1 What: /sys/firmware/secvar 1 What: /sys/firmware/secvar
2 Date: August 2019 2 Date: August 2019
3 Contact: Nayna Jain <nayna@linux.ibm.com 3 Contact: Nayna Jain <nayna@linux.ibm.com>
4 Description: This directory is created if t 4 Description: This directory is created if the POWER firmware supports OS
5 secureboot, thereby secure var 5 secureboot, thereby secure variables. It exposes interface
6 for reading/writing the secure 6 for reading/writing the secure variables
7 7
8 What: /sys/firmware/secvar/vars 8 What: /sys/firmware/secvar/vars
9 Date: August 2019 9 Date: August 2019
10 Contact: Nayna Jain <nayna@linux.ibm.com 10 Contact: Nayna Jain <nayna@linux.ibm.com>
11 Description: This directory lists all the s 11 Description: This directory lists all the secure variables that are supported
12 by the firmware. 12 by the firmware.
13 13
14 What: /sys/firmware/secvar/format 14 What: /sys/firmware/secvar/format
15 Date: August 2019 15 Date: August 2019
16 Contact: Nayna Jain <nayna@linux.ibm.com 16 Contact: Nayna Jain <nayna@linux.ibm.com>
17 Description: A string indicating which back 17 Description: A string indicating which backend is in use by the firmware.
18 This determines the format of 18 This determines the format of the variable and the accepted
19 format of variable updates. 19 format of variable updates.
20 20
21 On powernv/OPAL, this value is <<
22 and is expected to be "ibm,edk <<
23 <<
24 On pseries/PLPKS, this is gene <<
25 version number in the SB_VERSI <<
26 has the form "ibm,plpks-sb-v<v <<
27 "ibm,plpks-sb-unknown" if ther <<
28 <<
29 What: /sys/firmware/secvar/vars/<var 21 What: /sys/firmware/secvar/vars/<variable name>
30 Date: August 2019 22 Date: August 2019
31 Contact: Nayna Jain <nayna@linux.ibm.com 23 Contact: Nayna Jain <nayna@linux.ibm.com>
32 Description: Each secure variable is repres 24 Description: Each secure variable is represented as a directory named as
33 <variable_name>. The variable 25 <variable_name>. The variable name is unique and is in ASCII
34 representation. The data and s 26 representation. The data and size can be determined by reading
35 their respective attribute fil 27 their respective attribute files.
36 28
37 What: /sys/firmware/secvar/vars/<var 29 What: /sys/firmware/secvar/vars/<variable_name>/size
38 Date: August 2019 30 Date: August 2019
39 Contact: Nayna Jain <nayna@linux.ibm.com 31 Contact: Nayna Jain <nayna@linux.ibm.com>
40 Description: An integer representation of t 32 Description: An integer representation of the size of the content of the
41 variable. In other words, it r 33 variable. In other words, it represents the size of the data.
42 34
43 What: /sys/firmware/secvar/vars/<var 35 What: /sys/firmware/secvar/vars/<variable_name>/data
44 Date: August 2019 36 Date: August 2019
45 Contact: Nayna Jain <nayna@linux.ibm.com !! 37 Contact: Nayna Jain h<nayna@linux.ibm.com>
46 Description: A read-only file containing th 38 Description: A read-only file containing the value of the variable. The size
47 of the file represents the max 39 of the file represents the maximum size of the variable data.
48 40
49 What: /sys/firmware/secvar/vars/<var 41 What: /sys/firmware/secvar/vars/<variable_name>/update
50 Date: August 2019 42 Date: August 2019
51 Contact: Nayna Jain <nayna@linux.ibm.com 43 Contact: Nayna Jain <nayna@linux.ibm.com>
52 Description: A write-only file that is used 44 Description: A write-only file that is used to submit the new value for the
53 variable. The size of the file 45 variable. The size of the file represents the maximum size of
54 the variable data that can be 46 the variable data that can be written.
55 <<
56 What: /sys/firmware/secvar/config <<
57 Date: February 2023 <<
58 Contact: Nayna Jain <nayna@linux.ibm.com <<
59 Description: This optional directory contai <<
60 defined by the secure variable <<
61 ASCII format. The directory is <<
62 implementation provides variab <<
63 present is only PLPKS on the p <<
64 <<
65 What: /sys/firmware/secvar/config/ve <<
66 Date: February 2023 <<
67 Contact: Nayna Jain <nayna@linux.ibm.com <<
68 Description: Config version as reported by <<
69 format. <<
70 <<
71 Currently only provided by PLP <<
72 <<
73 What: /sys/firmware/secvar/config/ma <<
74 Date: February 2023 <<
75 Contact: Nayna Jain <nayna@linux.ibm.com <<
76 Description: Maximum allowed size of object <<
77 represented in ASCII decimal f <<
78 <<
79 This is not necessarily the sa <<
80 written to an update file as w <<
81 object data, you should use th <<
82 that purpose. <<
83 <<
84 Currently only provided by PLP <<
85 <<
86 What: /sys/firmware/secvar/config/to <<
87 Date: February 2023 <<
88 Contact: Nayna Jain <nayna@linux.ibm.com <<
89 Description: Total size of the PLPKS in byt <<
90 format. <<
91 <<
92 Currently only provided by PLP <<
93 <<
94 What: /sys/firmware/secvar/config/us <<
95 Date: February 2023 <<
96 Contact: Nayna Jain <nayna@linux.ibm.com <<
97 Description: Current space consumed by the <<
98 in ASCII decimal format. <<
99 <<
100 Currently only provided by PLP <<
101 <<
102 What: /sys/firmware/secvar/config/su <<
103 Date: February 2023 <<
104 Contact: Nayna Jain <nayna@linux.ibm.com <<
105 Description: Bitmask of supported policy fl <<
106 represented as an 8 byte hexad <<
107 hypervisor documentation for w <<
108 <<
109 Currently only provided by PLP <<
110 <<
111 What: /sys/firmware/secvar/config/si <<
112 Date: February 2023 <<
113 Contact: Nayna Jain <nayna@linux.ibm.com <<
114 Description: Bitmask of flags indicating wh <<
115 supports for signed update of <<
116 hexadecimal ASCII string. Cons <<
117 for what these flags mean. <<
118 <<
119 Currently only provided by PLP <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.