On Mon, Aug 11, 2025 at 10:10:12PM +0530, Sudhakar Kuppusamy wrote: > Thank you Daniel. > > > On 11 Aug 2025, at 9:54 PM, Daniel Kiper <dki...@net-space.pl> wrote: > > > > On Tue, Jul 29, 2025 at 08:21:47PM +0530, Sudhakar Kuppusamy wrote: > >> Enhancing the infrastructure to enable the Platform Keystore (PKS) feature, > >> which provides access to the SB_VERSION, db, and dbx secure boot variables > >> from PKS. > >> > >> If secure boot is enabled with dynamic key management mode, it will read > >> secure boot variables such as db and dbx from PKS and extract > >> EFI Signature List (ESL) from it. The ESLs would be saved in the > >> Platform Keystore buffer, and the appendedsig module would read it later > >> to extract the certificate's details from ESL. > >> > >> In the following scenarios, static key management mode will be activated: > >> 1. When Secure Boot is enabled with static key management mode > >> 2. When SB_VERSION is unavailable but Secure Boot is enabled > >> 3. When PKS support is unavailable but Secure Boot is enabled > >> > >> Note:- > >> > >> SB_VERSION: Key Management Mode > >> 1 - Enable dynamic key management mode. Read the db and dbx variables from > >> PKS, > >> and use them for signature verification. > >> 0 - Enable static key management mode. Read keys from the GRUB ELF Note and > >> use it for signature verification. > >> > >> Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com> > > > > [...] > > > >> diff --git a/include/grub/ieee1275/ieee1275.h > >> b/include/grub/ieee1275/ieee1275.h > >> index 6f7925168..365fbb22c 100644 > >> --- a/include/grub/ieee1275/ieee1275.h > >> +++ b/include/grub/ieee1275/ieee1275.h > >> @@ -24,6 +24,9 @@ > >> #include <grub/types.h> > >> #include <grub/machine/ieee1275.h> > >> > >> +#define IEEE1275_CELL_INVALID ((grub_ieee1275_cell_t) -1) > >> +#define IEEE1275_CELL_NOT_FOUND ((int) -7) > > > > This definition looks strange and I am almost certain it should not be > > an int but a "grub_" prefixed type... > > Sure. Will use it like > > #define IEEE1275_CELL_NOT_FOUND ((grub_int32_t) -7) > > > >> + > >> #define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) > >> #define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) > >> > >> diff --git a/include/grub/powerpc/ieee1275/ieee1275.h > >> b/include/grub/powerpc/ieee1275/ieee1275.h > >> index 4eb207018..b70b813f2 100644 > >> --- a/include/grub/powerpc/ieee1275/ieee1275.h > >> +++ b/include/grub/powerpc/ieee1275/ieee1275.h > >> @@ -28,4 +28,24 @@ typedef grub_uint32_t grub_ieee1275_cell_t; > >> #define PRIxGRUB_IEEE1275_CELL_T PRIxGRUB_UINT32_T > >> #define PRIuGRUB_IEEE1275_CELL_T PRIuGRUB_UINT32_T > >> > >> +#ifdef __powerpc__ > >> + > >> +extern int > >> +grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing); > >> + > >> +extern int > >> +grub_ieee1275_pks_max_object_size (grub_size_t *result); > >> + > >> +extern int > >> +grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, > >> + grub_size_t label_len, grub_uint8_t > >> *buffer, > >> + grub_size_t buffer_len, grub_size_t > >> *data_len, > >> + grub_uint32_t *policies); > >> + > >> +extern int > >> +grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t > >> sbvartype, > >> + grub_uint8_t *buffer, grub_size_t > >> buffer_len, > >> + grub_size_t *data_len); > >> +#endif > > > > Return types does not look right for me. I think you should check > > IEEE 1275 spec and choose proper "grub_" prefixed type. Same for > > some args members, e.g. rc, types in these functions. > > Sure. I will do it.
Thank you! > I followed the below two files and wrote these PKS interfaces. > > include/grub/ieee1275/ieee1275.h > grub-core/kern/ieee1275/ieee1275.c I think this should be fixed too. Though it can be done later... Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
