On 8/28/19 10:05 AM, Michael Ellerman wrote:
> From: Claudio Carvalho
>
> The ultravisor (UV) provides an in-memory console which follows the
> OPAL in-memory console structure.
>
> This patch extends the OPAL msglog code to initialize the UV memory
> console and provi
On 8/28/19 10:05 AM, Michael Ellerman wrote:
> From: Claudio Carvalho
>
> This patch refactors the code in opal-msglog that operates on the OPAL
> memory console in order to make it cleaner and also allow the reuse of
> the new memcons_* functions.
Tested-by: Claudio Carvalho
Signed-off-by: Claudio Carvalho
---
This patch applies on top of the "kvmppc: Paravirtualize KVM to support
ultravisor" patch series submitted by Claudio Carvalho.
---
arch/powerpc/include/asm/ultravisor.h| 8
arch/powerpc/platforms/powernv/opal-msglog.c | 36
This patch refactors the code in opal-msglog that operates on the OPAL
memory console in order to make it cleaner and also allow the reuse of
the new memcons_* functions.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/platforms/powernv/opal-msglog.c | 61 ++--
1 file changed
On 8/23/19 9:48 AM, Michael Ellerman wrote:
> Hi Claudio,
Hi Michael,
>
> Claudio Carvalho writes:
>> Ultravisor (UV) provides an in-memory console which follows the OPAL
>> in-memory console structure.
>>
>> This patch extends the OPAL msglog code to also in
: Oliver O'Halloran
Signed-off-by: Claudio Carvalho
---
This patch depends on the "kvmppc: Paravirtualize KVM to support
ultravisor" patchset submitted by Claudio Carvalho.
---
arch/powerpc/platforms/powernv/opal-msglog.c | 99 ++--
1 file changed, 72 insertions(+), 27
the ultracall number, i.e UV_RETURN.
* If returning with a synthesized interrupt, R2 contains the
synthesized interrupt number.
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm
.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
---
arch/powerpc/platforms/powernv/idle.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/idle.c
b/arch/powerpc/platforms/powernv/idle.c
index 09f49eed7fb8
-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor.h| 12
arch/powerpc/mm/book3s64/hash_utils.c| 5 +++--
arch/powerpc/mm/book3s64/pgtable.c | 2 +-
arch/powerpc/mm/book3s64/radix_pgtable.c | 8 +---
4 files changed, 21 insertions(+), 6 deletions(-)
diff
) when Ultravisor is enabled.
Signed-off-by: Michael Anderson
Signed-off-by: Madhavan Srinivasan
Signed-off-by: Ram Pai
[ cclaudio: Write the PATE in HV's table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
Reviewed-by: Ryan Grimm
---
arch/powerpc/include/asm/ultravisor-api.h | 5
accessing resources (e.g. PTCR and LDBAR) in case PEF is enabled.
Signed-off-by: Claudio Carvalho
[ andmike: Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravisor.h
will be redirected to the
hypervisor which must handle/fail the call.
Thanks to inputs from Ram Pai and Michael Anderson.
Signed-off-by: Claudio Carvalho
---
Ultravisor call support for secure guests is being proposed as part of
the patchset "Secure Virtual Machine Enablement" posted
as in the KVM Hypervisor.
Based on input from Mike Anderson, Thiago Bauermann, Claudio Carvalho,
Ben Herrenschmidt, Guerney Hunt, Paul Mackerras.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
Signed-off-by: Guerney Hunt
Reviewed-by: Claudio Carvalho
Reviewed-by: Michael Anderson
Reviewed
Disable IMC devices, when
Ultravisor is enabled.
- Fixed signed-off-by.
- Patch "KVM: PPC: Ultravisor: Enter a secure guest":
- Changed the UV_RETURN assembly call to save the actual R3 in
R0 for the ultravisor and pass the UV_RETURN call number in R3.
- Patch "KVM: PPC:
On 8/14/19 8:33 AM, Michael Ellerman wrote:
> Hi Claudio,
>
> Claudio Carvalho writes:
>> From: Michael Anderson
>>
>> In ultravisor enabled systems, the ultravisor creates and maintains the
>> partition table in secure memory w
On 8/14/19 3:34 PM, Segher Boessenkool wrote:
> On Wed, Aug 14, 2019 at 08:46:15PM +1000, Michael Ellerman wrote:
>> Claudio Carvalho writes:
>>> +_GLOBAL(ucall_norets)
>>> +EXPORT_SYMBOL_GPL(ucall_norets)
>>> + mfcrr0
>>>
On 8/14/19 7:46 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> diff --git a/arch/powerpc/kernel/ucall.S b/arch/powerpc/kernel/ucall.S
>> new file mode 100644
>> index ..de9133e45d21
>> --- /dev/null
>> +++ b/arch/powerpc/kernel/ucall.
