representation. The data and size can be determined by reading
their respective attribute files.
+ Only secvars relevant to the key management mode are exposed.
+ Only in the dynamic key management mode should the user have
+ access (read and write) to the secure boot secvars db, dbx,
+ grubdb, grubdbx, and sbat. These secvars are not consumed in the
+ static key management mode. PK, trustedcadb and moduledb are the
+ secvars common to both static and dynamic key management modes.
+
What: /sys/firmware/secvar/vars/<variable_name>/size
Date: August 2019
Contact: Nayna Jain <nayna@linux.ibm.com>
return PLPKS_SIGNEDUPDATE;
}
-static const char * const plpks_var_names[] = {
+static const char * const plpks_var_names_static[] = {
+ "PK",
+ "moduledb",
+ "trustedcadb",
+ NULL,
+};
+
+static const char * const plpks_var_names_dynamic[] = {
"PK",
"KEK",
"db",
return 0;
}
+static const struct secvar_operations plpks_secvar_ops_static = {
+ .get = plpks_get_variable,
+ .set = plpks_set_variable,
+ .format = plpks_secvar_format,
+ .max_size = plpks_max_size,
+ .config_attrs = config_attrs,
+ .var_names = plpks_var_names_static,
+};
-static const struct secvar_operations plpks_secvar_ops = {
+static const struct secvar_operations plpks_secvar_ops_dynamic = {
.get = plpks_get_variable,
.set = plpks_set_variable,
.format = plpks_secvar_format,
.max_size = plpks_max_size,
.config_attrs = config_attrs,
- .var_names = plpks_var_names,
+ .var_names = plpks_var_names_dynamic,
};
static int plpks_secvar_init(void)
{
+ u8 mode;
+
if (!plpks_is_available())
return -ENODEV;
- return set_secvar_ops(&plpks_secvar_ops);
+ mode = plpks_get_sb_keymgmt_mode();
+ if (mode)
+ return set_secvar_ops(&plpks_secvar_ops_dynamic);
+ return set_secvar_ops(&plpks_secvar_ops_static);
}
machine_device_initcall(pseries, plpks_secvar_init);
projects / thirdparty / linux.git / commitdiff
