Re: [PATCH v10a 3/9] powerpc: detect the trusted boot state of the system

From: Michael Ellerman
Date: Thu Nov 14 2019 - 04:08:33 EST

Next message: Michael Ellerman: "Re: [PATCH v3] powerpc/fadump: when fadump is supported register the fadump sysfs files."
Previous message: Michael Ellerman: "Re: [PATCH v5 1/6] powerpc: Allow flush_icache_range to work across ranges >4GB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2019-11-05 at 23:02:07 UTC, Eric Richter wrote:
> From: Nayna Jain <nayna@xxxxxxxxxxxxx>
>
> While secure boot permits only properly verified signed kernels to be
> booted, trusted boot calculates the file hash of the kernel image and
> stores the measurement prior to boot, that can be subsequently compared
> against good known values via attestation services.
>
> This patch reads the trusted boot state of a PowerNV system. The state
> is used to conditionally enable additional measurement rules in the IMA
> arch-specific policies.
>
> Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>
> Signed-off-by: Eric Richter <erichte@xxxxxxxxxxxxx>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/2702809a4a1ab414d75c00936cda70ea77c8234e

cheers

Next message: Michael Ellerman: "Re: [PATCH v3] powerpc/fadump: when fadump is supported register the fadump sysfs files."
Previous message: Michael Ellerman: "Re: [PATCH v5 1/6] powerpc: Allow flush_icache_range to work across ranges >4GB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]