On 8/28/19 10:05 AM, Michael Ellerman wrote:
> From: Claudio Carvalho
>
> The ultravisor (UV) provides an in-memory console which follows the
> OPAL in-memory console structure.
>
> This patch extends the OPAL msglog code to initialize the UV memory
> console and provi
On 8/28/19 10:05 AM, Michael Ellerman wrote:
> From: Claudio Carvalho
>
> This patch refactors the code in opal-msglog that operates on the OPAL
> memory console in order to make it cleaner and also allow the reuse of
> the new memcons_* functions.
Tested-by: Claudio Carvalho
ned-off-by: Claudio Carvalho
---
This patch applies on top of the "kvmppc: Paravirtualize KVM to support
ultravisor" patch series submitted by Claudio Carvalho.
---
arch/powerpc/include/asm/ultravisor.h| 8
arch/powerpc/platforms/powernv/opal-msglog.c | 36
This patch refactors the code in opal-msglog that operates on the OPAL
memory console in order to make it cleaner and also allow the reuse of
the new memcons_* functions.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/platforms/powernv/opal-msglog.c | 61 ++--
1 file changed
On 8/23/19 9:48 AM, Michael Ellerman wrote:
> Hi Claudio,
Hi Michael,
>
> Claudio Carvalho writes:
>> Ultravisor (UV) provides an in-memory console which follows the OPAL
>> in-memory console structure.
>>
>> This patch extends the OPAL msglog code to also in
: Oliver O'Halloran
Signed-off-by: Claudio Carvalho
---
This patch depends on the "kvmppc: Paravirtualize KVM to support
ultravisor" patchset submitted by Claudio Carvalho.
---
arch/powerpc/platforms/powernv/opal-msglog.c | 99 ++--
1 file changed, 72 insertions(+
the ultracall number, i.e UV_RETURN.
* If returning with a synthesized interrupt, R2 contains the
synthesized interrupt number.
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm
.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
---
arch/powerpc/platforms/powernv/idle.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/idle.c
b/arch/powerpc/platforms/powernv/idle.c
index 09f49eed7fb8
: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor.h| 12
arch/powerpc/mm/book3s64/hash_utils.c| 5 +++--
arch/powerpc/mm/book3s64/pgtable.c | 2 +-
arch/powerpc/mm/book3s64/radix_pgtable.c | 8 +---
4 files changed, 21 insertions(+), 6 deletions(-)
diff
) when Ultravisor is enabled.
Signed-off-by: Michael Anderson
Signed-off-by: Madhavan Srinivasan
Signed-off-by: Ram Pai
[ cclaudio: Write the PATE in HV's table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
Reviewed-by: Ryan Grimm
---
arch/powerpc/include/asm/ultravisor-
accessing resources (e.g. PTCR and LDBAR) in case PEF is enabled.
Signed-off-by: Claudio Carvalho
[ andmike: Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravisor.h
will be redirected to the
hypervisor which must handle/fail the call.
Thanks to inputs from Ram Pai and Michael Anderson.
Signed-off-by: Claudio Carvalho
---
Ultravisor call support for secure guests is being proposed as part of
the patchset "Secure Virtual Machine Enablement" posted
KVM Hypervisor.
Based on input from Mike Anderson, Thiago Bauermann, Claudio Carvalho,
Ben Herrenschmidt, Guerney Hunt, Paul Mackerras.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
Signed-off-by: Guerney Hunt
Reviewed-by: Claudio Carvalho
Reviewed-by: Michael Anderson
Reviewed-by
be "Disable IMC devices, when
Ultravisor is enabled.
- Fixed signed-off-by.
- Patch "KVM: PPC: Ultravisor: Enter a secure guest":
- Changed the UV_RETURN assembly call to save the actual R3 in
R0 for the ultravisor and pass the UV_RETURN call number in R3.
