Re: [PATCH v9 0/4] powerpc: expose secure variables to the kernel and userspace
From: Michael Ellerman
Date: Mon Nov 11 2019 - 20:21:10 EST
Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> writes:
> On 11/10/19 7:10 PM, Nayna Jain wrote:
>
> Hi Nayna,
>
>> In order to verify the OS kernel on PowerNV systems, secure boot requires
>> X.509 certificates trusted by the platform. These are stored in secure
>> variables controlled by OPAL, called OPAL secure variables. In order to
>> enable users to manage the keys, the secure variables need to be exposed
>> to userspace.
> Are you planning to split the patches in this patch set into smaller
> chunks so that it is easier to code review and also perhaps make it
> easier when merging the changes?
I don't think splitting them would add any value. They're already split
into the firmware specific bits (patch 1), and the sysfs parts (patch
2), which is sufficient for me.
cheers