From: Matthew Garrett <mjg59@google.com>
To: Claudio Carvalho <cclaudio@linux.ibm.com>
Cc: linuxppc-dev@ozlabs.org, linux-efi <linux-efi@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Paul Mackerras <paulus@samba.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Kerr <jk@ozlabs.org>,
Matthew Garret <matthew.garret@nebula.com>,
Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH 0/4] Enabling secure boot on PowerNV systems
Date: Tue, 2 Apr 2019 12:36:03 -0700 [thread overview]
Message-ID: <CACdnJuumhkqTb4+1=QBiLmbW4xd3wW=MZu6Tj_KdaoTMhCN+Tg@mail.gmail.com> (raw)
In-Reply-To: <20190402181505.25037-1-cclaudio@linux.ibm.com>
On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho <cclaudio@linux.ibm.com> wrote:
> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR
> introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can
> be used to manage the secure variables.
efivarfs has some pretty significant behavioural semantics that
directly reflect the EFI specification. Using it to expose non-EFI
variable data feels like it's going to increase fragility - there's a
risk that we'll change things in a way that makes sense for the EFI
spec but breaks your use case. Is the desire to use efivarfs to
maintain consistency with existing userland tooling, or just to avoid
having a separate filesystem?
next prev parent reply other threads:[~2019-04-02 19:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-02 18:15 [PATCH 0/4] Enabling secure boot on PowerNV systems Claudio Carvalho
2019-04-02 18:15 ` [PATCH 1/4] powerpc/include: Override unneeded early ioremap functions Claudio Carvalho
2019-04-02 18:15 ` [PATCH 2/4] powerpc/powernv: Add support for OPAL secure variables Claudio Carvalho
2019-04-02 18:15 ` [PATCH 3/4] powerpc/powernv: Detect the secure boot mode of the system Claudio Carvalho
2019-04-02 18:15 ` [PATCH 4/4] powerpc: Add support to initialize ima policy rules Claudio Carvalho
2019-04-02 19:36 ` Matthew Garrett [this message]
2019-04-02 21:11 ` [PATCH 0/4] Enabling secure boot on PowerNV systems Claudio Carvalho
2019-04-02 21:51 ` Matthew Garrett
2019-04-02 23:31 ` Claudio Carvalho
2019-04-03 22:27 ` Matthew Garrett
2019-04-05 21:11 ` Claudio Carvalho
2019-04-05 22:19 ` Matthew Garrett
2019-04-09 22:55 ` Claudio Carvalho
2019-04-10 17:36 ` Matthew Garrett
2019-05-10 21:31 ` Claudio Carvalho
2019-05-13 22:06 ` Matthew Garrett
2019-04-03 13:21 ` Michael Ellerman
2019-04-03 21:48 ` Claudio Carvalho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACdnJuumhkqTb4+1=QBiLmbW4xd3wW=MZu6Tj_KdaoTMhCN+Tg@mail.gmail.com' \
--to=mjg59@google.com \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=cclaudio@linux.ibm.com \
--cc=jk@ozlabs.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=matthew.garret@nebula.com \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).