Commit 46b2cbeb authored by Andrew Donnellan's avatar Andrew Donnellan Committed by Michael Ellerman
Browse files

powerpc/pseries: Turn PSERIES_PLPKS into a hidden option 



It seems a bit unnecessary for the PLPKS code to have a user-visible
config option when it doesn't do anything on its own, and there's existing
options for enabling Secure Boot-related features.

It should be enabled by PPC_SECURE_BOOT, which will eventually be what
uses PLPKS to populate keyrings.

However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.

Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.

Signed-off-by: default avatarAndrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: default avatarRussell Currey <ruscur@russell.cc>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230210080401.345462-21-ajd@linux.ibm.com
parent 0cf2cc1f

arch/powerpc/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -1042,6 +1042,7 @@ config PPC_SECURE_BOOT 
	depends on PPC_POWERNV || PPC_PSERIES

	depends on IMA_ARCH_POLICY

	imply IMA_SECURE_AND_OR_TRUSTED_BOOT

	select PSERIES_PLPKS if PPC_PSERIES

	help

	  Systems with firmware secure boot enabled need to define security

	  policies to extend secure boot to the OS. This config allows a user

arch/powerpc/platforms/pseries/Kconfig

+9 −10
Original line number Diff line number Diff line
@@ -151,16 +151,15 @@ config IBMEBUS 


config PSERIES_PLPKS

	depends on PPC_PSERIES

	bool "Support for the Platform Key Storage"

	help

	  PowerVM provides an isolated Platform Keystore(PKS) storage

	  allocation for each LPAR with individually managed access

	  controls to store sensitive information securely. It can be

	  used to store asymmetric public keys or secrets as required

	  by different usecases. Select this config to enable

	  operating system interface to hypervisor to access this space.



	  If unsure, select N.

	bool

	# PowerVM provides an isolated Platform Keystore (PKS) storage

	# allocation for each LPAR with individually managed access

	# controls to store sensitive information securely. It can be

	# used to store asymmetric public keys or secrets as required

	# by different usecases.

	#

	# This option is selected by in-kernel consumers that require

	# access to the PKS.



config PAPR_SCM

	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM