[PATCH v2 1/3] powerpc/powernv: Add support for OPAL_SECVAR_GET

From: Claudio Carvalho The X.509 certificates trusted by the platform and other information required to secure boot the OS kernel are wrapped in secure variables, which are controlled by OPAL. This patch adds support to read OPAL secure variables through OPAL_SECVAR_GET call. It returns the

[PATCH v2 2/3] powerpc/powernv: detect the secure boot mode of the system

PowerNV secure boot defines different IMA policies based on the secure boot state of the system. This patch defines a function to detect the secure boot state of the system. Signed-off-by: Nayna Jain --- arch/powerpc/include/asm/secboot.h | 21 +

[PATCH v2 3/3] powerpc: Add support to initialize ima policy rules

PowerNV secure boot relies on the kernel IMA security subsystem to perform the OS kernel image signature verification. Since each secure boot mode has different IMA policy requirements, dynamic definition of the policy rules based on the runtime secure boot mode of the system is required. On

[PATCH v2 0/3] powerpc: Enabling secure boot on powernv systems - Part 1

This patch set is part of a series that implements secure boot on PowerNV systems. In order to verify the OS kernel on PowerNV, secure boot requires X.509 certificates trusted by the platform, the secure boot modes, and several other pieces of information. These are stored in secure variables

Re: [PATCH] efi/arm: enable CP15 DMB instructions before cleaning the cache

On Mon, 8 Apr 2019 at 11:20, Vladimir Murzin wrote: > > On 4/7/19 7:19 PM, Ard Biesheuvel wrote: > > Actually, the CP15 ISB is not usable here, and using the v7 ISB breaks > > v6. Would reading back SCTLR suffice? > > > I think instr_sync macro should do the trick. > This code should run on v7

Re: [PATCH v8 2/5] arm64: replace -pg with CC_FLAGS_FTRACE in efi Makefiles

On Mon, 8 Apr 2019 at 17:23, Mark Rutland wrote: > > On Fri, Feb 08, 2019 at 04:10:11PM +0100, Torsten Duwe wrote: > > In preparation for arm64 supporting ftrace built on other compiler > > options, let's have makefiles remove the $(CC_FLAGS_FTRACE) > > flags, whatever these may be, rather

Re: [PATCH v8 2/5] arm64: replace -pg with CC_FLAGS_FTRACE in efi Makefiles

On Fri, Feb 08, 2019 at 04:10:11PM +0100, Torsten Duwe wrote: > In preparation for arm64 supporting ftrace built on other compiler > options, let's have makefiles remove the $(CC_FLAGS_FTRACE) > flags, whatever these may be, rather than assuming '-pg'. > While at it, fix arm32 as well. >

Re: [PATCH] efi/arm: enable CP15 DMB instructions before cleaning the cache

On 4/7/19 7:19 PM, Ard Biesheuvel wrote: > Actually, the CP15 ISB is not usable here, and using the v7 ISB breaks > v6. Would reading back SCTLR suffice? I think instr_sync macro should do the trick. Cheers Vladimir

Re: [PATCH] efi/arm: enable CP15 DMB instructions before cleaning the cache

On 07/04/2019 19:19, Ard Biesheuvel wrote: > On Sun, 31 Mar 2019 at 10:47, Marc Zyngier wrote: >> >> On Sat, 30 Mar 2019 13:10:58 +, >> Ard Biesheuvel wrote: >>> >>> On Sat, 30 Mar 2019 at 10:50, Marc Zyngier wrote: Hi Ard, On Fri, 29 Mar 2019 18:24:18 +, Ard