From: Rob Herring <robh@kernel.org>
To: Nayna Jain <nayna@linux.ibm.com>
Cc: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
linux-integrity@vger.kernel.org, devicetree@vger.kernel.org,
linux-kernel@vger.kernel.org,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
George Wilson <gcwilson@linux.ibm.com>,
Elaine Palmer <erpalmer@us.ibm.com>,
Eric Ricther <erichte@linux.ibm.com>,
Oliver O'Halloran <oohall@gmail.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v6 1/9] dt-bindings: ibm,secureboot: secure boot specific properties for PowerNV
Date: Tue, 1 Oct 2019 08:33:30 -0500 [thread overview]
Message-ID: <20191001133330.GA29810@bogus> (raw)
In-Reply-To: <1569594360-7141-2-git-send-email-nayna@linux.ibm.com>
On Fri, Sep 27, 2019 at 10:25:52AM -0400, Nayna Jain wrote:
> PowerNV represents both the firmware and Host OS secureboot state of the
> system via device tree. This patch adds the documentation to give
> the definition of the nodes and the properties.
>
> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
> ---
> .../bindings/powerpc/ibm,secureboot.rst | 76 ++++++++++++++++
> .../devicetree/bindings/powerpc/secvar.rst | 89 +++++++++++++++++++
> 2 files changed, 165 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/powerpc/ibm,secureboot.rst
> create mode 100644 Documentation/devicetree/bindings/powerpc/secvar.rst
>
> diff --git a/Documentation/devicetree/bindings/powerpc/ibm,secureboot.rst b/Documentation/devicetree/bindings/powerpc/ibm,secureboot.rst
> new file mode 100644
> index 000000000000..03d32099d2eb
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/powerpc/ibm,secureboot.rst
> @@ -0,0 +1,76 @@
> +# SPDX-License-Identifier: GPL-2.0
Not the right form for reST files.
> +*** NOTE ***
> +This document is copied from OPAL firmware
> +(skiboot/doc/device-tree/ibm,secureboot.rst)
Why copy into the kernel?
Plus, the bindings are in the process of being converted to schema. What
would I do with these files?
> +************
> +.. _device-tree/ibm,secureboot:
> +
> +ibm,secureboot
> +==============
> +
> +The ``ìbm,secureboot`` node provides secure boot and trusted boot information
> +up to the target OS. Further information can be found in :ref:`stb-overview`.
> +
> +Required properties
> +-------------------
> +
> +.. code-block:: none
> +
> + compatible: Either one of the following values:
> +
> + ibm,secureboot-v1 : The container-verification-code
> + is stored in a secure ROM memory.
> +
> + ibm,secureboot-v2 : The container-verification-code
> + is stored in a reserved memory.
> + It described by the ibm,cvc child
> + node.
> +
> + ibm,secureboot-v3 : The container-verification-code
> + is stored in a reserved memory.
> + It described by the ibm,cvc child
> + node. Secure variables are
> + supported. `secvar` node should
> + be created.
> +
> + secure-enabled: this property exists when the firmware stack is booting
> + in secure mode (hardware secure boot jumper asserted).
> +
> + trusted-enabled: this property exists when the firmware stack is booting
> + in trusted mode.
> +
> + hw-key-hash: hash of the three hardware public keys trusted by the
> + platformw owner. This is used to verify if a firmware
> + code is signed with trusted keys.
> +
> + hw-key-hash-size: hw-key-hash size
> +
> + secvar: this node is created if the platform supports secure
> + variables. Contains information about the current
> + secvar status, see 'secvar.rst'.
> +
> +Obsolete properties
> +-------------------
> +
> +.. code-block:: none
> +
> + hash-algo: Superseded by the hw-key-hash-size property in
> + 'ibm,secureboot-v2'.
> +
> +Example
> +-------
> +
> +.. code-block:: dts
> +
> + ibm,secureboot {
> + compatible = "ibm,secureboot-v2";
> + secure-enabled;
> + trusted-enabled;
> + hw-key-hash-size = <0x40>;
> + hw-key-hash = <0x40d487ff 0x7380ed6a 0xd54775d5 0x795fea0d 0xe2f541fe
> + 0xa9db06b8 0x466a42a3 0x20e65f75 0xb4866546 0x0017d907
> + 0x515dc2a5 0xf9fc5095 0x4d6ee0c9 0xb67d219d 0xfb708535
> + 0x1d01d6d1>;
> + phandle = <0x100000fd>;
> + linux,phandle = <0x100000fd>;
> + };
> diff --git a/Documentation/devicetree/bindings/powerpc/secvar.rst b/Documentation/devicetree/bindings/powerpc/secvar.rst
> new file mode 100644
> index 000000000000..47793ab9c2a7
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/powerpc/secvar.rst
> @@ -0,0 +1,89 @@
> +# SPDX-License-Identifier: GPL-2.0
> +*** NOTE ***
> +This document is copied from OPAL firmware
> +(skiboot/doc/device-tree/secvar.rst)
> +************
> +.. _device-tree/ibm,secureboot/secvar:
> +
> +secvar
> +======
> +
> +The ``secvar`` node provides secure variable information for the secure
> +boot of the target OS.
