[PATCH v10a 3/9] powerpc: detect the trusted boot state of the system
Michael Ellerman
patch-notifications at ellerman.id.au
Thu Nov 14 20:08:24 AEDT 2019
On Tue, 2019-11-05 at 23:02:07 UTC, Eric Richter wrote:
> From: Nayna Jain <nayna at linux.ibm.com>
>
> While secure boot permits only properly verified signed kernels to be
> booted, trusted boot calculates the file hash of the kernel image and
> stores the measurement prior to boot, that can be subsequently compared
> against good known values via attestation services.
>
> This patch reads the trusted boot state of a PowerNV system. The state
> is used to conditionally enable additional measurement rules in the IMA
> arch-specific policies.
>
> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
> Signed-off-by: Eric Richter <erichte at linux.ibm.com>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/2702809a4a1ab414d75c00936cda70ea77c8234e
cheers
More information about the Linuxppc-dev
mailing list