- Patch "
On 8/14/19 8:33 AM, Michael Ellerman wrote:
> Hi Claudio,
>
> Claudio Carvalho writes:
>> From: Michael Anderson
>>
>> In ultravisor enabled systems, the ultravisor creates and maintains the
>> partition table in secure memory where
On 8/14/19 3:34 PM, Segher Boessenkool wrote:
> On Wed, Aug 14, 2019 at 08:46:15PM +1000, Michael Ellerman wrote:
>> Claudio Carvalho writes:
>>> +_GLOBAL(ucall_norets)
>>> +EXPORT_SYMBOL_GPL(ucall_norets)
>>> + mfcrr0
>>>
On 8/14/19 7:46 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> diff --git a/arch/powerpc/kernel/ucall.S b/arch/powerpc/kernel/ucall.S
>> new file mode 100644
>> index ..de9133e45d21
>> --- /dev/null
>> +++ b/arch/powerpc/kernel/ucall.
On 8/9/19 9:45 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> From: Sukadev Bhattiprolu
>>
>> POWER9 processor includes support for Protected Execution Facility (PEF).
>> Which POWER9? Please be more precise.
>>
>> It's public knowledge
On 8/12/19 12:58 PM, Fabiano Rosas wrote:
> Claudio Carvalho writes:
>
> Some small suggestions below:
>
>> +
>> +* The privilege of a process is now determined by three MSR bits,
>> + MSR(S, HV, PR). In each of the tables below the modes are listed
>
the ultracall number, i.e UV_RETURN.
* If returning with a synthesized interrupt, R2 contains the
synthesized interrupt number.
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm
.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
---
arch/powerpc/platforms/powernv/idle.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/idle.c
b/arch/powerpc/platforms/powernv/idle.c
index 210fb73a5121
disabled.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 13 +
arch/powerpc/mm/book3s64/hash_utils.c| 4 ++--
arch/powerpc/mm/book3s64/pgtable.c | 2 +-
arch/powerpc/mm/book3s64/radix_pgtable.c | 6 +++---
4 files changed, 19 insertions(+), 6
Anderson
Signed-off-by: Madhavan Srinivasan
Signed-off-by: Ram Pai
[ cclaudio: Write the PATE in HV's table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
Reviewed-by: Ryan Grimm
---
arch/powerpc/include/asm/ultravisor-api.h | 5 ++
arch/powerpc/include/asm/ultravisor.
accessing resources (e.g. PTCR and LDBAR) in case PEF is enabled.
Signed-off-by: Claudio Carvalho
[ andmike: Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravisor.h
file is placed under
arch/powerpc/kernel.
If ultravisor is not enabled, the ucalls will be redirected to the
hypervisor which must handle/fail the call.
Thanks to inputs from Ram Pai and Michael Anderson.
Signed-off-by: Claudio Carvalho
---
Ultravisor call support for secure guests is being
from Mike Anderson, Thiago Bauermann, Claudio Carvalho,
Ben Herrenschmidt, Guerney Hunt, Paul Mackerras.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
Signed-off-by: Guerney Hunt
Reviewed-by: Claudio Carvalho
Reviewed-by: Michael Anderson
Reviewed-by: Thiago Bauermann
Signed-off
Return to UV for hcalls from SVM"
- "KVM: PPC: Ultravisor: Enter a secure guest
- Rebased
- Addressed comments from Paul Mackerras
- Dropped ultravisor checks made in power8 code
- Updated the commit message for:
"KVM: PPC: Ultravisor: Enter a secure guest"
- Addre
On 7/11/19 9:57 AM, Michael Ellerman wrote:
>
>>
>> static pmd_t *get_pmd_from_cache(struct mm_struct *mm)
>> diff --git a/arch/powerpc/mm/book3s64/radix_pgtable.c
>> b/arch/powerpc/mm/book3s64/radix_pgtable.c
>> index 8904aa1243d8..da6a6b76a040 100644
>> --- a/arch/powerpc/mm/book3s64/radix_
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> When the ultravisor firmware is available, it takes control over the
>> LDBAR register. In this case, thread-imc updates and save/restore
>> operations on the LDBAR register are handled by ultravisor.
