Message ID | 20200924014922.172914-1-dja@axtens.net (mailing list archive) |
---|---|
State | Accepted |
Commit | 5c5e46dad939b2bf4df04293ab9ac68abd7c1f55 |
Headers | show |
Series | powerpc: PPC_SECURE_BOOT should not require PowerNV | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | success | Successfully applied on branch powerpc/merge (ace1986562a0814f179ecd2f1e648215ebc6625a) |
snowpatch_ozlabs/build-ppc64le | warning | Upstream build failed, couldn't test patch |
snowpatch_ozlabs/build-ppc64be | warning | Upstream build failed, couldn't test patch |
snowpatch_ozlabs/build-ppc64e | warning | Upstream build failed, couldn't test patch |
snowpatch_ozlabs/build-pmac32 | warning | Upstream build failed, couldn't test patch |
snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 8 lines checked |
snowpatch_ozlabs/needsstable | success | Patch fixes a commit that hasn't been released yet |
On Thu, 24 Sep 2020 11:49:22 +1000, Daniel Axtens wrote: > In commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted > boot state of the system.") we taught the kernel how to understand the > secure-boot parameters used by a pseries guest. > > However, CONFIG_PPC_SECURE_BOOT still requires PowerNV. I didn't > catch this because pseries_le_defconfig includes support for > PowerNV and so everything still worked. Indeed, most configs will. > Nonetheless, technically PPC_SECURE_BOOT doesn't require PowerNV > any more. > > [...] Applied to powerpc/next. [1/1] powerpc: PPC_SECURE_BOOT should not require PowerNV https://git.kernel.org/powerpc/c/5c5e46dad939b2bf4df04293ab9ac68abd7c1f55 cheers
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 4b33477dafb8..f645fa934853 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -983,7 +983,7 @@ config PPC_MEM_KEYS config PPC_SECURE_BOOT prompt "Enable secure boot support" bool - depends on PPC_POWERNV + depends on PPC_POWERNV || PPC_PSERIES depends on IMA_ARCH_POLICY imply IMA_SECURE_AND_OR_TRUSTED_BOOT help
In commit 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of the system.") we taught the kernel how to understand the secure-boot parameters used by a pseries guest. However, CONFIG_PPC_SECURE_BOOT still requires PowerNV. I didn't catch this because pseries_le_defconfig includes support for PowerNV and so everything still worked. Indeed, most configs will. Nonetheless, technically PPC_SECURE_BOOT doesn't require PowerNV any more. The secure variables support (PPC_SECVAR_SYSFS) doesn't do anything on pSeries yet, but I don't think it's worth adding a new condition - at some stage we'll want to add a backend for pSeries anyway. Fixes: 61f879d97ce4 ("powerpc/pseries: Detect secure and trusted boot state of the system.") Cc: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Daniel Axtens <dja@axtens.net> --- arch/powerpc/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)