[Skiboot] [PATCH v3 0/3] Secvar adjustments and fixes

Eric Richter erichte at linux.ibm.com
Fri Nov 5 04:03:03 AEDT 2021


Minor revision to the v2 set:
 - Dropped the self-signed PK requirement patch
 - Dropped the refactors that were required for the above
 - Removed the test case in patch 2 rather than comment it out

Original descriptions of the patches:

Patch 1 and 2 are the same as the set I sent earlier. Patch 1 addresses
the bug where the active bank bit was not being flipped on when
formatting the PNOR space. Patch 2 cleans up some uglier failure
conditions when PNOR space has been cleared or tampered with.

Patch 3 moves the timestamp (TS) variable into TPM NV space, as it
should not be cleared whenever PNOR space is wiped. This is a problem
with the current codebase as well, but Patch 2's relaxed PNOR wiping
makes the problem more obvious.


Eric Richter (3):
  secvar/secboot_tpm: correctly reset the control index on secboot
    format
  secvar/secboot_tpm: unify behavior for bank hash check and secboot
    header check
  secvar/edk2: store timestamp variable in protected storage

 libstb/secvar/backend/edk2-compat-process.c  |  4 +-
 libstb/secvar/backend/edk2-compat.c          |  1 +
 libstb/secvar/storage/secboot_tpm.c          | 41 +++++++++++++++++---
 libstb/secvar/test/secvar-test-secboot-tpm.c | 15 -------
 4 files changed, 40 insertions(+), 21 deletions(-)

-- 
2.29.2



More information about the Skiboot mailing list