Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
|
|
These callbacks were used by the p7ioc code that was removed a long time
ago. Add them to the list of removed calls and delete the dead code.
Linux has removed the code that called these functions in v6.5-rc1.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
|
|
Rainier has GA'd as the S1014/S1022/S1024.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
|
|
The current release is 0.18.1, so as long as the systems has greater
than 0.15 we should be okay. Obviously when installing from pip the
build will be fine.
Ubuntu 18.04: 0.14
Ubuntu 20.04: 0.16
Fedora 33: 0.16
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Update the table of platforms to make it clear which Power9 CPU each
uses, currently they all use Power9N.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
The PHB5 logic on P10 is pretty close to the P9's version. So
we keep our base phb4 implementation and just add the few changes
within if statements.
Signed-off-by: Jordan Niethe <jpn@ozlabs.au.ibm.com>
[clg: misc cleanups and fixes ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[Fixed compilation issue - Vasant]
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[Nick: Unify PHB4/PHB5 drivers ]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[Mikey: set default lane eq settings for phb5]
Signed-off-by: Michael Neuling <mikey@neuling.org>
[FB: squash commits + small cleanup ]
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Co-authored-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Co-authored-by: Vaidyanathan Srinivasan <svaidy@linux.ibm.com>
Signed-off-by: Vaidyanathan Srinivasan <svaidy@linux.ibm.com>
Co-authored-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Co-authored-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Co-authored-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Co-authored-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
As part of secureboot key management, the scheme for handling key updates
is derived from tianocore reference implementation[1]. The wrappers for
holding the signed update is the Authentication Header and for holding
the public key certificate is ESL (EFI Signature List), both derived from
tianocore reference implementation[1].
This patch adds the support to process update queue. This involves:
1. Verification of the update signature using the key authorized as per the
key hierarchy
2. Handling addition/deletion of the keys
3. Support for dbx (blacklisting of hashes)
4. Validation checks for the updates
5. Supporting multiple ESLs for single variable both for update/verification
6. Timestamp check
7. Allowing only single PK
8. Failure Handling
9. Resetting keystore if the hardware key hash changes
[1] https://github.com/tianocore/edk2-staging.git
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch implements the platform specific logic for persisting the
secure variable storage banks across reboots via the SECBOOT PNOR
partition.
For POWER 9, all secure variables and updates are stored in the
in the SECBOOT PNOR partition. The partition is split into three
sections: two variable bank sections, and a section for storing
updates. The driver alternates writes between the two variable
sections, so that the final switch from one set of variables to
the next can be as atomic as possible by flipping an "active bit"
stored in TPM NV.
PNOR space provides no lock protection, so prior to writing the
variable bank, a sha256 hash is calculated and stored in TPM NV.
This hash is compared against the hash of the variables loaded from
PNOR to ensure consistency -- otherwise a failure is reported, no keys
are loaded (which should cause skiroot to refuse to boot if secure boot
support is enabled).
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a reference document that explains the intended use for
each of the secvar driver API functions to aid in future secvar driver
implementations.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch reads the hdata bits to check for physical presence
assertion, and creates device tree entries to be consumed later in the
boot.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
These platforms are supported in the tree but didn't make it to the docs
folder yet.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
I like to click things.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The 'ibm,phb-index' property of the NPU node is now useless, as we can
have multiple PHBs associated to the same NPU on P9. Let's remove it
to avoid confusion.
Reviewed-by: Reza Arbab <arbab@linux.ibm.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Using a normal :: block results in "WARNING: Unexpected indentation." I
don't know why, but replacing it with a plain-text code block cures it.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Apollo was a P7 platform, not P8, and we don't support P7 any more.
VESNIN is a P8 platform. Garrison uses the P8NVL chip, few other minor
mistakes.
There's stilll a bunch of systems missing from here, but eh. I also added
a note about P7 support being dropped.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This is already included under the "Development Process" and this causes
a warning because there's no doc/CONTRIBUTING.md.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Using all your cores makes re-building the documentation a significantly
faster. It'd be even faster if sphinx would stop assuming every single
.rst file changes between builds, but casual googling didn't reveal a
fix so -EEFFORT. Might be a bug in Sphinx 1.8.3 which Fedora is shipping.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
It was AWOL.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
There's no real point in having a seperate subdir. Move it down a level
and rename it to secvar.rst so Sphinx picks it up automatically.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
A definition for this flag is provided below in a code block. It's not
an OPAL call so there's no ref to it and we get a warning.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Sphinx whines.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Squash another warning
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This was never implemented and it's documented in the "Future calls"
section.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Squash some warnings.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Sphinx seems to choke if there's an additional indentation in a ::
block.
e.g.:
::
one
two
three
four
It'll complain about the indentation changing at three. A
".. code-block:: text" block doesn't seem to have this problem so use
that instead. Also note that you need a blank line between the
code-block and the start of the actual code block.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[oliver: cherry picked into master, better late than never]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|