On Tue, Jul 29, 2025 at 08:21:47PM +0530, Sudhakar Kuppusamy wrote: > Enhancing the infrastructure to enable the Platform Keystore (PKS) feature, > which provides access to the SB_VERSION, db, and dbx secure boot variables > from PKS. > > If secure boot is enabled with dynamic key management mode, it will read > secure boot variables such as db and dbx from PKS and extract > EFI Signature List (ESL) from it. The ESLs would be saved in the > Platform Keystore buffer, and the appendedsig module would read it later > to extract the certificate's details from ESL. > > In the following scenarios, static key management mode will be activated: > 1. When Secure Boot is enabled with static key management mode > 2. When SB_VERSION is unavailable but Secure Boot is enabled > 3. When PKS support is unavailable but Secure Boot is enabled > > Note:- > > SB_VERSION: Key Management Mode > 1 - Enable dynamic key management mode. Read the db and dbx variables from > PKS, > and use them for signature verification. > 0 - Enable static key management mode. Read keys from the GRUB ELF Note and > use it for signature verification. > > Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>
[...] > diff --git a/include/grub/ieee1275/ieee1275.h > b/include/grub/ieee1275/ieee1275.h > index 6f7925168..365fbb22c 100644 > --- a/include/grub/ieee1275/ieee1275.h > +++ b/include/grub/ieee1275/ieee1275.h > @@ -24,6 +24,9 @@ > #include <grub/types.h> > #include <grub/machine/ieee1275.h> > > +#define IEEE1275_CELL_INVALID ((grub_ieee1275_cell_t) -1) > +#define IEEE1275_CELL_NOT_FOUND ((int) -7) This definition looks strange and I am almost certain it should not be an int but a "grub_" prefixed type... > + > #define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) > #define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) > > diff --git a/include/grub/powerpc/ieee1275/ieee1275.h > b/include/grub/powerpc/ieee1275/ieee1275.h > index 4eb207018..b70b813f2 100644 > --- a/include/grub/powerpc/ieee1275/ieee1275.h > +++ b/include/grub/powerpc/ieee1275/ieee1275.h > @@ -28,4 +28,24 @@ typedef grub_uint32_t grub_ieee1275_cell_t; > #define PRIxGRUB_IEEE1275_CELL_T PRIxGRUB_UINT32_T > #define PRIuGRUB_IEEE1275_CELL_T PRIuGRUB_UINT32_T > > +#ifdef __powerpc__ > + > +extern int > +grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing); > + > +extern int > +grub_ieee1275_pks_max_object_size (grub_size_t *result); > + > +extern int > +grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, > + grub_size_t label_len, grub_uint8_t *buffer, > + grub_size_t buffer_len, grub_size_t *data_len, > + grub_uint32_t *policies); > + > +extern int > +grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t > sbvartype, > + grub_uint8_t *buffer, grub_size_t buffer_len, > + grub_size_t *data_len); > +#endif Return types does not look right for me. I think you should check IEEE 1275 spec and choose proper "grub_" prefixed type. Same for some args members, e.g. rc, types in these functions. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel