[Skiboot] [PATCH v3 0/3] Secvar adjustments and fixes
Eric Richter
erichte at linux.ibm.com
Fri Nov 5 04:03:03 AEDT 2021
Minor revision to the v2 set:
- Dropped the self-signed PK requirement patch
- Dropped the refactors that were required for the above
- Removed the test case in patch 2 rather than comment it out
Original descriptions of the patches:
Patch 1 and 2 are the same as the set I sent earlier. Patch 1 addresses
the bug where the active bank bit was not being flipped on when
formatting the PNOR space. Patch 2 cleans up some uglier failure
conditions when PNOR space has been cleared or tampered with.
Patch 3 moves the timestamp (TS) variable into TPM NV space, as it
should not be cleared whenever PNOR space is wiped. This is a problem
with the current codebase as well, but Patch 2's relaxed PNOR wiping
makes the problem more obvious.
Eric Richter (3):
secvar/secboot_tpm: correctly reset the control index on secboot
format
secvar/secboot_tpm: unify behavior for bank hash check and secboot
header check
secvar/edk2: store timestamp variable in protected storage
libstb/secvar/backend/edk2-compat-process.c | 4 +-
libstb/secvar/backend/edk2-compat.c | 1 +
libstb/secvar/storage/secboot_tpm.c | 41 +++++++++++++++++---
libstb/secvar/test/secvar-test-secboot-tpm.c | 15 -------
4 files changed, 40 insertions(+), 21 deletions(-)
--
2.29.2
More information about the Skiboot
mailing list