On 8/9/19 9:45 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> From: Sukadev Bhattiprolu
>>
>> POWER9 processor includes support for Protected Execution Facility (PEF).
>> Which POWER9? Please be more precise.
>>
>> It's public knowledge that
On 8/12/19 12:58 PM, Fabiano Rosas wrote:
> Claudio Carvalho writes:
>
> Some small suggestions below:
>
>> +
>> +* The privilege of a process is now determined by three MSR bits,
>> + MSR(S, HV, PR). In each of the tables below the modes are listed
the ultracall number, i.e UV_RETURN.
* If returning with a synthesized interrupt, R2 contains the
synthesized interrupt number.
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm
.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
---
arch/powerpc/platforms/powernv/idle.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/idle.c
b/arch/powerpc/platforms/powernv/idle.c
index 210fb73a5121
disabled.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 13 +
arch/powerpc/mm/book3s64/hash_utils.c| 4 ++--
arch/powerpc/mm/book3s64/pgtable.c | 2 +-
arch/powerpc/mm/book3s64/radix_pgtable.c | 6 +++---
4 files changed, 19 insertions(+), 6
Anderson
Signed-off-by: Madhavan Srinivasan
Signed-off-by: Ram Pai
[ cclaudio: Write the PATE in HV's table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
Reviewed-by: Ryan Grimm
---
arch/powerpc/include/asm/ultravisor-api.h | 5 ++
arch/powerpc/include/asm/ultravisor.h | 8
accessing resources (e.g. PTCR and LDBAR) in case PEF is enabled.
Signed-off-by: Claudio Carvalho
[ andmike: Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravisor.h
file is placed under
arch/powerpc/kernel.
If ultravisor is not enabled, the ucalls will be redirected to the
hypervisor which must handle/fail the call.
Thanks to inputs from Ram Pai and Michael Anderson.
Signed-off-by: Claudio Carvalho
---
Ultravisor call support for secure guests is being
from Mike Anderson, Thiago Bauermann, Claudio Carvalho,
Ben Herrenschmidt, Guerney Hunt, Paul Mackerras.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
Signed-off-by: Guerney Hunt
Reviewed-by: Claudio Carvalho
Reviewed-by: Michael Anderson
Reviewed-by: Thiago Bauermann
Signed-off
or: Return to UV for hcalls from SVM"
- "KVM: PPC: Ultravisor: Enter a secure guest
- Rebased
- Addressed comments from Paul Mackerras
- Dropped ultravisor checks made in power8 code
- Updated the commit message for:
"KVM: PPC: Ultravisor: Enter a secure guest"
- Addre
On 7/11/19 9:57 AM, Michael Ellerman wrote:
>
>>
>> static pmd_t *get_pmd_from_cache(struct mm_struct *mm)
>> diff --git a/arch/powerpc/mm/book3s64/radix_pgtable.c
>> b/arch/powerpc/mm/book3s64/radix_pgtable.c
>> index 8904aa1243d8..da6a6b76a040 100644
>> ---
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> When the ultravisor firmware is available, it takes control over the
>> LDBAR register. In this case, thread-imc updates and save/restore
>> operations on the LDBAR register are handled by ultravi
On 7/1/19 3:46 AM, Ram Pai wrote:
> On Mon, Jul 01, 2019 at 04:30:55PM +1000, Alexey Kardashevskiy wrote:
>>
>> On 01/07/2019 16:17, maddy wrote:
>>> On 01/07/19 11:24 AM, Alexey Kardashevskiy wrote:
>>>> On 29/06/2019 06:08, Claudio Carvalho wrote
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> From: Ram Pai
>>
>> Add the ucall() function, which can be used to make ultravisor calls
>> with varied number of in and out arguments. Ultravisor calls can be made
>> from the
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> diff --git a/arch/powerpc/include/asm/ultravisor.h
>> b/arch/powerpc/include/asm/ultravisor.h
>> new file mode 100644
>> index ..e5009b0d84ea
>> --- /dev/null
>> +++
, but a
>> secure guest and the ultravisor firmware do.
>>
>> Signed-off-by: Sukadev Bhattiprolu
>> Signed-off-by: Ram Pai
>> [ Update the commit message ]
>> Signed-off-by: Claudio Carvalho
>> ---
>> arch/powerpc/include/asm/reg.h | 3 +++
>> 1 file
On 7/8/19 5:53 PM, janani wrote:
> On 2019-06-28 15:08, Claudio Carvalho wrote:
>> From: Sukadev Bhattiprolu
>>
>> To enter a secure guest, we have to go through the ultravisor, therefore
>> we do a ucall when we are entering a secure guest.