> +
> +Required properties
> +-------------------
> +
> +.. code-block:: none
> +
> + compatible: this property is set based on the current secure
> + variable scheme as set by the platform.
> +
> + status: set to "fail" if the secure variables could not
> + be initialized, validated, or some other
> + catastrophic failure.
> +
> + update-status: contains the return code of the update queue
> + process run during initialization. Signifies if
> + updates were processed or not, and if there was
> + an error. See table below
> +
> + secure-mode: a u64 bitfield set by the backend to determine
> + what secure mode we should be in, and if host
> + secure boot should be enforced.
> +
> +Example
> +-------
> +
> +.. code-block:: dts
> +
> + secvar {
> + compatible = "ibm,edk2-compat-v1";
> + status = "okay";
> + secure-mode = "1";
> + };
> +
> +Update Status
> +-------------
> +
> +The update status property should be set by the backend driver to a value
> +that best fits its error condtion. The following table defines the
> +general intent of each error code, check backend specific documentation
> +for more detail.
> +
> ++-----------------+-----------------------------------------------+
> +| update-status | Generic Reason |
> ++-----------------|-----------------------------------------------+
> +| OPAL_SUCCESS | Updates were found and processed successfully |
> ++-----------------|-----------------------------------------------+
> +| OPAL_EMPTY | No updates were found, none processed |
> ++-----------------|-----------------------------------------------+
> +| OPAL_PARAMETER | Unable to parse data in the update section |
> ++-----------------|-----------------------------------------------+
> +| OPAL_PERMISSION | Update failed to apply, possible auth failure |
> ++-----------------|-----------------------------------------------+
> +| OPAL_HARDWARE | Misc. storage-related error |
> ++-----------------|-----------------------------------------------+
> +| OPAL_RESOURCE | Out of space (somewhere) |
> ++-----------------|-----------------------------------------------+
> +| OPAL_NO_MEM | Out of memory |
> ++-----------------+-----------------------------------------------+
> +
> +Secure Mode
> +-----------
> +
> ++-----------------------+------------------------+
> +| backend specific-bits | generic mode bits |
> ++-----------------------+------------------------+
> +64 32 0
> +
> +The secure mode property should be set by the backend driver. The least
> +significant 32 bits are reserved for generic modes, shared across all
> +possible backends. The other 32 bits are open for backends to determine
> +their own modes. Any kernel must be made aware of any custom modes.
> +
> +At the moment, only one general-purpose bit is defined:
> +
> +``#define SECVAR_SECURE_MODE_ENFORCING 0x1``
> +
> +which signals that a kernel should enforce host secure boot.
> --
> 2.20.1
>
next prev parent reply other threads:[~2019-10-01 13:33 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-27 14:25 [PATCH v6 0/9] powerpc: Enabling IMA arch specific secure boot policies Nayna Jain
2019-09-27 14:25 ` [PATCH v6 1/9] dt-bindings: ibm,secureboot: secure boot specific properties for PowerNV Nayna Jain
2019-10-01 13:33 ` Rob Herring [this message]
2019-10-01 16:29 ` Nayna
2019-09-27 14:25 ` [PATCH v6 2/9] powerpc: detect the secure boot mode of the system Nayna Jain
2019-09-27 14:25 ` [PATCH v6 3/9] powerpc: add support to initialize ima policy rules Nayna Jain
2019-10-01 1:04 ` Thiago Jung Bauermann
2019-10-01 16:07 ` Nayna
2019-10-02 0:23 ` Thiago Jung Bauermann
2019-10-02 21:49 ` Mimi Zohar
2019-10-08 13:12 ` Nayna
2019-09-27 14:25 ` [PATCH v6 4/9] powerpc: detect the trusted boot state of the system Nayna Jain
2019-09-27 14:25 ` [PATCH v6 5/9] powerpc/ima: add measurement rules to ima arch specific policy Nayna Jain
2019-09-29 4:20 ` Mimi Zohar
2019-09-27 14:25 ` [PATCH v6 6/9] ima: make process_buffer_measurement() non static Nayna Jain
2019-10-02 22:04 ` Mimi Zohar
2019-09-27 14:25 ` [PATCH v6 7/9] ima: check against blacklisted hashes for files with modsig Nayna Jain
2019-10-02 20:44 ` Mimi Zohar
2019-09-27 14:25 ` [PATCH v6 8/9] ima: deprecate permit_directio, instead use appraise_flag Nayna Jain
2019-10-02 21:00 ` Mimi Zohar
2019-09-27 14:26 ` [PATCH v6 9/9] powerpc/ima: update ima arch policy to check for blacklist Nayna Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191001133330.GA29810@bogus \
--to=robh@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=devicetree@vger.kernel.org \
--cc=erichte@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=matthew.garret@nebula.com \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=oohall@gmail.com \
--cc=paulus@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).