1What: /sys/firmware/secvar 2Date: August 2019 3Contact: Nayna Jain <nayna@linux.ibm.com> 4Description: This directory is created if the POWER firmware supports OS 5 secureboot, thereby secure variables. It exposes interface 6 for reading/writing the secure variables 7 8What: /sys/firmware/secvar/vars 9Date: August 2019 10Contact: Nayna Jain <nayna@linux.ibm.com> 11Description: This directory lists all the secure variables that are supported 12 by the firmware. 13 14What: /sys/firmware/secvar/format 15Date: August 2019 16Contact: Nayna Jain <nayna@linux.ibm.com> 17Description: A string indicating which backend is in use by the firmware. 18 This determines the format of the variable and the accepted 19 format of variable updates. 20 21 On powernv/OPAL, this value is provided by the OPAL firmware 22 and is expected to be "ibm,edk2-compat-v1". 23 24 On pseries/PLPKS, this is generated by the kernel based on the 25 version number in the SB_VERSION variable in the keystore, and 26 has the form "ibm,plpks-sb-v<version>", or 27 "ibm,plpks-sb-unknown" if there is no SB_VERSION variable. 28 29What: /sys/firmware/secvar/vars/<variable name> 30Date: August 2019 31Contact: Nayna Jain <nayna@linux.ibm.com> 32Description: Each secure variable is represented as a directory named as 33 <variable_name>. The variable name is unique and is in ASCII 34 representation. The data and size can be determined by reading 35 their respective attribute files. 36 37What: /sys/firmware/secvar/vars/<variable_name>/size 38Date: August 2019 39Contact: Nayna Jain <nayna@linux.ibm.com> 40Description: An integer representation of the size of the content of the 41 variable. In other words, it represents the size of the data. 42 43What: /sys/firmware/secvar/vars/<variable_name>/data 44Date: August 2019 45Contact: Nayna Jain <nayna@linux.ibm.com> 46Description: A read-only file containing the value of the variable. The size 47 of the file represents the maximum size of the variable data. 48 49What: /sys/firmware/secvar/vars/<variable_name>/update 50Date: August 2019 51Contact: Nayna Jain <nayna@linux.ibm.com> 52Description: A write-only file that is used to submit the new value for the 53 variable. The size of the file represents the maximum size of 54 the variable data that can be written. 55 56What: /sys/firmware/secvar/config 57Date: February 2023 58Contact: Nayna Jain <nayna@linux.ibm.com> 59Description: This optional directory contains read-only config attributes as 60 defined by the secure variable implementation. All data is in 61 ASCII format. The directory is only created if the backing 62 implementation provides variables to populate it, which at 63 present is only PLPKS on the pseries platform. 64 65What: /sys/firmware/secvar/config/version 66Date: February 2023 67Contact: Nayna Jain <nayna@linux.ibm.com> 68Description: Config version as reported by the hypervisor in ASCII decimal 69 format. 70 71 Currently only provided by PLPKS on the pseries platform. 72 73What: /sys/firmware/secvar/config/max_object_size 74Date: February 2023 75Contact: Nayna Jain <nayna@linux.ibm.com> 76Description: Maximum allowed size of objects in the keystore in bytes, 77 represented in ASCII decimal format. 78 79 This is not necessarily the same as the max size that can be 80 written to an update file as writes can contain more than 81 object data, you should use the size of the update file for 82 that purpose. 83 84 Currently only provided by PLPKS on the pseries platform. 85 86What: /sys/firmware/secvar/config/total_size 87Date: February 2023 88Contact: Nayna Jain <nayna@linux.ibm.com> 89Description: Total size of the PLPKS in bytes, represented in ASCII decimal 90 format. 91 92 Currently only provided by PLPKS on the pseries platform. 93 94What: /sys/firmware/secvar/config/used_space 95Date: February 2023 96Contact: Nayna Jain <nayna@linux.ibm.com> 97Description: Current space consumed by the key store, in bytes, represented 98 in ASCII decimal format. 99 100 Currently only provided by PLPKS on the pseries platform. 101 102What: /sys/firmware/secvar/config/supported_policies 103Date: February 2023 104Contact: Nayna Jain <nayna@linux.ibm.com> 105Description: Bitmask of supported policy flags by the hypervisor, 106 represented as an 8 byte hexadecimal ASCII string. Consult the 107 hypervisor documentation for what these flags are. 108 109 Currently only provided by PLPKS on the pseries platform. 110 111What: /sys/firmware/secvar/config/signed_update_algorithms 112Date: February 2023 113Contact: Nayna Jain <nayna@linux.ibm.com> 114Description: Bitmask of flags indicating which algorithms the hypervisor 115 supports for signed update of objects, represented as a 16 byte 116 hexadecimal ASCII string. Consult the hypervisor documentation 117 for what these flags mean. 118 119 Currently only provided by PLPKS on the pseries platform. 120