id.au \
--cc=msuchanek@suse.de \
--cc=natechancellor@gmail.com \
--cc=nathanl@linux.ibm.com \
--cc=nayna@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=oohall@gmail.com \
--cc=oss@buserror.net \
--cc=ravi.bangoria@linux.ibm.com \
--cc=ruscur@russell.cc \
--cc=sbobroff@linux.ibm.com \
--cc=thuth@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=tyreld@linux.ibm.com \
--cc=vaibhav@linux.ibm.com \
--cc=valentin@longchamp.me \
--cc=yanaijie@huawei.com \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox