Commit bde5b1a1 authored by Srish Srinivasan's avatar Srish Srinivasan Committed by Madhavan Srinivasan
Browse files

integrity/platform_certs: Allow loading of keys in the static key management mode 



On PLPKS enabled PowerVM LPAR, there is no provision to load signed
third-party kernel modules when the key management mode is static. This
is because keys from secure boot secvars are only loaded when the key
management mode is dynamic.

Allow loading of the trustedcadb and moduledb keys even in the static
key management mode, where the secvar format string takes the form
"ibm,plpks-sb-v0".

Signed-off-by: default avatarSrish Srinivasan <ssrish@linux.ibm.com>
Tested-by: default avatarR Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Reviewed-by: default avatarNayna Jain <nayna@linux.ibm.com>
Reviewed-by: default avatarAndrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: default avatarMadhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/20250610211907.101384-4-ssrish@linux.ibm.com
parent c1d96cd9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment