git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Tue, 5 Nov 2019 23:02:07 +0000 (17:02 -0600)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 01:25:49 +0000 (12:25 +1100)
commit	2702809a4a1ab414d75c00936cda70ea77c8234e
tree	73a331f2f9de6ec65b20fba05d78e1deb5183a32	tree \| snapshot
parent	4238fad366a660cbc6499ca1ea4be42bd4d1ac5b	commit \| diff

powerpc: Detect the trusted boot state of the system

While secure boot permits only properly verified signed kernels to be
booted, trusted boot calculates the file hash of the kernel image and
stores the measurement prior to boot, that can be subsequently
compared against good known values via attestation services.

This patch reads the trusted boot state of a PowerNV system. The state
is used to conditionally enable additional measurement rules in the
IMA arch-specific policies.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/e9eeee6b-b9bf-1e41-2954-61dbd6fbfbcf@linux.ibm.com

arch/powerpc/include/asm/secure_boot.h		diff \| blob \| history
arch/powerpc/kernel/secure_boot.c		diff \| blob \| history