Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1811542ybh;
        Fri, 17 Jul 2020 01:36:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy8uATdw/2Yb29pF5WTPsUv7M9VUZlBUEoBfUB8Tdw8nur2Z/G2BPWM0s4X5LPhWeAcyAVt
X-Received: by 2002:a17:906:1394:: with SMTP id f20mr7777208ejc.114.1594974966141;
        Fri, 17 Jul 2020 01:36:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594974966; cv=none;
        d=google.com; s=arc-20160816;
        b=smolkd50ViFQOFXF0NPXe4xuDUMP+hWurTNj5A6UYaeJ/trUzyIfFGx18y6uJWZ14z
         WAnV8aEMc9oq5DX4vD1zh3QlznAalnW6eyWH0yjBd07p/g2Pb5HEbTGKjHSBgb05/J6r
         tCyvftDEHPHnubd2ZVozEb5oOy5Qpbt7nYcNPRU3Yky2+eSQ2ggfyFNEoYJjL2gV0Ltp
         fELwaSBImCpwcs/PARWO64j2/3WlRi21bU7H+mxgLW2ZBJ74+KXsXcfsFW0k7XdzXykY
         ABXE5+tVcEIrb5JKlNjFk8rvfNTpkt+W+KJJwpId3eI9vxoP2LrPbQ+0U6Zeq6XHTc+l
         tcRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=OgbvO7eEfRr8FITtom8QdOfFpMcqnb6u6TCnsMlIHKo=;
        b=Hi9JDmmXmflopntRhD9Dup1v+K4V7Qge/F6+TzRTAddOFK29VYUEtR/XNUfEUwvEW8
         N77g9RkVFMSomAaVnKlNQoBYZfanHiiFJytnmbGAg3EtBMbh8EaQ5sA5Iu60cw4Tjqls
         vwqZ5zWW5b7iP17l/4qf1uk7xZigxu0ZVjdwdeYEnxhVHxUW459vVs+AukEc3/zX+SlU
         qpUk6Ww0L5nT0TnmXVdsV5ZPCRiJ+fspIXTJ1Q3UFjkn6vjwHXjJzmT0J9xdPvcrM4Tq
         vjzL93qmm4AsskfZ34PTfP7H2PeGfF/lpk2e9WeDZKrFpfw7RUuONZGzoGnx5j4hxlgl
         Y5LA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u17si4879658edd.139.2020.07.17.01.35.42;
        Fri, 17 Jul 2020 01:36:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727001AbgGQIfZ (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Fri, 17 Jul 2020 04:35:25 -0400
Received: from mx2.suse.de ([195.135.220.15]:39390 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726968AbgGQIfX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Jul 2020 04:35:23 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id DF2D5B636;
        Fri, 17 Jul 2020 08:35:26 +0000 (UTC)
Date:   Fri, 17 Jul 2020 10:35:21 +0200
From:   Michal =?iso-8859-1?Q?Such=E1nek?= <msuchanek@suse.de>
To:     Daniel Axtens <dja@axtens.net>
Cc:     Nayna Jain <nayna@linux.ibm.com>, linuxppc-dev@ozlabs.org,
        linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH v3] powerpc/pseries: detect secure and trusted boot state
 of the system.
Message-ID: <20200717083521.GK32107@kitsune.suse.cz>
References: <1594813921-12425-1-git-send-email-nayna@linux.ibm.com>
 <20200716081337.GB32107@kitsune.suse.cz>
 <87pn8uu1hy.fsf@dja-thinkpad.axtens.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87pn8uu1hy.fsf@dja-thinkpad.axtens.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jul 17, 2020 at 03:58:01PM +1000, Daniel Axtens wrote:
> Michal Such?nek <msuchanek@suse.de> writes:
> 
> > On Wed, Jul 15, 2020 at 07:52:01AM -0400, Nayna Jain wrote:
> >> The device-tree property to check secure and trusted boot state is
> >> different for guests(pseries) compared to baremetal(powernv).
> >> 
> >> This patch updates the existing is_ppc_secureboot_enabled() and
> >> is_ppc_trustedboot_enabled() functions to add support for pseries.
> >> 
> >> The secureboot and trustedboot state are exposed via device-tree property:
> >> /proc/device-tree/ibm,secure-boot and /proc/device-tree/ibm,trusted-boot
> >> 
> >> The values of ibm,secure-boot under pseries are interpreted as:
> >                                       ^^^
> >> 
> >> 0 - Disabled
> >> 1 - Enabled in Log-only mode. This patch interprets this value as
> >> disabled, since audit mode is currently not supported for Linux.
> >> 2 - Enabled and enforced.
> >> 3-9 - Enabled and enforcing; requirements are at the discretion of the
> >> operating system.
> >> 
> >> The values of ibm,trusted-boot under pseries are interpreted as:
> >                                        ^^^
> > These two should be different I suppose?
> 
> I'm not quite sure what you mean? They'll be documented in a future
> revision of the PAPR, once I get my act together and submit the
> relevant internal paperwork.

Nevermind, one talks about secure boot, the other about trusted boot.

Thanks

Michal