RFC: Inclusion of Secure Boot Key Manager
Stewart Smith
stewart at linux.vnet.ibm.com
Fri Jan 13 09:37:03 AEDT 2017
Eric Richter <erichte at linux.vnet.ibm.com> writes:
> The second option requires a bit of abstraction between potential secure
> boot key mechanisms. POWER and x86 both have a similar key hierarchy, so
> the Petitboot front-end would be identical, but the method for how the
> keys are manipulated under the hood would need to be implemented per
> platform (x86 using efivars or similar, POWER via pnor).
There's no reason we couldn't write a file system that looks like
efivars but does whatever it is we need under the hood.
I've been thinking for a little while that a dummy "opalfs" that gives a
nice file based interface to various things that are relevant may be
better than our current way of direct pnor access/misc sysfs files/ipmi/etc.
--
Stewart Smith
OPAL Architect, IBM.
More information about the Petitboot
mailing list