linux/security/integrity/platform_certs
Russell Currey 4b3e71e9a3 integrity/powerpc: Support loading keys from PLPKS
Add support for loading keys from the PLPKS on pseries machines, with the
"ibm,plpks-sb-v1" format.

The object format is expected to be the same, so there shouldn't be any
functional differences between objects retrieved on powernv or pseries.

Unlike on powernv, on pseries the format string isn't contained in the
device tree. Use secvar_ops->format() to fetch the format string in a
generic manner, rather than searching the device tree ourselves.

(The current code searches the device tree for a node compatible with
"ibm,edk2-compat-v1". This patch switches to calling secvar_ops->format(),
which in the case of OPAL/powernv means opal_secvar_format(), which
searches the device tree for a node compatible with "ibm,secvar-backend"
and checks its "format" property. These are equivalent, as skiboot creates
a node with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as
compatible strings.)

Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230210080401.345462-27-ajd@linux.ibm.com
2023-02-13 22:34:44 +11:00
..
efi_parser.c efi: Don't use knowledge about efi_guid_t internals 2021-08-27 16:01:27 +02:00
keyring_handler.c integrity-v5.19 2022-05-24 13:50:39 -07:00
keyring_handler.h efi: Do not import certificates from UEFI Secure Boot for T2 Macs 2022-05-15 08:22:04 -04:00
load_ipl_s390.c s390/ipl: read IPL report at early boot 2019-04-26 12:34:05 +02:00
load_powerpc.c integrity/powerpc: Support loading keys from PLPKS 2023-02-13 22:34:44 +11:00
load_uefi.c efi: Add iMac Pro 2017 to uefi skip cert quirk 2022-11-01 14:12:28 -04:00
machine_keyring.c integrity: Only use machine keyring when uefi_check_trust_mok_keys is true 2022-03-08 13:55:52 +02:00
platform_keyring.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00