[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree
From: |
Daniel Axtens |
Subject: |
Re: [PATCH] ppc/spapr: advertise secure boot in the guest device tree |
Date: |
Wed, 12 May 2021 13:47:09 +1000 |
> So.. what's the point? AFAIK we have no secure boot support in SLOF,
> so what would advertising it in the device tree accomplish?
Linux reads the property and enters secure boot mode:
commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of
the system.")
grub patches to read the property and enter lockdown are on the list:
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00359.html
(patch 19)
I have very basic SLOF support:
>> - github.com/daxtens/SLOF branch ibm,secure-boot (not production ready!)
The property is extremely useful in developing and testing secure boot
support all the way up the stack.
Kind regards,
Daniel