mirror of
https://github.com/torvalds/linux
synced 2024-10-15 15:59:15 +00:00
91361b5175
Before interacting with the PLPKS, we ask the hypervisor to generate a password for the current boot, which is then required for most further PLPKS operations. If we kexec into a new kernel, the new kernel will try and fail to generate a new password, as the password has already been set. Pass the password through to the new kernel via the device tree, in /chosen/ibm,plpks-pw. Check for the presence of this property before trying to generate a new password - if it exists, use the existing password and remove it from the device tree. This only works with the kexec_file_load() syscall, not the older kexec_load() syscall, however if you're using Secure Boot then you want to be using kexec_file_load() anyway. Signed-off-by: Russell Currey <ruscur@russell.cc> Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20230210080401.345462-24-ajd@linux.ibm.com |
||
---|---|---|
.. | ||
core.c | ||
core_32.c | ||
core_64.c | ||
crash.c | ||
elf_64.c | ||
file_load.c | ||
file_load_64.c | ||
Makefile | ||
ranges.c | ||
relocate_32.S |