------- Comment From <email address hidden> 2020-11-12 01:12 EDT-------
Hi,
So, here are what I believe are the relevant kernel changes.
Firstly, there is a common core with the support for OpenPower/PowerNV Secure Boot - LP#1866909 and friends. This covers things like securing kexec under lockdown, and all went in for 20.04.
For this iteration of LPAR/KVM guest secure boot - which is supporting only static keys - we just need an additional patch to detect the slightly different Device Tree properties that are used to indicate guest vs host secure boot. This is commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of the system.") which went into 5.9.
------- Comment From <email address hidden> 2020-11-12 01:12 EDT-------
Hi,
So, here are what I believe are the relevant kernel changes.
Firstly, there is a common core with the support for OpenPower/PowerNV Secure Boot - LP#1866909 and friends. This covers things like securing kexec under lockdown, and all went in for 20.04.
For this iteration of LPAR/KVM guest secure boot - which is supporting only static keys - we just need an additional patch to detect the slightly different Device Tree properties that are used to indicate guest vs host secure boot. This is commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of the system.") which went into 5.9.
Kind regards,
Daniel