[PATCH v5 20/25] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option
Stefan Berger
stefanb at linux.ibm.com
Wed Feb 1 03:40:56 AEDT 2023
On 1/31/23 01:39, Andrew Donnellan wrote:
> It seems a bit unnecessary for the PLPKS code to have a user-visible
> config option when it doesn't do anything on its own, and there's existing
> options for enabling Secure Boot-related features.
>
> It should be enabled by PPC_SECURE_BOOT, which will eventually be what
> uses PLPKS to populate keyrings.
>
> However, we can't get of the separate option completely, because it will
> also be used for SED Opal purposes.
>
> Change PSERIES_PLPKS into a hidden option, which is selected by
> PPC_SECURE_BOOT.
>
> Signed-off-by: Andrew Donnellan <ajd at linux.ibm.com>
> Signed-off-by: Russell Currey <ruscur at russell.cc>
Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
>
> ---
>
> v3: New patch
>
> v5: Change the previous description into a comment (npiggin)
> ---
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/platforms/pseries/Kconfig | 19 +++++++++----------
> 2 files changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index b8c4ac56bddc..d4ed46101bec 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -1029,6 +1029,7 @@ config PPC_SECURE_BOOT
> depends on PPC_POWERNV || PPC_PSERIES
> depends on IMA_ARCH_POLICY
> imply IMA_SECURE_AND_OR_TRUSTED_BOOT
> + select PSERIES_PLPKS if PPC_PSERIES
> help
> Systems with firmware secure boot enabled need to define security
> policies to extend secure boot to the OS. This config allows a user
> diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
> index a3b4d99567cb..e51d65969318 100644
> --- a/arch/powerpc/platforms/pseries/Kconfig
> +++ b/arch/powerpc/platforms/pseries/Kconfig
> @@ -151,16 +151,15 @@ config IBMEBUS
>
> config PSERIES_PLPKS
> depends on PPC_PSERIES
> - bool "Support for the Platform Key Storage"
> - help
> - PowerVM provides an isolated Platform Keystore(PKS) storage
> - allocation for each LPAR with individually managed access
> - controls to store sensitive information securely. It can be
> - used to store asymmetric public keys or secrets as required
> - by different usecases. Select this config to enable
> - operating system interface to hypervisor to access this space.
> -
> - If unsure, select N.
> + bool
> + # PowerVM provides an isolated Platform Keystore (PKS) storage
> + # allocation for each LPAR with individually managed access
> + # controls to store sensitive information securely. It can be
> + # used to store asymmetric public keys or secrets as required
> + # by different usecases.
> + #
> + # This option is selected by in-kernel consumers that require
> + # access to the PKS.
>
> config PAPR_SCM
> depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM
More information about the Linuxppc-dev
mailing list