On Tue, 2024-05-14 at 12:17 +0200, Greg Kroah-Hartman wrote:
6.1-stable review patch. If anyone has any objections, please let me know.
From: Nayna Jain nayna@linux.ibm.com
[ Upstream commit 899d9b8fee66da820eadc60b2a70090eb83db761 ]
The Platform Keystore provides a signed update interface which can be used to create, replace or append to certain variables in the PKS in a secure fashion, with the hypervisor requiring that the update be signed using the Platform Key.
Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks driver to allow signed updates to PKS objects.
(The plpks driver doesn't need to do any cryptography or otherwise handle the actual signed variable contents - that will be handled by userspace tooling.)
Signed-off-by: Nayna Jain nayna@linux.ibm.com [ajd: split patch, add timeout handling and misc cleanups] Co-developed-by: Andrew Donnellan ajd@linux.ibm.com Signed-off-by: Andrew Donnellan ajd@linux.ibm.com Signed-off-by: Russell Currey ruscur@russell.cc Reviewed-by: Stefan Berger stefanb@linux.ibm.com Signed-off-by: Michael Ellerman mpe@ellerman.id.au Link: https://lore.kernel.org/r/20230210080401.345462-18-ajd@linux.ibm.com Stable-dep-of: 784354349d2c ("powerpc/pseries: make max polling consistent for longer H_CALLs") Signed-off-by: Sasha Levin sashal@kernel.org
This is a new feature and I don't think it should be backported. 784354349d2c can be backported by dropping the plpks_signed_update_var() hunk.