powerpc/secvar: Expose secvars relevant to the key management mode
The PLPKS enabled PowerVM LPAR sysfs exposes all of the secure boot secvars irrespective of the key management mode. The PowerVM LPAR supports static and dynamic key management for secure boot. The key management option can be updated in the management console. The secvars PK, trustedcadb, and moduledb can be consumed both in the static and dynamic key management modes for the loading of signed third-party kernel modules. However, other secvars i.e. KEK, grubdb, grubdbx, sbat, db and dbx, which are used to verify the grub and kernel images, are consumed only in the dynamic key management mode. Expose only PK, trustedcadb, and moduledb in the static key management mode. Co-developed-by:Souradeep <soura@imap.linux.ibm.com> Signed-off-by:
Srish Srinivasan <ssrish@linux.ibm.com> Tested-by:
R Nageswara Sastry <rnsastry@linux.ibm.com> Reviewed-by:
Mimi Zohar <zohar@linux.ibm.com> Reviewed-by:
Stefan Berger <stefanb@linux.ibm.com> Reviewed-by:
Nayna Jain <nayna@linux.ibm.com> Reviewed-by:
Andrew Donnellan <ajd@linux.ibm.com> Signed-off-by:
Madhavan Srinivasan <maddy@linux.ibm.com> Link: https://patch.msgid.link/20250610211907.101384-3-ssrish@linux.ibm.com
Loading
Please sign in to comment