>>
>> This
ce to view the messages.
CC: Joel Stanley
CC: Oliver O'Halloran
Signed-off-by: Madhavan Srinivasan
[ Read ibm,opal-uv-memcons instead of OPAL's ]
Signed-off-by: Ryan Grimm
[ Fix license, update the commit message ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/opal.h |
On 7/1/19 2:54 AM, Alexey Kardashevskiy wrote:
>
> On 29/06/2019 06:08, Claudio Carvalho wrote:
>> From: Ram Pai
>>
>> Ultravisor is responsible for flushing the tlb cache, since it manages
>> the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
On 6/15/19 4:36 AM, Paul Mackerras wrote:
> On Thu, Jun 06, 2019 at 02:36:08PM -0300, Claudio Carvalho wrote:
>> This feature tells if the ultravisor firmware is available to handle
>> ucalls.
> Everything in this patch that depends on CONFIG_PPC_UV should just
> depend
Add the ppc_capabilities ELF note to the powerpc kernel binary. It is a
bitmap that can be used to advertise kernel capabilities to userland.
This patch also defines PPCCAP_ULTRAVISOR_BIT as being the bit zero.
Suggested-by: Paul Mackerras
Signed-off-by: Claudio Carvalho
---
arch/powerpc
for the
UV_RETURN ucall number. Update commit message and ret_to_ultra comment ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/asm-offsets.c | 1 +
arch/powerpc/kvm/book3s_hv_rmhandlers.S
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include it. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
Acked-by: Paul Mackerras
When the ultravisor firmware is available, it takes control over the
LDBAR register. In this case, thread-imc updates and save/restore
operations on the LDBAR register are handled by ultravisor.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
Acked-by: Madhavan
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 14 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtable.c| 34
and move headers, build ucall.S
if CONFIG_PPC_POWERNV set, use R3 for the ucall number and add some
comments in the code ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 20 +++
arch
(and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[ Update the commit message ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertions(+)
diff
UV_RESTRICTED_SPR_READ ucall"
- "[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr"
- Squashed patches:
- "[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
- "[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[ Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
On 6/7/19 5:11 PM, Leonardo Bras wrote:
>
> On Thu, 2019-06-06 at 14:36 -0300, Claudio Carvalho wrote:
>> From: Anshuman Khandual
>>
>> CONFIG_PPC_UV adds support for ultravisor.
>>
>> Signed-off-by: Anshuman Khandual
>> Signed-off-by: Bharata B
On 6/7/19 1:48 AM, Madhavan Srinivasan wrote:
>
> On 06/06/19 11:06 PM, Claudio Carvalho wrote:
>> When the ultravisor firmware is available, it takes control over the
>> LDBAR register. In this case, thread-imc updates and save/restore
>> operations on the LD
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm
for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (2):
powerpc: Introduce FW_FEATURE_ULTRAVISOR
KVM: PPC: Ultravisor: Restrict LDBAR access
Michael
When the ultravisor firmware is available, it takes control over the
LDBAR register. In this case, thread-imc updates and save/restore
operations on the LDBAR register are handled by ultravisor.
Signed-off-by: Claudio Carvalho
Signed-off-by: Ram Pai
---
arch/powerpc/kvm/book3s_hv_rmhandlers.S
Mackerras
[Fix UV_RETURN token number and arch.secure_guest check]
Signed-off-by: Ram Pai
[Update commit message and ret_to_ultra comment]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/asm
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
table before doing that in UV's]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 14 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtable.c| 34
and move the headers, build
ucall.S if CONFIG_PPC_UV set, and add some comments in the code]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 20 +++
arch/powerpc/kernel/Makefile
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[Device node name to "ibm,ultravisor"]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
From: Anshuman Khandual
CONFIG_PPC_UV adds support for ultravisor.
Signed-off-by: Anshuman Khandual
Signed-off-by: Bharata B Rao
Signed-off-by: Ram Pai
[Update config help and commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/Kconfig | 20
1 file changed
(and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[Update the commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertions(+)
diff --git
On 5/21/19 2:24 AM, Madhavan Srinivasan wrote:
>
> On 18/05/19 7:55 PM, Claudio Carvalho wrote:
>> From: Ram Pai When the ultravisor firmware is
>> available, it takes control over the LDBAR register. In this case,
>> thread-imc updates and save/restore operatio
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm
From: Paul Mackerras
- Pass SRR1 in r11 for UV_RETURN because SRR0 and SRR1 get set by
the sc 2 instruction. (Note r3 - r10 potentially have hcall return
values in them.)
