From: Michael Ellerman <mpe@ellerman.id.au>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
George Wilson <gcwilson@linux.ibm.com>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
Elaine Palmer <erpalmer@us.ibm.com>,
Eric Ricther <erichte@linux.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>
Subject: Re: [PATCH v9 0/4] powerpc: expose secure variables to the kernel and userspace
Date: Tue, 12 Nov 2019 12:21:00 +1100 [thread overview]
Message-ID: <87sgmt3n5v.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <216572e5-d8c6-f181-3ec0-b4a840f20f46@linux.microsoft.com>
Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:
> On 11/10/19 7:10 PM, Nayna Jain wrote:
>
> Hi Nayna,
>
>> In order to verify the OS kernel on PowerNV systems, secure boot requires
>> X.509 certificates trusted by the platform. These are stored in secure
>> variables controlled by OPAL, called OPAL secure variables. In order to
>> enable users to manage the keys, the secure variables need to be exposed
>> to userspace.
> Are you planning to split the patches in this patch set into smaller
> chunks so that it is easier to code review and also perhaps make it
> easier when merging the changes?
I don't think splitting them would add any value. They're already split
into the firmware specific bits (patch 1), and the sysfs parts (patch
2), which is sufficient for me.
cheers
prev parent reply other threads:[~2019-11-12 1:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-11 3:10 [PATCH v9 0/4] powerpc: expose secure variables to the kernel and userspace Nayna Jain
2019-11-11 3:10 ` [PATCH v9 1/4] powerpc/powernv: Add OPAL API interface to access secure variable Nayna Jain
2019-11-14 9:08 ` Michael Ellerman
2019-11-11 3:10 ` [PATCH v9 2/4] powerpc: expose secure variables to userspace via sysfs Nayna Jain
2019-11-11 3:10 ` [PATCH v9 3/4] x86/efi: move common keyring handler functions to new file Nayna Jain
2019-11-11 3:10 ` [PATCH v9 4/4] powerpc: load firmware trusted keys/hashes into kernel keyring Nayna Jain
2019-11-11 22:37 ` [PATCH v9 0/4] powerpc: expose secure variables to the kernel and userspace Lakshmi Ramasubramanian
2019-11-12 1:21 ` Michael Ellerman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sgmt3n5v.fsf@mpe.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=nayna@linux.ibm.com \
--cc=nramas@linux.microsoft.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).