Documentation/ABI/testing/sysfs-secvar - linux/kernel/git/gregkh/tty - Git at Google

 What:		/sys/firmware/secvar
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	This directory is created if the POWER firmware supports OS
 		secureboot, thereby secure variables. It exposes interface
 		for reading/writing the secure variables

 What:		/sys/firmware/secvar/vars
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	This directory lists all the secure variables that are supported
 		by the firmware.

 What:		/sys/firmware/secvar/format
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	A string indicating which backend is in use by the firmware.
 		This determines the format of the variable and the accepted
 		format of variable updates.

 		On powernv/OPAL, this value is provided by the OPAL firmware
 		and is expected to be "ibm,edk2-compat-v1".

 		On pseries/PLPKS, this is generated by the kernel based on the
 		version number in the SB_VERSION variable in the keystore. The
 		version numbering in the SB_VERSION variable starts from 1. The
 		format string takes the form "ibm,plpks-sb-v<version>" in the
 		case of dynamic key management mode. If the SB_VERSION variable
 		does not exist (or there is an error while reading it), it takes
 		the form "ibm,plpks-sb-v0", indicating that the key management
 		mode is static.

 What:		/sys/firmware/secvar/vars/<variable name>
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	Each secure variable is represented as a directory named as
 		<variable_name>. The variable name is unique and is in ASCII
 		representation. The data and size can be determined by reading
 		their respective attribute files.

 		Only secvars relevant to the key management mode are exposed.
 		Only in the dynamic key management mode should the user have
 		access (read and write) to the secure boot secvars db, dbx,
 		grubdb, grubdbx, and sbat. These secvars are not consumed in the
 		static key management mode. PK, trustedcadb and moduledb are the
 		secvars common to both static and dynamic key management modes.

 What:		/sys/firmware/secvar/vars/<variable_name>/size
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	An integer representation of the size of the content of the
 		variable. In other words, it represents the size of the data.

 What:		/sys/firmware/secvar/vars/<variable_name>/data
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	A read-only file containing the value of the variable. The size
 		of the file represents the maximum size of the variable data.

 What:		/sys/firmware/secvar/vars/<variable_name>/update
 Date:		August 2019
 Contact:	Nayna Jain <nayna@linux.ibm.com>
 Description:	A write-only file that is used to submit the new value for the
 		variable. The size of the file represents the maximum size of
 		the variable data that can be written.
	What: /sys/firmware/secvar
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: This directory is created if the POWER firmware supports OS
	secureboot, thereby secure variables. It exposes interface
	for reading/writing the secure variables

	What: /sys/firmware/secvar/vars
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: This directory lists all the secure variables that are supported
	by the firmware.

	What: /sys/firmware/secvar/format
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: A string indicating which backend is in use by the firmware.
	This determines the format of the variable and the accepted
	format of variable updates.

	On powernv/OPAL, this value is provided by the OPAL firmware
	and is expected to be "ibm,edk2-compat-v1".

	On pseries/PLPKS, this is generated by the kernel based on the
	version number in the SB_VERSION variable in the keystore. The
	version numbering in the SB_VERSION variable starts from 1. The
	format string takes the form "ibm,plpks-sb-v<version>" in the
	case of dynamic key management mode. If the SB_VERSION variable
	does not exist (or there is an error while reading it), it takes
	the form "ibm,plpks-sb-v0", indicating that the key management
	mode is static.

	What: /sys/firmware/secvar/vars/<variable name>
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: Each secure variable is represented as a directory named as
	<variable_name>. The variable name is unique and is in ASCII
	representation. The data and size can be determined by reading
	their respective attribute files.

	Only secvars relevant to the key management mode are exposed.
	Only in the dynamic key management mode should the user have
	access (read and write) to the secure boot secvars db, dbx,
	grubdb, grubdbx, and sbat. These secvars are not consumed in the
	static key management mode. PK, trustedcadb and moduledb are the
	secvars common to both static and dynamic key management modes.

	What: /sys/firmware/secvar/vars/<variable_name>/size
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: An integer representation of the size of the content of the
	variable. In other words, it represents the size of the data.

	What: /sys/firmware/secvar/vars/<variable_name>/data
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: A read-only file containing the value of the variable. The size
	of the file represents the maximum size of the variable data.

	What: /sys/firmware/secvar/vars/<variable_name>/update
	Date: August 2019
	Contact: Nayna Jain <nayna@linux.ibm.com>
	Description: A write-only file that is used to submit the new value for the
	variable. The size of the file represents the maximum size of
	the variable data that can be written.