- Fix kvmppc_msr_interrupt to preserve the MSR_S bit.
Signed-off-by: Paul Mackerras
Signed-off-by: Claudio Carvalho
that
even a new CPU will enter UV when started (in response to a RTAS
start-cpu call).
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
[Fix UV_RETURN token number and arch.secure_guest check]
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
the commit
message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm/book3s_hv.c | 4 +-
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 2 +
arch/powerpc/perf/imc-pmu.c | 64
arch/powerpc/platforms/powernv/idle.c| 6 +-
arch
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
table before doing that in UV's]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 9 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtable.c| 34
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[Device node name to "ibm,ultravisor"]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
and move the headers, build
ucall.S if CONFIG_PPC_UV set, and add some comments in the code]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 25 ++
arch/powerpc/kernel/Makefile
(and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[Update the commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertions(+)
diff --git
From: Anshuman Khandual
CONFIG_PPC_UV adds support for ultravisor.
Signed-off-by: Anshuman Khandual
Signed-off-by: Bharata B Rao
Signed-off-by: Ram Pai
[Update config help and commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/Kconfig | 20
1 file changed
uot;[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (1):
powerpc: Introduce FW_FEATURE_ULTRAVIS
Hi Matthew,
Thanks for the feedback and sorry for the delay in responding.
On 4/10/19 2:36 PM, Matthew Garrett wrote:
> (Cc:ing Peter Jones)
>
> On Tue, Apr 9, 2019 at 3:55 PM Claudio Carvalho
> wrote:
>>
>> On 4/5/19 7:19 PM, Matthew Garrett wrote:
>>&
On 4/5/19 7:19 PM, Matthew Garrett wrote:
> On Fri, Apr 5, 2019 at 2:11 PM Claudio Carvalho
> wrote:
>>
>> On 4/3/19 7:27 PM, Matthew Garrett wrote:
>>> Not supporting dbx seems like a pretty significant shortcoming. How
>>> are signatures meant to be
On 4/3/19 7:27 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 4:31 PM Claudio Carvalho
> wrote:
>>
>> On 4/2/19 6:51 PM, Matthew Garrett wrote:
>>> So you implement the full PK/KEK/db/dbx/dbt infrastructure, and
>>> updates are signed in the sam
On 4/3/19 10:21 AM, Michael Ellerman wrote:
> Hi Claudio,
>
> Thanks for posting this.
>
> Claudio Carvalho writes:
>> This patch set is part of a series that implements secure boot on
>> PowerNV systems.
>>
>> In order to verify the OS kernel
On 4/2/19 6:51 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 2:11 PM Claudio Carvalho
> wrote:
>> We want to use the efivarfs for compatibility with existing userspace
>> tools. We will track and match any EFI changes that affect us.
> So you implement the f
On 4/2/19 4:36 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho
> wrote:
>> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR
>>introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can
>>be u
From: Nayna Jain
PowerNV secure boot relies on the kernel IMA security subsystem to
perform the OS kernel image signature verification. Since each secure
boot mode has different IMA policy requirements, dynamic definition of
the policy rules based on the runtime secure boot mode of the system is
From: Nayna Jain
PowerNV secure boot defines different IMA policies based on the secure
boot state of the system.
This patch defines a function to detect the secure boot state of the
system.
Signed-off-by: Nayna Jain
---
arch/powerpc/include/asm/secboot.h | 21 +
CONFIG_OPAL_SECVAR for enabling the OPAL
secure variables support in the kernel. Since CONFIG_OPAL_SECVAR selects
CONFIG_EFI, it also allow us to manage the OPAL secure variables from
userspace via efivarfs.
Signed-off-by: Claudio Carvalho
---
This patch depends on new OPAL calls that are being added
.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/early_ioremap.h | 41
1 file changed, 41 insertions(+)
create mode 100644 arch/powerpc/include/asm/early_ioremap.h
diff --git a/arch/powerpc/include/asm/early_ioremap.h
b/arch/powerpc/include/asm/early_ioremap.h
appreciated.
3. Define IMA arch-specific policies based on the secure boot state and
mode of the system. On secure boot enabled powernv systems, the host OS
kernel signature will be verified by IMA appraisal.
Claudio Carvalho (2):
powerpc/include: Override unneeded early ioremap functions
urning non-void [-Werror=return-type]
This patch fixes the issue by returning zero as suggested by the author
of the commit.
Fixes: 75d9fc7fd94e ("powerpc/powernv: move OPAL call wrapper tracing and
interrupt handling to C")
Signed-off-by: Claudio Carvalho
CC: Nicholas Piggin
---
ar
83 matches
Mail list logo