On 7/1/19 3:46 AM, Ram Pai wrote:
> On Mon, Jul 01, 2019 at 04:30:55PM +1000, Alexey Kardashevskiy wrote:
>>
>> On 01/07/2019 16:17, maddy wrote:
>>> On 01/07/19 11:24 AM, Alexey Kardashevskiy wrote:
>>>> On 29/06/2019 06:08, Claudio Carvalho wrote:
&
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> From: Ram Pai
>>
>> Add the ucall() function, which can be used to make ultravisor calls
>> with varied number of in and out arguments. Ultravisor calls can be made
>> from the host
On 7/11/19 9:57 AM, Michael Ellerman wrote:
> Claudio Carvalho writes:
>> diff --git a/arch/powerpc/include/asm/ultravisor.h
>> b/arch/powerpc/include/asm/ultravisor.h
>> new file mode 100644
>> index ..e5009b0d84ea
>> --- /dev/null
>> +++
with the MSR_S bit set, but a
>> secure guest and the ultravisor firmware do.
>>
>> Signed-off-by: Sukadev Bhattiprolu
>> Signed-off-by: Ram Pai
>> [ Update the commit message ]
>> Signed-off-by: Claudio Carvalho
>> ---
>> arch/powerpc/include/asm/reg.h
On 7/8/19 5:53 PM, janani wrote:
> On 2019-06-28 15:08, Claudio Carvalho wrote:
>> From: Sukadev Bhattiprolu
>>
>> To enter a secure guest, we have to go through the ultravisor, therefore
>> we do a ucall when we are entering a secure guest.
>>
>> This ch
o view the messages.
CC: Joel Stanley
CC: Oliver O'Halloran
Signed-off-by: Madhavan Srinivasan
[ Read ibm,opal-uv-memcons instead of OPAL's ]
Signed-off-by: Ryan Grimm
[ Fix license, update the commit message ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/opal.h
On 7/1/19 2:54 AM, Alexey Kardashevskiy wrote:
>
> On 29/06/2019 06:08, Claudio Carvalho wrote:
>> From: Ram Pai
>>
>> Ultravisor is responsible for flushing the tlb cache, since it manages
>> the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
On 6/15/19 4:36 AM, Paul Mackerras wrote:
> On Thu, Jun 06, 2019 at 02:36:08PM -0300, Claudio Carvalho wrote:
>> This feature tells if the ultravisor firmware is available to handle
>> ucalls.
> Everything in this patch that depends on CONFIG_PPC_UV should just
> depend
Add the ppc_capabilities ELF note to the powerpc kernel binary. It is a
bitmap that can be used to advertise kernel capabilities to userland.
This patch also defines PPCCAP_ULTRAVISOR_BIT as being the bit zero.
Suggested-by: Paul Mackerras
Signed-off-by: Claudio Carvalho
---
arch/powerpc
UV_RETURN ucall number. Update commit message and ret_to_ultra comment ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/asm-offsets.c | 1 +
arch/powerpc/kvm/book3s_hv_rmhandlers.S
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include it. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
Acked-by: Paul Mackerras
When the ultravisor firmware is available, it takes control over the
LDBAR register. In this case, thread-imc updates and save/restore
operations on the LDBAR register are handled by ultravisor.
Signed-off-by: Claudio Carvalho
Reviewed-by: Ram Pai
Reviewed-by: Ryan Grimm
Acked-by: Madhavan
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
HV's table before doing that in UV's ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 14 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtabl
and move headers, build ucall.S
if CONFIG_PPC_POWERNV set, use R3 for the ucall number and add some
comments in the code ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 20 +++
arch
x27;t (and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[ Update the commit message ]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertion
PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall"
- "[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr"
- Squashed patches:
- "[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
- "[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check s
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[ Device node name to "ibm,ultravisor" ]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
On 6/7/19 5:11 PM, Leonardo Bras wrote:
>
> On Thu, 2019-06-06 at 14:36 -0300, Claudio Carvalho wrote:
>> From: Anshuman Khandual
>>
>> CONFIG_PPC_UV adds support for ultravisor.
