Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree

qemu-ppc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree

From:	Daniel Axtens
Subject:	Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree
Date:	Wed, 12 May 2021 13:47:09 +1000

> So.. what's the point?  AFAIK we have no secure boot support in SLOF,
> so what would advertising it in the device tree accomplish?

Linux reads the property and enters secure boot mode:
commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of 
the system.")

grub patches to read the property and enter lockdown are on the list:
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00359.html
(patch 19)

I have very basic SLOF support:
>>  - github.com/daxtens/SLOF branch ibm,secure-boot (not production ready!)

The property is extremely useful in developing and testing secure boot
support all the way up the stack.

Kind regards,
Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] ppc/spapr: advertise secure boot in the guest device tree, Daniel Axtens, 2021/05/10
- Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree, David Gibson, 2021/05/11
  - Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree, Daniel Axtens <=

Prev by Date: Re: [RFC PATCH 1/5] hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'
Next by Date: Re: [RFC PATCH 0/5] buildsys: Do not use internal fdt library when asked for the system one
Previous by thread: Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree
Next by thread: [PATCH v2 0/4] hw/isa: Remove unuseful qemu_allocate_irqs() call
Index(es):
- Date
- Thread