Re: [PATCH v0 0/2] Secure Boot Advanced Targeting (SBAT) support on powerpc

[Michael Chang]

On Wed, Apr 17, 2024 at 01:27:02AM GMT, Sudhakar Kuppusamy wrote:
> This patch set contains the v0 for Secure Boot Advanced Targeting (SBAT) 
> support on powerpc secure boot. 

Hi Sudhakar,

This patch series cannot be applied to the upstream master because the
prerequisites patch series for powerpc secure boot support have not been
merged. You should probably consider adding sbat to the powerpc secure
boot patches and repost here for review.

Thanks,
Michael

> 
> In powerpc,  PE format Binary are not supported and can't use shim 
> (https://github.com/rhboot/shim/blob/main/SBAT.md).
> However, ELF binary are supported. So, we created new ELF note for SBAT in 
> ELF binary which store the SBAT data and
> SBAT verifier will be there in firmware to read SBAT data from ELF note and 
> validate it.
> 
> this patch series consists of 2 parts:
> 
>  1) Patch 1: create new ELF Note for SBAT
>     
>     we add a new ELF note for SBAT which store the SBAT data.
>     The name field of shall be the string "Secure-Boot-Advanced-Targeting", 
> zero-padded
>     to 4 byte alignment. The type field shall be 0x41536967 (the ASCII values
>     for the string "sbat").
> 
>  2) Patch 2: adding sbat data into sbat ELF Note
>     
>     it reads the SBAT data from sbat.csv and create the ELF Note for it then
>     store the SBAT data on it while generate image with -s option
> 
> Sudhakar Kuppusamy and Daniel Axtens (2):
>   mkimage: create new ELF Note for SBAT
>   mkimage: adding sbat data into sbat ELF Note on powerpc
> 
>  include/grub/util/mkimage.h |  4 +--
>  util/grub-mkimagexx.c       | 61 ++++++++++++++++++++++++++++++++++---
>  util/mkimage.c              | 21 ++++++++++---
>  3 files changed, 74 insertions(+), 12 deletions(-)
> 
> -- 
> 2.39.3
> 
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel