Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6778175ybx; Mon, 11 Nov 2019 14:41:18 -0800 (PST) X-Google-Smtp-Source: APXvYqxz7XOorxjAT3zTE8wcu4b2K/32Bk+9hiaZa+3KdGcK3dAepdUt9YTxMRTVE+B8vfc11pZD X-Received: by 2002:a17:906:7399:: with SMTP id f25mr25689957ejl.176.1573512078066; Mon, 11 Nov 2019 14:41:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573512078; cv=none; d=google.com; s=arc-20160816; b=b5ZdvoRI5qA4GVNXk/kfOlN2xX2YqAyGOu8Adq1Dng5j+9S8XgknL2eG1d4f41bTA/ KFG3iCOVm3orYDrpeOD5y1XHWgHhpFEQV5u8HVwr4pz7nzJsWh2R5VcXHWBAvTb808Z9 dcteygrFE6KNlsawoSrf1cdvJzFdpa8VcP5wxzW9OzqcgB64YN9TYElnHZ/HhhAX+DeR El1Muh6SECxGmxPYBR3xVaORU5BXuuQhj7ipXJt3NkDkUvmxESPAYDJeq9vpC4BfVF2V KCRcAdg/sg9VzWPZPMqeiGsl9yKXGVv+vRZbFl5AREjkIqBrr0dOX79An0iBLK7YK2KH HhAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=JAJ429uDrlDNbZDkeSdCYcoCvf5POqtncvJncujgjRA=; b=F0FW3araeSQrg+XgUMAfl8PCvZ0ovsW8IkVcjPXmv1zLClnd8NsBYBXpIIGDxvrTwy 2J/On6HeKJFXq8RQ2kgiOjo2Jh8vB39oepMgb2xn0jKlL9fTS8ALe21j9ws/meeuoY2/ ZvtoUbcEpen3lb4Fv6ZCweOPAfhsDt+oTEzmbc0rpwR5nL195Tt99bU/rvJhRZQsm4Jj 9RwwnjcCa8iI74WER1xjr8oCxx/TfIXZ0tkHsyYtdIv5YxNCpUuosD0ja549Hha7YWQ9 ukW8oakQ/xOyD8mhRML+cwMFLw8edWLG25AWC8gVF50/eDRe54tGBTOo81WPBHoKV0Hl KisQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=pEqqdmWe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u17si11866326edd.276.2019.11.11.14.40.53; Mon, 11 Nov 2019 14:41:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=pEqqdmWe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727642AbfKKWhm (ORCPT + 99 others); Mon, 11 Nov 2019 17:37:42 -0500 Received: from linux.microsoft.com ([13.77.154.182]:53084 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726912AbfKKWhl (ORCPT ); Mon, 11 Nov 2019 17:37:41 -0500 Received: from [10.137.112.108] (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 6858120B7192; Mon, 11 Nov 2019 14:37:40 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6858120B7192 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573511860; bh=JAJ429uDrlDNbZDkeSdCYcoCvf5POqtncvJncujgjRA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=pEqqdmWeWwca6el82Y7BDyoW0kZAMB8in5gjKJPT2x1CG6HOBn/9RiHD4x8RTtit9 K/rXdmeJTfLfnjR4hDXzrEYWmSGGTUNOl5XZrT/ui95vcOrJQDlI/H1v2sQp5mjse3 rjQ+HO3OErxJ3Tonv+3R/6GUHlKCF/fQZPMQopUA= Subject: Re: [PATCH v9 0/4] powerpc: expose secure variables to the kernel and userspace To: Nayna Jain , linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Mimi Zohar , Greg Kroah-Hartman , George Wilson , Claudio Carvalho , Elaine Palmer , Eric Ricther , Oliver O'Halloran References: <1573441836-3632-1-git-send-email-nayna@linux.ibm.com> From: Lakshmi Ramasubramanian Message-ID: <216572e5-d8c6-f181-3ec0-b4a840f20f46@linux.microsoft.com> Date: Mon, 11 Nov 2019 14:37:40 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <1573441836-3632-1-git-send-email-nayna@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/10/19 7:10 PM, Nayna Jain wrote: Hi Nayna, > In order to verify the OS kernel on PowerNV systems, secure boot requires > X.509 certificates trusted by the platform. These are stored in secure > variables controlled by OPAL, called OPAL secure variables. In order to > enable users to manage the keys, the secure variables need to be exposed > to userspace. Are you planning to split the patches in this patch set into smaller chunks so that it is easier to code review and also perhaps make it easier when merging the changes? Just a suggestion - but if, folks familiar with this code base don't have any objections, please feel free to ignore my comment. Patch #1 1, opal-api.h which adds the #defines OPAL_SECVAR_ and the API signature. 2, secvar.h then adds secvar_operations struct 3, powerpc/kernel for the Interface definitions 4, powernv/opal-secvar.c for the API implementations 5, powernv/opal-call.c for the API calls 6, powernv/opal.c for the secvar init calls. Patch #2 1, Definitions of attribute functions like backend_show, size_show, etc. 2, secvar_sysfs_load 3, secvar_sysfs_init 4, secvar_sysfs_exit thanks, -lakshmi