xref: /linux/Documentation/ABI/testing/sysfs-secvar (revision 9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e)
1What:		/sys/firmware/secvar
2Date:		August 2019
3Contact:	Nayna Jain <nayna@linux.ibm.com>
4Description:	This directory is created if the POWER firmware supports OS
5		secureboot, thereby secure variables. It exposes interface
6		for reading/writing the secure variables
7
8What:		/sys/firmware/secvar/vars
9Date:		August 2019
10Contact:	Nayna Jain <nayna@linux.ibm.com>
11Description:	This directory lists all the secure variables that are supported
12		by the firmware.
13
14What:		/sys/firmware/secvar/format
15Date:		August 2019
16Contact:	Nayna Jain <nayna@linux.ibm.com>
17Description:	A string indicating which backend is in use by the firmware.
18		This determines the format of the variable and the accepted
19		format of variable updates.
20
21		On powernv/OPAL, this value is provided by the OPAL firmware
22		and is expected to be "ibm,edk2-compat-v1".
23
24		On pseries/PLPKS, this is generated by the kernel based on the
25		version number in the SB_VERSION variable in the keystore, and
26		has the form "ibm,plpks-sb-v<version>", or
27		"ibm,plpks-sb-unknown" if there is no SB_VERSION variable.
28
29What:		/sys/firmware/secvar/vars/<variable name>
30Date:		August 2019
31Contact:	Nayna Jain <nayna@linux.ibm.com>
32Description:	Each secure variable is represented as a directory named as
33		<variable_name>. The variable name is unique and is in ASCII
34		representation. The data and size can be determined by reading
35		their respective attribute files.
36
37What:		/sys/firmware/secvar/vars/<variable_name>/size
38Date:		August 2019
39Contact:	Nayna Jain <nayna@linux.ibm.com>
40Description:	An integer representation of the size of the content of the
41		variable. In other words, it represents the size of the data.
42
43What:		/sys/firmware/secvar/vars/<variable_name>/data
44Date:		August 2019
45Contact:	Nayna Jain <nayna@linux.ibm.com>
46Description:	A read-only file containing the value of the variable. The size
47		of the file represents the maximum size of the variable data.
48
49What:		/sys/firmware/secvar/vars/<variable_name>/update
50Date:		August 2019
51Contact:	Nayna Jain <nayna@linux.ibm.com>
52Description:	A write-only file that is used to submit the new value for the
53		variable. The size of the file represents the maximum size of
54		the variable data that can be written.
55
56What:		/sys/firmware/secvar/config
57Date:		February 2023
58Contact:	Nayna Jain <nayna@linux.ibm.com>
59Description:	This optional directory contains read-only config attributes as
60		defined by the secure variable implementation.  All data is in
61		ASCII format. The directory is only created if the backing
62		implementation provides variables to populate it, which at
63		present is only PLPKS on the pseries platform.
64
65What:		/sys/firmware/secvar/config/version
66Date:		February 2023
67Contact:	Nayna Jain <nayna@linux.ibm.com>
68Description:	Config version as reported by the hypervisor in ASCII decimal
69		format.
70
71		Currently only provided by PLPKS on the pseries platform.
72
73What:		/sys/firmware/secvar/config/max_object_size
74Date:		February 2023
75Contact:	Nayna Jain <nayna@linux.ibm.com>
76Description:	Maximum allowed size of	objects in the keystore in bytes,
77		represented in ASCII decimal format.
78
79		This is not necessarily the same as the max size that can be
80		written to an update file as writes can contain more than
81		object data, you should use the size of the update file for
82		that purpose.
83
84		Currently only provided by PLPKS on the pseries platform.
85
86What:		/sys/firmware/secvar/config/total_size
87Date:		February 2023
88Contact:	Nayna Jain <nayna@linux.ibm.com>
89Description:	Total size of the PLPKS in bytes, represented in ASCII decimal
90		format.
91
92		Currently only provided by PLPKS on the pseries platform.
93
94What:		/sys/firmware/secvar/config/used_space
95Date:		February 2023
96Contact:	Nayna Jain <nayna@linux.ibm.com>
97Description:	Current space consumed by the key store, in bytes, represented
98		in ASCII decimal format.
99
100		Currently only provided by PLPKS on the pseries platform.
101
102What:		/sys/firmware/secvar/config/supported_policies
103Date:		February 2023
104Contact:	Nayna Jain <nayna@linux.ibm.com>
105Description:	Bitmask of supported policy flags by the hypervisor,
106		represented as an 8 byte hexadecimal ASCII string. Consult the
107		hypervisor documentation for what these flags are.
108
109		Currently only provided by PLPKS on the pseries platform.
110
111What:		/sys/firmware/secvar/config/signed_update_algorithms
112Date:		February 2023
113Contact:	Nayna Jain <nayna@linux.ibm.com>
114Description:	Bitmask of flags indicating which algorithms the hypervisor
115		supports for signed update of objects, represented as a 16 byte
116		hexadecimal ASCII string. Consult the hypervisor documentation
117		for what these flags mean.
118
119		Currently only provided by PLPKS on the pseries platform.
120