1What: /sys/firmware/secvar 2Date: August 2019 3Contact: Nayna Jain <nayna@linux.ibm.com> 4Description: This directory is created if the POWER firmware supports OS 5 secureboot, thereby secure variables. It exposes interface 6 for reading/writing the secure variables 7 8What: /sys/firmware/secvar/vars 9Date: August 2019 10Contact: Nayna Jain <nayna@linux.ibm.com> 11Description: This directory lists all the secure variables that are supported 12 by the firmware. 13 14What: /sys/firmware/secvar/format 15Date: August 2019 16Contact: Nayna Jain <nayna@linux.ibm.com> 17Description: A string indicating which backend is in use by the firmware. 18 This determines the format of the variable and the accepted 19 format of variable updates. 20 21 On powernv/OPAL, this value is provided by the OPAL firmware 22 and is expected to be "ibm,edk2-compat-v1". 23 24 On pseries/PLPKS, this is generated by the kernel based on the 25 version number in the SB_VERSION variable in the keystore. The 26 version numbering in the SB_VERSION variable starts from 1. The 27 format string takes the form "ibm,plpks-sb-v<version>" in the 28 case of dynamic key management mode. If the SB_VERSION variable 29 does not exist (or there is an error while reading it), it takes 30 the form "ibm,plpks-sb-v0", indicating that the key management 31 mode is static. 32 33What: /sys/firmware/secvar/vars/<variable name> 34Date: August 2019 35Contact: Nayna Jain <nayna@linux.ibm.com> 36Description: Each secure variable is represented as a directory named as 37 <variable_name>. The variable name is unique and is in ASCII 38 representation. The data and size can be determined by reading 39 their respective attribute files. 40 41 Only secvars relevant to the key management mode are exposed. 42 Only in the dynamic key management mode should the user have 43 access (read and write) to the secure boot secvars db, dbx, 44 grubdb, grubdbx, and sbat. These secvars are not consumed in the 45 static key management mode. PK, trustedcadb and moduledb are the 46 secvars common to both static and dynamic key management modes. 47 48What: /sys/firmware/secvar/vars/<variable_name>/size 49Date: August 2019 50Contact: Nayna Jain <nayna@linux.ibm.com> 51Description: An integer representation of the size of the content of the 52 variable. In other words, it represents the size of the data. 53 54What: /sys/firmware/secvar/vars/<variable_name>/data 55Date: August 2019 56Contact: Nayna Jain <nayna@linux.ibm.com> 57Description: A read-only file containing the value of the variable. The size 58 of the file represents the maximum size of the variable data. 59 60What: /sys/firmware/secvar/vars/<variable_name>/update 61Date: August 2019 62Contact: Nayna Jain <nayna@linux.ibm.com> 63Description: A write-only file that is used to submit the new value for the 64 variable. The size of the file represents the maximum size of 65 the variable data that can be written. 66