mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
9155e2341a
The X.509 certificates trusted by the platform and required to secure boot the OS kernel are wrapped in secure variables, which are controlled by OPAL. This patch adds firmware/kernel interface to read and write OPAL secure variables based on the unique key. This support can be enabled using CONFIG_OPAL_SECVAR. Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Eric Richter <erichte@linux.ibm.com> [mpe: Make secvar_ops __ro_after_init, only build opal-secvar.c if PPC_SECURE_BOOT=y] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/1573441836-3632-2-git-send-email-nayna@linux.ibm.com
36 lines
765 B
C
36 lines
765 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2019 IBM Corporation
|
|
* Author: Nayna Jain
|
|
*
|
|
* PowerPC secure variable operations.
|
|
*/
|
|
#ifndef SECVAR_OPS_H
|
|
#define SECVAR_OPS_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/errno.h>
|
|
|
|
extern const struct secvar_operations *secvar_ops;
|
|
|
|
struct secvar_operations {
|
|
int (*get)(const char *key, uint64_t key_len, u8 *data,
|
|
uint64_t *data_size);
|
|
int (*get_next)(const char *key, uint64_t *key_len,
|
|
uint64_t keybufsize);
|
|
int (*set)(const char *key, uint64_t key_len, u8 *data,
|
|
uint64_t data_size);
|
|
};
|
|
|
|
#ifdef CONFIG_PPC_SECURE_BOOT
|
|
|
|
extern void set_secvar_ops(const struct secvar_operations *ops);
|
|
|
|
#else
|
|
|
|
static inline void set_secvar_ops(const struct secvar_operations *ops) { }
|
|
|
|
#endif
|
|
|
|
#endif
|