mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 06:24:43 +01:00
40850c909f
The /sys/firmware/secvar/config directory represents Power LPAR Platform KeyStore (PLPKS) configuration properties such as max_object_size, signed_ update_algorithms, supported_policies, total_size, used_space, and version. These attributes describe the PLPKS, and not the secure boot variables (secvars). Create /sys/firmware/plpks directory and move the PLPKS config inside this directory. For backwards compatibility, create a soft link from the secvar sysfs directory to this config and emit a warning stating that the older sysfs path has been deprecated. Separate out the plpks specific documentation from secvar. Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com> Tested-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com> Link: https://patch.msgid.link/20260127145228.48320-3-ssrish@linux.ibm.com
65 lines
2.8 KiB
Text
65 lines
2.8 KiB
Text
What: /sys/firmware/secvar
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: This directory is created if the POWER firmware supports OS
|
|
secureboot, thereby secure variables. It exposes interface
|
|
for reading/writing the secure variables
|
|
|
|
What: /sys/firmware/secvar/vars
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: This directory lists all the secure variables that are supported
|
|
by the firmware.
|
|
|
|
What: /sys/firmware/secvar/format
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: A string indicating which backend is in use by the firmware.
|
|
This determines the format of the variable and the accepted
|
|
format of variable updates.
|
|
|
|
On powernv/OPAL, this value is provided by the OPAL firmware
|
|
and is expected to be "ibm,edk2-compat-v1".
|
|
|
|
On pseries/PLPKS, this is generated by the kernel based on the
|
|
version number in the SB_VERSION variable in the keystore. The
|
|
version numbering in the SB_VERSION variable starts from 1. The
|
|
format string takes the form "ibm,plpks-sb-v<version>" in the
|
|
case of dynamic key management mode. If the SB_VERSION variable
|
|
does not exist (or there is an error while reading it), it takes
|
|
the form "ibm,plpks-sb-v0", indicating that the key management
|
|
mode is static.
|
|
|
|
What: /sys/firmware/secvar/vars/<variable name>
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: Each secure variable is represented as a directory named as
|
|
<variable_name>. The variable name is unique and is in ASCII
|
|
representation. The data and size can be determined by reading
|
|
their respective attribute files.
|
|
|
|
Only secvars relevant to the key management mode are exposed.
|
|
Only in the dynamic key management mode should the user have
|
|
access (read and write) to the secure boot secvars db, dbx,
|
|
grubdb, grubdbx, and sbat. These secvars are not consumed in the
|
|
static key management mode. PK, trustedcadb and moduledb are the
|
|
secvars common to both static and dynamic key management modes.
|
|
|
|
What: /sys/firmware/secvar/vars/<variable_name>/size
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: An integer representation of the size of the content of the
|
|
variable. In other words, it represents the size of the data.
|
|
|
|
What: /sys/firmware/secvar/vars/<variable_name>/data
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: A read-only file containing the value of the variable. The size
|
|
of the file represents the maximum size of the variable data.
|
|
|
|
What: /sys/firmware/secvar/vars/<variable_name>/update
|
|
Date: August 2019
|
|
Contact: Nayna Jain <nayna@linux.ibm.com>
|
|
Description: A write-only file that is used to submit the new value for the
|
|
variable. The size of the file represents the maximum size of
|
|
the variable data that can be written.
|