git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Mon, 11 Nov 2019 03:10:33 +0000 (21:10 -0600)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 13:33:22 +0000 (00:33 +1100)
commit	9f9dffa76e9ee1b09a865c10a8ca9058859503cf
tree	294435e811fa6529203d26b553e4c50fd12dc41a	tree \| snapshot
parent	2ba0d76f0e1a6924266547967df48be5b63eb8a1	commit \| diff

powerpc/powernv: Add OPAL API interface to access secure variable

The X.509 certificates trusted by the platform and required to secure
boot the OS kernel are wrapped in secure variables, which are
controlled by OPAL.

This patch adds firmware/kernel interface to read and write OPAL
secure variables based on the unique key.

This support can be enabled using CONFIG_OPAL_SECVAR.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Make secvar_ops __ro_after_init, only build opal-secvar.c if PPC_SECURE_BOOT=y]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1573441836-3632-2-git-send-email-nayna@linux.ibm.com

arch/powerpc/include/asm/opal-api.h		diff \| blob \| history
arch/powerpc/include/asm/opal.h		diff \| blob \| history
arch/powerpc/include/asm/secvar.h	[new file with mode: 0644]	blob
arch/powerpc/kernel/Makefile		diff \| blob \| history
arch/powerpc/kernel/secvar-ops.c	[new file with mode: 0644]	blob
arch/powerpc/platforms/powernv/Makefile		diff \| blob \| history
arch/powerpc/platforms/powernv/opal-call.c		diff \| blob \| history
arch/powerpc/platforms/powernv/opal-secvar.c	[new file with mode: 0644]	blob
arch/powerpc/platforms/powernv/opal.c		diff \| blob \| history