From: Srish Srinivasan <ssrish@linux.ibm.com>
To: linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Cc: maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com,
christophe.leroy@csgroup.eu, naveen@kernel.org,
ajd@linux.ibm.com, zohar@linux.ibm.com, nayna@linux.ibm.com,
linux-kernel@vger.kernel.org
Subject: [PATCH 0/3] Enhancements to the secvar interface in static key management mode
Date: Wed, 30 Apr 2025 14:33:47 +0530 [thread overview]
Message-ID: <20250430090350.30023-1-ssrish@linux.ibm.com> (raw)
The PLPKS enabled Power LPAR sysfs exposes all of the secure boot secure
variables irrespective of the key management mode. There is support for
both static and dynamic key management and the key management mode can
be updated using the management console. The user can modify the secure
boot secvars db, dbx, grubdb, grubdbx, and sbat only in the dynamic key
mode. But the sysfs interface exposes these secvars even in static key
mode. This could lead to errors when reading them or writing to them in
the static key mode.
Update the secvar format property based on the key management mode and
expose only the secure variables relevant to the key management mode.
Enable loading of signed third-party kernel modules in the static key
mode when the platform keystore is enabled.
Srish Srinivasan (3):
powerpc/pseries: Correct secvar format representation for static key
management
powerpc/secvar: Expose secvars relevant to the key management mode
integrity/platform_certs: Allow loading of keys in static key
management mode
Documentation/ABI/testing/sysfs-secvar | 9 +-
arch/powerpc/platforms/pseries/plpks-secvar.c | 98 ++++++++++++-------
.../integrity/platform_certs/load_powerpc.c | 5 +-
3 files changed, 73 insertions(+), 39 deletions(-)
--
2.47.1
next reply other threads:[~2025-04-30 9:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 9:03 Srish Srinivasan [this message]
2025-04-30 9:03 ` [PATCH 1/3] powerpc/pseries: Correct secvar format representation for static key management Srish Srinivasan
2025-04-30 15:20 ` Nayna Jain
2025-05-05 8:36 ` Andrew Donnellan
2025-05-06 18:59 ` Srish Srinivasan
2025-05-07 6:17 ` Andrew Donnellan
2025-05-07 15:48 ` Srish Srinivasan
2025-05-12 9:51 ` Andrew Donnellan
2025-05-12 9:55 ` Andrew Donnellan
2025-05-12 10:16 ` Srish Srinivasan
2025-05-06 19:27 ` Nayna Jain
2025-05-07 6:03 ` Andrew Donnellan
2025-04-30 9:03 ` [PATCH 2/3] powerpc/secvar: Expose secvars relevant to the key management mode Srish Srinivasan
2025-04-30 15:22 ` Nayna Jain
2025-05-05 7:23 ` Andrew Donnellan
2025-05-06 19:00 ` Srish Srinivasan
2025-04-30 9:03 ` [PATCH 3/3] integrity/platform_certs: Allow loading of keys in static " Srish Srinivasan
2025-04-30 15:22 ` Nayna Jain
2025-05-05 7:55 ` Andrew Donnellan
2025-05-06 19:00 ` Srish Srinivasan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250430090350.30023-1-ssrish@linux.ibm.com \
--to=ssrish@linux.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=christophe.leroy@csgroup.eu \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=naveen@kernel.org \
--cc=nayna@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).