Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1706908yba;
        Tue, 2 Apr 2019 14:14:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxdeyZ5H2MFqikRkutlOXRJpd2HMPZiumNN1Qkz9yc56m3/H3vJe0Tv/ZSPrrr5J7Y0oON4
X-Received: by 2002:a17:902:2a2a:: with SMTP id i39mr31668502plb.211.1554239688944;
        Tue, 02 Apr 2019 14:14:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554239688; cv=none;
        d=google.com; s=arc-20160816;
        b=zsE59fD/Kio4NBTydgQICDc7CkDH0PBJY5caRsgbisYdb5T5u/q+OT6K066mL/+b0w
         MhRo2975nIuMffn5bHuv7dAPQIBX3mOI9wzCblV9LL4sAaI/AXE1gduHmfAhqeJd4GzN
         jWOIh4k8rtl8CNA7ba3NCm/Xa13hIWv2EbFta7yKj0OzVT1ovNiLbmcArclqf0Q3P+A1
         gNvCI/04ojsk3OT6Hp7Ypusbwm6tA5WUYR2Es/DvUqxjoqtoL7ucdMTkfEBTPXL9z4IG
         LTkxVoEO5h3YKhKI2m72jQ81SWbkWrdxH9uwtYDVcITjSBFP99Ns+WeM2jgCOI8jQEZ1
         PG/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :from:references:cc:to:subject;
        bh=mayCaGdNok6YTTdrH6MXc09MzMD7TEh3N+eJmbUxWqY=;
        b=FDVJLQCnrSmFBca/Ls/VDtemUXhFEtOHEMVUXuETfjyszBc9I8B4qC8KLWrIXu5tM5
         ka8DVSC0LKaO9Qb+Fc0rIVALOJZ9+w6SxI5t6buuo7TotR8PvW7hH+ez+K3IWM2DeWEy
         DHtDTy4L9/yGUlAh/q4k5r0gFcPO+0fwPm7WVRtuiFWx/dA+/QHRai4QMjzPJ+BHf4l7
         jHpHa6U93dQp5C2n78FeT4kL6Qffg7aF8vc21tRd+I8Z2/RKPxROAXBbaqlhPIqTkBRQ
         zK+Drh1TIVtbVf3HJOD2Iz3jyr22Qfm2qiUQhCwnhwKHJ01Cj0uEst1gXvU8g9XzvcNG
         xvQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 19si10236144pgl.402.2019.04.02.14.14.32;
        Tue, 02 Apr 2019 14:14:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726682AbfDBVL5 (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Tue, 2 Apr 2019 17:11:57 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55164 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726637AbfDBVLz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Apr 2019 17:11:55 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x32L9LA2185317
        for <linux-kernel@vger.kernel.org>; Tue, 2 Apr 2019 17:11:54 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2rmeds322f-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Tue, 02 Apr 2019 17:11:53 -0400
Received: from localhost
        by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <cclaudio@linux.ibm.com>;
        Tue, 2 Apr 2019 22:11:53 +0100
Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15)
        by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Tue, 2 Apr 2019 22:11:49 +0100
Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236])
        by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x32LBmMW22741002
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Tue, 2 Apr 2019 21:11:48 GMT
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 2683BBE058;
        Tue,  2 Apr 2019 21:11:48 +0000 (GMT)
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id B240EBE051;
        Tue,  2 Apr 2019 21:11:45 +0000 (GMT)
Received: from [9.18.235.111] (unknown [9.18.235.111])
        by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP;
        Tue,  2 Apr 2019 21:11:45 +0000 (GMT)
Subject: Re: [PATCH 0/4] Enabling secure boot on PowerNV systems
To:     Matthew Garrett <mjg59@google.com>
Cc:     linuxppc-dev@ozlabs.org, linux-efi <linux-efi@vger.kernel.org>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Paul Mackerras <paulus@samba.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Jeremy Kerr <jk@ozlabs.org>,
        Matthew Garret <matthew.garret@nebula.com>,
        Nayna Jain <nayna@linux.ibm.com>
References: <20190402181505.25037-1-cclaudio@linux.ibm.com>
 <CACdnJuumhkqTb4+1=QBiLmbW4xd3wW=MZu6Tj_KdaoTMhCN+Tg@mail.gmail.com>
From:   Claudio Carvalho <cclaudio@linux.ibm.com>
Date:   Tue, 2 Apr 2019 18:11:44 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.0
MIME-Version: 1.0
In-Reply-To: <CACdnJuumhkqTb4+1=QBiLmbW4xd3wW=MZu6Tj_KdaoTMhCN+Tg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-TM-AS-GCONF: 00
x-cbid: 19040221-0012-0000-0000-0000172198AF
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00010863; HX=3.00000242; KW=3.00000007;
 PH=3.00000004; SC=3.00000284; SDB=6.01183418; UDB=6.00619558; IPR=6.00964167;
 MB=3.00026265; MTD=3.00000008; XFM=3.00000015; UTC=2019-04-02 21:11:52
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 19040221-0013-0000-0000-000056BAB681
Message-Id: <4ce5e057-0702-b0d5-7bb2-cea5b22e2efa@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-02_09:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1904020141
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 4/2/19 4:36 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho <cclaudio@linux.ibm.com> wrote:
>> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR
>>    introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can
>>    be used to manage the secure variables.
> efivarfs has some pretty significant behavioural semantics that
> directly reflect the EFI specification. Using it to expose non-EFI
> variable data feels like it's going to increase fragility - there's a
> risk that we'll change things in a way that makes sense for the EFI
> spec but breaks your use case. Is the desire to use efivarfs to
> maintain consistency with existing userland tooling, or just to avoid
> having a separate filesystem?
>
We want to use the efivarfs for compatibility with existing userspace
tools. We will track and match any EFI changes that affect us.

Our use case is restricted to secure boot - this is not going to be a
general purpose EFI variable implementation.

Claudio