>>
>> Signed-off-by: Anshuman Khandual
>> Signed-off-by: Bharata B
On 6/7/19 1:48 AM, Madhavan Srinivasan wrote:
>
> On 06/06/19 11:06 PM, Claudio Carvalho wrote:
>> When the ultravisor firmware is available, it takes control over the
>> LDBAR register. In this case, thread-imc updates and save/restore
>> operations on the LDBAR
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm
visor: Return to UV for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (2):
powerpc: Introduce FW_FEATURE_ULTRAVISOR
KVM: PPC: Ultravisor: Restrict L
When the ultravisor firmware is available, it takes control over the
LDBAR register. In this case, thread-imc updates and save/restore
operations on the LDBAR register are handled by ultravisor.
Signed-off-by: Claudio Carvalho
Signed-off-by: Ram Pai
---
arch/powerpc/kvm/book3s_hv_rmhandlers.S
Mackerras
[Fix UV_RETURN token number and arch.secure_guest check]
Signed-off-by: Ram Pai
[Update commit message and ret_to_ultra comment]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/asm
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
HV's table before doing that in UV's]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 14 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtabl
and move the headers, build
ucall.S if CONFIG_PPC_UV set, and add some comments in the code]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 20 +++
arch/powerpc/kernel/Makefile
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[Device node name to "ibm,ultravisor"]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
From: Anshuman Khandual
CONFIG_PPC_UV adds support for ultravisor.
Signed-off-by: Anshuman Khandual
Signed-off-by: Bharata B Rao
Signed-off-by: Ram Pai
[Update config help and commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/Kconfig | 20
1 file changed
x27;t (and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[Update the commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertions(+)
On 5/21/19 2:24 AM, Madhavan Srinivasan wrote:
>
> On 18/05/19 7:55 PM, Claudio Carvalho wrote:
>> From: Ram Pai When the ultravisor firmware is
>> available, it takes control over the LDBAR register. In this case,
>> thread-imc updates and save/restore operations o
From: Michael Anderson
- Check for MSR_S so that kvmppc_set_msr will include. Prior to this
change return to guest would not have the S bit set.
- Patch based on comment from Paul Mackerras
Signed-off-by: Michael Anderson
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm
From: Paul Mackerras
- Pass SRR1 in r11 for UV_RETURN because SRR0 and SRR1 get set by
the sc 2 instruction. (Note r3 - r10 potentially have hcall return
values in them.)
- Fix kvmppc_msr_interrupt to preserve the MSR_S bit.
Signed-off-by: Paul Mackerras
Signed-off-by: Claudio Carvalho
even a new CPU will enter UV when started (in response to a RTAS
start-cpu call).
Thanks to input from Paul Mackerras, Ram Pai and Mike Anderson.
Signed-off-by: Sukadev Bhattiprolu
[Fix UV_RETURN token number and arch.secure_guest check]
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
the commit
message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/kvm/book3s_hv.c | 4 +-
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 2 +
arch/powerpc/perf/imc-pmu.c | 64
arch/powerpc/platforms/powernv/idle.c| 6 +-
arch
From: Ram Pai
Ultravisor is responsible for flushing the tlb cache, since it manages
the PATE entries. Hence skip tlb flush, if the ultravisor firmware is
available.
Signed-off-by: Ram Pai
Signed-off-by: Claudio Carvalho
---
arch/powerpc/mm/book3s64/pgtable.c | 33
HV's table before doing that in UV's]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 5 +++-
arch/powerpc/include/asm/ultravisor.h | 9 ++
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtabl
This feature tells if the ultravisor firmware is available to handle
ucalls.
Signed-off-by: Claudio Carvalho
[Device node name to "ibm,ultravisor"]
Signed-off-by: Michael Anderson
---
arch/powerpc/include/asm/firmware.h | 5 +++--
arch/powerpc/include/asm/ultravi
and move the headers, build
ucall.S if CONFIG_PPC_UV set, and add some comments in the code]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/ultravisor-api.h | 20 +++
arch/powerpc/include/asm/ultravisor.h | 25 ++
arch/powerpc/kernel/Makefile
x27;t (and can't) run with the MSR_S bit set, but a
secure guest and the ultravisor firmware do.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[Update the commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/reg.h | 3 +++
1 file changed, 3 insertions(+)
From: Anshuman Khandual
CONFIG_PPC_UV adds support for ultravisor.
