Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp534912ybm; Mon, 20 May 2019 22:16:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqxlg7xyLgll5yZepWuqOBY1OZWlrEy7c1I+q9iW+AVVkbxHbfWWZotoN+bKR7tWKbP5Ooxf X-Received: by 2002:a63:7552:: with SMTP id f18mr76981596pgn.234.1558415798836; Mon, 20 May 2019 22:16:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558415798; cv=none; d=google.com; s=arc-20160816; b=fN4AgUSAF9nd95xMfr7ynSyg8sEONztIMuD2tfcpC2XKDAu0YNBmRBSm/GRMFlS+3V MwCUZMW0r7Xb3QCuqAFwq6c982hMN+iUkvsdCttQL19N2N5Mgr9SFL5KVIlELwQW1prL meT5mBrUlhBbJH+UKC/WhF/NgfGz73/mp/jhCaWUDuk4Us93nI+zYjVAOe7Zp8PI4GiV M1leh/xnZAdUkJYHPhCmzAG2hB54OoNIn2dCDDt7TXcXgErvM1WGCueLE85ZZoA4eWCU hO8aPm2763rc/jg/Fh6kRpKlpI2BIReo8j8gLYDIjLitDqAZl4vWM0uPqZJw+6FRHPc0 SpJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ORe09wiRd8UjvvCUYBZwN1ebqKMSFwoyz89aM29XKUg=; b=PzK4BH42+17yEHLkgrNLnhABCJvMEO+YUg9GZ/wM0XGftsztkTXg+O35FwVXDHnl0h 7jj6eIhFNPsZg9g6FhfVfCrNHKbejSU1hl3y57e3Nkn6bxtYedGUfsaHoeizYBVmqNTh udEcJnD+z1ECSpOOeCswQD5q9ejFEXLTRB2i/eEU5PZHzsToujX6N0l56qEcpPbv13+t 955bsk7MxHU+3Jh7lKlxk622H9ZSNqxwYSQmOoTenIdn2+iJIGEBkDiCdr/IiOInEqZ3 sEXe/g9o7WgbfkGmNL2nGHKtC+q/G9l42l6DfoOK+Q8t+U0Fg0uTf3YJ1dFxaQ/w/I4/ dB+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n10si4846310plk.257.2019.05.20.22.16.23; Mon, 20 May 2019 22:16:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727811AbfEUFNu (ORCPT + 99 others); Tue, 21 May 2019 01:13:50 -0400 Received: from verein.lst.de ([213.95.11.211]:57331 "EHLO newverein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725798AbfEUFNu (ORCPT ); Tue, 21 May 2019 01:13:50 -0400 Received: by newverein.lst.de (Postfix, from userid 2407) id 8255E68B05; Tue, 21 May 2019 07:13:26 +0200 (CEST) Date: Tue, 21 May 2019 07:13:26 +0200 From: Christoph Hellwig To: Thiago Jung Bauermann Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Alexey Kardashevskiy , Anshuman Khandual , Benjamin Herrenschmidt , Christoph Hellwig , Michael Ellerman , Mike Anderson , Paul Mackerras , Ram Pai , Claudio Carvalho Subject: Re: [RFC PATCH 02/12] powerpc: Add support for adding an ESM blob to the zImage wrapper Message-ID: <20190521051326.GC29120@lst.de> References: <20190521044912.1375-1-bauerman@linux.ibm.com> <20190521044912.1375-3-bauerman@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190521044912.1375-3-bauerman@linux.ibm.com> User-Agent: Mutt/1.5.17 (2007-11-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 21, 2019 at 01:49:02AM -0300, Thiago Jung Bauermann wrote: > From: Benjamin Herrenschmidt > > For secure VMs, the signing tool will create a ticket called the "ESM blob" > for the Enter Secure Mode ultravisor call with the signatures of the kernel > and initrd among other things. > > This adds support to the wrapper script for adding that blob via the "-e" > option to the zImage.pseries. > > It also adds code to the zImage wrapper itself to retrieve and if necessary > relocate the blob, and pass its address to Linux via the device-tree, to be > later consumed by prom_init. Where does the "BLOB" come from? How is it licensed and how can we satisfy the GPL with it?