[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACdnJuumhkqTb4+1=QBiLmbW4xd3wW=MZu6Tj_KdaoTMhCN+Tg@mail.gmail.com>
Date: Tue, 2 Apr 2019 12:36:03 -0700
From: Matthew Garrett <mjg59@...gle.com>
To: Claudio Carvalho <cclaudio@...ux.ibm.com>
Cc: linuxppc-dev@...abs.org, linux-efi <linux-efi@...r.kernel.org>,
linux-integrity <linux-integrity@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Michael Ellerman <mpe@...erman.id.au>,
Paul Mackerras <paulus@...ba.org>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Jeremy Kerr <jk@...abs.org>,
Matthew Garret <matthew.garret@...ula.com>,
Nayna Jain <nayna@...ux.ibm.com>
Subject: Re: [PATCH 0/4] Enabling secure boot on PowerNV systems
On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho <cclaudio@...ux.ibm.com> wrote:
> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR
> introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can
> be used to manage the secure variables.
efivarfs has some pretty significant behavioural semantics that
directly reflect the EFI specification. Using it to expose non-EFI
variable data feels like it's going to increase fragility - there's a
risk that we'll change things in a way that makes sense for the EFI
spec but breaks your use case. Is the desire to use efivarfs to
maintain consistency with existing userland tooling, or just to avoid
having a separate filesystem?
Powered by blists - more mailing lists