[PATCH v5 25/25] integrity/powerpc: Support loading keys from PLPKS
Stefan Berger
stefanb at linux.ibm.com
Wed Feb 1 04:17:11 AEDT 2023
On 1/31/23 01:39, Andrew Donnellan wrote:
> From: Russell Currey <ruscur at russell.cc>
>
> Add support for loading keys from the PLPKS on pseries machines, with the
> "ibm,plpks-sb-v1" format.
>
> The object format is expected to be the same, so there shouldn't be any
> functional differences between objects retrieved on powernv or pseries.
>
> Unlike on powernv, on pseries the format string isn't contained in the
> device tree. Use secvar_ops->format() to fetch the format string in a
> generic manner, rather than searching the device tree ourselves.
>
> (The current code searches the device tree for a node compatible with
> "ibm,edk2-compat-v1". This patch switches to calling secvar_ops->format(),
> which in the case of OPAL/powernv means opal_secvar_format(), which
> searches the device tree for a node compatible with "ibm,secvar-backend"
> and checks its "format" property. These are equivalent, as skiboot creates
> a node with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as
> compatible strings.)
>
> Signed-off-by: Russell Currey <ruscur at russell.cc>
> Signed-off-by: Andrew Donnellan <ajd at linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
More information about the Linuxppc-dev
mailing list