git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Mon, 11 Nov 2019 03:10:33 +0000 (21:10 -0600)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 13:33:22 +0000 (00:33 +1100)
commit	f442d0b4a5d1d9b2ad3b1cbcf6259a9aceea84a8
tree	294435e811fa6529203d26b553e4c50fd12dc41a	tree \| snapshot
parent	5dc0c5ba25a742b06348eaad37bab2c2f250b918	commit \| diff

powerpc/powernv: Add OPAL API interface to access secure variable

The X.509 certificates trusted by the platform and required to secure
boot the OS kernel are wrapped in secure variables, which are
controlled by OPAL.

This patch adds firmware/kernel interface to read and write OPAL
secure variables based on the unique key.

This support can be enabled using CONFIG_OPAL_SECVAR.

Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Make secvar_ops __ro_after_init, only build opal-secvar.c if PPC_SECURE_BOOT=y]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1573441836-3632-2-git-send-email-nayna@linux.ibm.com

arch/powerpc/include/asm/opal-api.h		diff \| blob \| history
arch/powerpc/include/asm/opal.h		diff \| blob \| history
arch/powerpc/include/asm/secvar.h	[new file with mode: 0644]	blob
arch/powerpc/kernel/Makefile		diff \| blob \| history
arch/powerpc/kernel/secvar-ops.c	[new file with mode: 0644]	blob
arch/powerpc/platforms/powernv/Makefile		diff \| blob \| history
arch/powerpc/platforms/powernv/opal-call.c		diff \| blob \| history
arch/powerpc/platforms/powernv/opal-secvar.c	[new file with mode: 0644]	blob
arch/powerpc/platforms/powernv/opal.c		diff \| blob \| history