From: Claudio Carvalho
The X.509 certificates trusted by the platform and other information
required to secure boot the OS kernel are wrapped in secure variables,
which are controlled by OPAL.
This patch adds support to read OPAL secure variables through
OPAL_SECVAR_GET call. It returns the
PowerNV secure boot defines different IMA policies based on the secure
boot state of the system.
This patch defines a function to detect the secure boot state of the
system.
Signed-off-by: Nayna Jain
---
arch/powerpc/include/asm/secboot.h | 21 +
PowerNV secure boot relies on the kernel IMA security subsystem to
perform the OS kernel image signature verification. Since each secure
boot mode has different IMA policy requirements, dynamic definition of
the policy rules based on the runtime secure boot mode of the system is
required. On
This patch set is part of a series that implements secure boot on PowerNV
systems.
In order to verify the OS kernel on PowerNV, secure boot requires X.509
certificates trusted by the platform, the secure boot modes, and several
other pieces of information. These are stored in secure variables
On Mon, 8 Apr 2019 at 11:20, Vladimir Murzin wrote:
>
> On 4/7/19 7:19 PM, Ard Biesheuvel wrote:
> > Actually, the CP15 ISB is not usable here, and using the v7 ISB breaks
> > v6. Would reading back SCTLR suffice?
>
>
> I think instr_sync macro should do the trick.
>
This code should run on v7
On Mon, 8 Apr 2019 at 17:23, Mark Rutland wrote:
>
> On Fri, Feb 08, 2019 at 04:10:11PM +0100, Torsten Duwe wrote:
> > In preparation for arm64 supporting ftrace built on other compiler
> > options, let's have makefiles remove the $(CC_FLAGS_FTRACE)
> > flags, whatever these may be, rather
On Fri, Feb 08, 2019 at 04:10:11PM +0100, Torsten Duwe wrote:
> In preparation for arm64 supporting ftrace built on other compiler
> options, let's have makefiles remove the $(CC_FLAGS_FTRACE)
> flags, whatever these may be, rather than assuming '-pg'.
> While at it, fix arm32 as well.
>
On 4/7/19 7:19 PM, Ard Biesheuvel wrote:
> Actually, the CP15 ISB is not usable here, and using the v7 ISB breaks
> v6. Would reading back SCTLR suffice?
I think instr_sync macro should do the trick.
Cheers
Vladimir
On 07/04/2019 19:19, Ard Biesheuvel wrote:
> On Sun, 31 Mar 2019 at 10:47, Marc Zyngier wrote:
>>
>> On Sat, 30 Mar 2019 13:10:58 +,
>> Ard Biesheuvel wrote:
>>>
>>> On Sat, 30 Mar 2019 at 10:50, Marc Zyngier wrote:
Hi Ard,
On Fri, 29 Mar 2019 18:24:18 +,
Ard