Signed-off-by: Anshuman Khandual
Signed-off-by: Bharata B Rao
Signed-off-by: Ram Pai
[Update config help and commit message]
Signed-off-by: Claudio Carvalho
---
arch/powerpc/Kconfig | 20
1 file changed
hed patches:
"[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (1):
powerpc: Introduce
Hi Matthew,
Thanks for the feedback and sorry for the delay in responding.
On 4/10/19 2:36 PM, Matthew Garrett wrote:
> (Cc:ing Peter Jones)
>
> On Tue, Apr 9, 2019 at 3:55 PM Claudio Carvalho
> wrote:
>>
>> On 4/5/19 7:19 PM, Matthew Garrett wrote:
>>> Base
On 4/5/19 7:19 PM, Matthew Garrett wrote:
> On Fri, Apr 5, 2019 at 2:11 PM Claudio Carvalho
> wrote:
>>
>> On 4/3/19 7:27 PM, Matthew Garrett wrote:
>>> Not supporting dbx seems like a pretty significant shortcoming. How
>>> are signatures meant to be re
On 4/3/19 7:27 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 4:31 PM Claudio Carvalho
> wrote:
>>
>> On 4/2/19 6:51 PM, Matthew Garrett wrote:
>>> So you implement the full PK/KEK/db/dbx/dbt infrastructure, and
>>> updates are signed in the sam
On 4/3/19 10:21 AM, Michael Ellerman wrote:
> Hi Claudio,
>
> Thanks for posting this.
>
> Claudio Carvalho writes:
>> This patch set is part of a series that implements secure boot on
>> PowerNV systems.
>>
>> In order to verify the OS kernel
On 4/2/19 6:51 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 2:11 PM Claudio Carvalho
> wrote:
>> We want to use the efivarfs for compatibility with existing userspace
>> tools. We will track and match any EFI changes that affect us.
> So you implement the f
On 4/2/19 4:36 PM, Matthew Garrett wrote:
> On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho
> wrote:
>> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR
>>introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can
>>be u
From: Nayna Jain
PowerNV secure boot relies on the kernel IMA security subsystem to
perform the OS kernel image signature verification. Since each secure
boot mode has different IMA policy requirements, dynamic definition of
the policy rules based on the runtime secure boot mode of the system is
From: Nayna Jain
PowerNV secure boot defines different IMA policies based on the secure
boot state of the system.
This patch defines a function to detect the secure boot state of the
system.
Signed-off-by: Nayna Jain
---
arch/powerpc/include/asm/secboot.h | 21 +
arch/powerpc/pl
CONFIG_OPAL_SECVAR for enabling the OPAL
secure variables support in the kernel. Since CONFIG_OPAL_SECVAR selects
CONFIG_EFI, it also allow us to manage the OPAL secure variables from
userspace via efivarfs.
Signed-off-by: Claudio Carvalho
---
This patch depends on new OPAL calls that are being added to
.
Signed-off-by: Claudio Carvalho
---
arch/powerpc/include/asm/early_ioremap.h | 41
1 file changed, 41 insertions(+)
create mode 100644 arch/powerpc/include/asm/early_ioremap.h
diff --git a/arch/powerpc/include/asm/early_ioremap.h
b/arch/powerpc/include/asm/early_ioremap.h
appreciated.
3. Define IMA arch-specific policies based on the secure boot state and
mode of the system. On secure boot enabled powernv systems, the host OS
kernel signature will be verified by IMA appraisal.
Claudio Carvalho (2):
powerpc/include: Override unneeded early ioremap functions
urning non-void [-Werror=return-type]
This patch fixes the issue by returning zero as suggested by the author
of the commit.
Fixes: 75d9fc7fd94e ("powerpc/powernv: move OPAL call wrapper tracing and
interrupt handling to C")
Signed-off-by: Claudio Carvalho
CC: Nicholas Piggin
---
ar
83 matches
Mail list logo
