From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Eric Richter <erichte@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
George Wilson <gcwilson@linux.ibm.com>,
Elaine Palmer <erpalmer@us.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>,
Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH v6 2/4] powerpc: expose secure variables to userspace via sysfs
Date: Tue, 5 Nov 2019 19:22:19 -0800 [thread overview]
Message-ID: <79a6a7de-360c-c5c9-04e9-807952098ae5@linux.microsoft.com> (raw)
In-Reply-To: <20191105082450.14746-3-erichte@linux.ibm.com>
On 11/5/2019 12:24 AM, Eric Richter wrote:
> From: Nayna Jain <nayna@linux.ibm.com>
>
> PowerNV secure variables, which store the keys used for OS kernel
> verification, are managed by the firmware. These secure variables need to
> be accessed by the userspace for addition/deletion of the certificates.
>
> This patch adds the sysfs interface to expose secure variables for PowerNV
> secureboot. The users shall use this interface for manipulating
> the keys stored in the secure variables.
Can this patch be split into smaller set of changes:
1, Definitions of attribute functions like backend_show, size_show, etc.
2, secvar_sysfs_load
3, secvar_sysfs_init
4, secvar_sysfs_exit
> +static int secvar_sysfs_load(void)
> +{
> + char *name;
> + uint64_t namesize = 0;
> + struct kobject *kobj;
> + int rc;
> +
> + name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL);
> + if (!name)
> + return -ENOMEM;
> +
> + do {
> + rc = secvar_ops->get_next(name, &namesize, NAME_MAX_SIZE);
> + if (rc) {
> + if (rc != -ENOENT)
> + pr_err("error getting secvar from firmware %d\n",
> + rc);
> + break;
> + }
> +
> + kobj = kzalloc(sizeof(*kobj), GFP_KERNEL);
> + if (!kobj) {
> + rc = -ENOMEM;
> + break;
> + }
> +
> + kobject_init(kobj, &secvar_ktype);
> +
> + rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name);
> + if (rc) {
> + pr_warn("kobject_add error %d for attribute: %s\n", rc,
> + name);
> + kobject_put(kobj);
> + kobj = NULL;
> + }
> +
> + if (kobj)
> + kobject_uevent(kobj, KOBJ_ADD);
kobject_event() will add kobj and free the memory when done using the
object?
-lakshmi
next prev parent reply other threads:[~2019-11-06 3:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 8:24 [PATCH v6 0/4] powerpc: expose secure variables to the kernel and userspace Eric Richter
2019-11-05 8:24 ` [PATCH v6 1/4] powerpc/powernv: Add OPAL API interface to access secure variable Eric Richter
2019-11-06 3:07 ` Lakshmi Ramasubramanian
2019-11-05 8:24 ` [PATCH v6 2/4] powerpc: expose secure variables to userspace via sysfs Eric Richter
2019-11-06 3:22 ` Lakshmi Ramasubramanian [this message]
2019-11-05 8:24 ` [PATCH v6 3/4] x86/efi: move common keyring handler functions to new file Eric Richter
2019-11-05 8:24 ` [PATCH v6 4/4] powerpc: load firmware trusted keys/hashes into kernel keyring Eric Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=79a6a7de-360c-c5c9-04e9-807952098ae5@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).