diff options
| author | Nayna Jain <nayna@linux.ibm.com> | 2019-11-10 21:10:33 -0600 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-11-13 00:33:22 +1100 |
| commit | 9155e2341aa8b5df057dc1c77633b33d1a4f17d2 (patch) | |
| tree | 294435e811fa6529203d26b553e4c50fd12dc41a /arch/powerpc/include/asm/opal-api.h | |
| parent | 39a963b457b5c6cbbdc70441c9d496e39d151582 (diff) | |
| download | linux-9155e2341aa8b5df057dc1c77633b33d1a4f17d2.tar.bz2 | |
powerpc/powernv: Add OPAL API interface to access secure variable
The X.509 certificates trusted by the platform and required to secure
boot the OS kernel are wrapped in secure variables, which are
controlled by OPAL.
This patch adds firmware/kernel interface to read and write OPAL
secure variables based on the unique key.
This support can be enabled using CONFIG_OPAL_SECVAR.
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Make secvar_ops __ro_after_init, only build opal-secvar.c if PPC_SECURE_BOOT=y]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1573441836-3632-2-git-send-email-nayna@linux.ibm.com
Diffstat (limited to 'arch/powerpc/include/asm/opal-api.h')
| -rw-r--r-- | arch/powerpc/include/asm/opal-api.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/arch/powerpc/include/asm/opal-api.h b/arch/powerpc/include/asm/opal-api.h index 378e3997845a..c1f25a760eb1 100644 --- a/arch/powerpc/include/asm/opal-api.h +++ b/arch/powerpc/include/asm/opal-api.h @@ -211,7 +211,10 @@ #define OPAL_MPIPL_UPDATE 173 #define OPAL_MPIPL_REGISTER_TAG 174 #define OPAL_MPIPL_QUERY_TAG 175 -#define OPAL_LAST 175 +#define OPAL_SECVAR_GET 176 +#define OPAL_SECVAR_GET_NEXT 177 +#define OPAL_SECVAR_ENQUEUE_UPDATE 178 +#define OPAL_LAST 178 #define QUIESCE_HOLD 1 /* Spin all calls at entry */ #define QUIESCE_REJECT 2 /* Fail all calls with OPAL_BUSY */ |