Comment 4 for bug 1903288
Revision history for this message
| bugproxy (bugproxy) wrote Comment bridged from LTC Bugzilla | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
------- Comment From <email address hidden> 2020-11-12 01:12 EDT-------
Hi,
So, here are what I believe are the relevant kernel changes.
Firstly, there is a common core with the support for OpenPower/PowerNV Secure Boot - LP#1866909 and friends. This covers things like securing kexec under lockdown, and all went in for 20.04.
For this iteration of LPAR/KVM guest secure boot - which is supporting only static keys - we just need an additional patch to detect the slightly different Device Tree properties that are used to indicate guest vs host secure boot. This is commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of the system.") which went into 5.9.
Kind regards,
Daniel