xref: /linux/Documentation/ABI/testing/sysfs-secvar (revision ccadf154cb00b9ee9618d209aa3efc54b35a34b4)
1bd5d9c74SNayna JainWhat:		/sys/firmware/secvar
2bd5d9c74SNayna JainDate:		August 2019
3bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
4bd5d9c74SNayna JainDescription:	This directory is created if the POWER firmware supports OS
5bd5d9c74SNayna Jain		secureboot, thereby secure variables. It exposes interface
6bd5d9c74SNayna Jain		for reading/writing the secure variables
7bd5d9c74SNayna Jain
8bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/vars
9bd5d9c74SNayna JainDate:		August 2019
10bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
11bd5d9c74SNayna JainDescription:	This directory lists all the secure variables that are supported
12bd5d9c74SNayna Jain		by the firmware.
13bd5d9c74SNayna Jain
14bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/format
15bd5d9c74SNayna JainDate:		August 2019
16bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
17bd5d9c74SNayna JainDescription:	A string indicating which backend is in use by the firmware.
18bd5d9c74SNayna Jain		This determines the format of the variable and the accepted
19bd5d9c74SNayna Jain		format of variable updates.
20bd5d9c74SNayna Jain
21*ccadf154SRussell Currey		On powernv/OPAL, this value is provided by the OPAL firmware
22*ccadf154SRussell Currey		and is expected to be "ibm,edk2-compat-v1".
23*ccadf154SRussell Currey
24*ccadf154SRussell Currey		On pseries/PLPKS, this is generated by the kernel based on the
25*ccadf154SRussell Currey		version number in the SB_VERSION variable in the keystore, and
26*ccadf154SRussell Currey		has the form "ibm,plpks-sb-v<version>", or
27*ccadf154SRussell Currey		"ibm,plpks-sb-unknown" if there is no SB_VERSION variable.
28*ccadf154SRussell Currey
29bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/vars/<variable name>
30bd5d9c74SNayna JainDate:		August 2019
31bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
32bd5d9c74SNayna JainDescription:	Each secure variable is represented as a directory named as
33bd5d9c74SNayna Jain		<variable_name>. The variable name is unique and is in ASCII
34bd5d9c74SNayna Jain		representation. The data and size can be determined by reading
35bd5d9c74SNayna Jain		their respective attribute files.
36bd5d9c74SNayna Jain
37bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/vars/<variable_name>/size
38bd5d9c74SNayna JainDate:		August 2019
39bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
40bd5d9c74SNayna JainDescription:	An integer representation of the size of the content of the
41bd5d9c74SNayna Jain		variable. In other words, it represents the size of the data.
42bd5d9c74SNayna Jain
43bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/vars/<variable_name>/data
44bd5d9c74SNayna JainDate:		August 2019
45*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
46bd5d9c74SNayna JainDescription:	A read-only file containing the value of the variable. The size
47bd5d9c74SNayna Jain		of the file represents the maximum size of the variable data.
48bd5d9c74SNayna Jain
49bd5d9c74SNayna JainWhat:		/sys/firmware/secvar/vars/<variable_name>/update
50bd5d9c74SNayna JainDate:		August 2019
51bd5d9c74SNayna JainContact:	Nayna Jain <nayna@linux.ibm.com>
52bd5d9c74SNayna JainDescription:	A write-only file that is used to submit the new value for the
53bd5d9c74SNayna Jain		variable. The size of the file represents the maximum size of
54bd5d9c74SNayna Jain		the variable data that can be written.
55*ccadf154SRussell Currey
56*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config
57*ccadf154SRussell CurreyDate:		February 2023
58*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
59*ccadf154SRussell CurreyDescription:	This optional directory contains read-only config attributes as
60*ccadf154SRussell Currey		defined by the secure variable implementation.  All data is in
61*ccadf154SRussell Currey		ASCII format. The directory is only created if the backing
62*ccadf154SRussell Currey		implementation provides variables to populate it, which at
63*ccadf154SRussell Currey		present is only PLPKS on the pseries platform.
64*ccadf154SRussell Currey
65*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/version
66*ccadf154SRussell CurreyDate:		February 2023
67*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
68*ccadf154SRussell CurreyDescription:	Config version as reported by the hypervisor in ASCII decimal
69*ccadf154SRussell Currey		format.
70*ccadf154SRussell Currey
71*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
72*ccadf154SRussell Currey
73*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/max_object_size
74*ccadf154SRussell CurreyDate:		February 2023
75*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
76*ccadf154SRussell CurreyDescription:	Maximum allowed size of	objects in the keystore in bytes,
77*ccadf154SRussell Currey		represented in ASCII decimal format.
78*ccadf154SRussell Currey
79*ccadf154SRussell Currey		This is not necessarily the same as the max size that can be
80*ccadf154SRussell Currey		written to an update file as writes can contain more than
81*ccadf154SRussell Currey		object data, you should use the size of the update file for
82*ccadf154SRussell Currey		that purpose.
83*ccadf154SRussell Currey
84*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
85*ccadf154SRussell Currey
86*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/total_size
87*ccadf154SRussell CurreyDate:		February 2023
88*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
89*ccadf154SRussell CurreyDescription:	Total size of the PLPKS in bytes, represented in ASCII decimal
90*ccadf154SRussell Currey		format.
91*ccadf154SRussell Currey
92*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
93*ccadf154SRussell Currey
94*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/used_space
95*ccadf154SRussell CurreyDate:		February 2023
96*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
97*ccadf154SRussell CurreyDescription:	Current space consumed by the key store, in bytes, represented
98*ccadf154SRussell Currey		in ASCII decimal format.
99*ccadf154SRussell Currey
100*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
101*ccadf154SRussell Currey
102*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/supported_policies
103*ccadf154SRussell CurreyDate:		February 2023
104*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
105*ccadf154SRussell CurreyDescription:	Bitmask of supported policy flags by the hypervisor,
106*ccadf154SRussell Currey		represented as an 8 byte hexadecimal ASCII string. Consult the
107*ccadf154SRussell Currey		hypervisor documentation for what these flags are.
108*ccadf154SRussell Currey
109*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
110*ccadf154SRussell Currey
111*ccadf154SRussell CurreyWhat:		/sys/firmware/secvar/config/signed_update_algorithms
112*ccadf154SRussell CurreyDate:		February 2023
113*ccadf154SRussell CurreyContact:	Nayna Jain <nayna@linux.ibm.com>
114*ccadf154SRussell CurreyDescription:	Bitmask of flags indicating which algorithms the hypervisor
115*ccadf154SRussell Currey		supports for signed update of objects, represented as a 16 byte
116*ccadf154SRussell Currey		hexadecimal ASCII string. Consult the hypervisor documentation
117*ccadf154SRussell Currey		for what these flags mean.
118*ccadf154SRussell Currey
119*ccadf154SRussell Currey		Currently only provided by PLPKS on the pseries platform.
120