162306a36Sopenharmony_ciWhat:		/sys/firmware/secvar
262306a36Sopenharmony_ciDate:		August 2019
362306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
462306a36Sopenharmony_ciDescription:	This directory is created if the POWER firmware supports OS
562306a36Sopenharmony_ci		secureboot, thereby secure variables. It exposes interface
662306a36Sopenharmony_ci		for reading/writing the secure variables
762306a36Sopenharmony_ci
862306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/vars
962306a36Sopenharmony_ciDate:		August 2019
1062306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
1162306a36Sopenharmony_ciDescription:	This directory lists all the secure variables that are supported
1262306a36Sopenharmony_ci		by the firmware.
1362306a36Sopenharmony_ci
1462306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/format
1562306a36Sopenharmony_ciDate:		August 2019
1662306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
1762306a36Sopenharmony_ciDescription:	A string indicating which backend is in use by the firmware.
1862306a36Sopenharmony_ci		This determines the format of the variable and the accepted
1962306a36Sopenharmony_ci		format of variable updates.
2062306a36Sopenharmony_ci
2162306a36Sopenharmony_ci		On powernv/OPAL, this value is provided by the OPAL firmware
2262306a36Sopenharmony_ci		and is expected to be "ibm,edk2-compat-v1".
2362306a36Sopenharmony_ci
2462306a36Sopenharmony_ci		On pseries/PLPKS, this is generated by the kernel based on the
2562306a36Sopenharmony_ci		version number in the SB_VERSION variable in the keystore, and
2662306a36Sopenharmony_ci		has the form "ibm,plpks-sb-v<version>", or
2762306a36Sopenharmony_ci		"ibm,plpks-sb-unknown" if there is no SB_VERSION variable.
2862306a36Sopenharmony_ci
2962306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/vars/<variable name>
3062306a36Sopenharmony_ciDate:		August 2019
3162306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
3262306a36Sopenharmony_ciDescription:	Each secure variable is represented as a directory named as
3362306a36Sopenharmony_ci		<variable_name>. The variable name is unique and is in ASCII
3462306a36Sopenharmony_ci		representation. The data and size can be determined by reading
3562306a36Sopenharmony_ci		their respective attribute files.
3662306a36Sopenharmony_ci
3762306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/vars/<variable_name>/size
3862306a36Sopenharmony_ciDate:		August 2019
3962306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
4062306a36Sopenharmony_ciDescription:	An integer representation of the size of the content of the
4162306a36Sopenharmony_ci		variable. In other words, it represents the size of the data.
4262306a36Sopenharmony_ci
4362306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/vars/<variable_name>/data
4462306a36Sopenharmony_ciDate:		August 2019
4562306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
4662306a36Sopenharmony_ciDescription:	A read-only file containing the value of the variable. The size
4762306a36Sopenharmony_ci		of the file represents the maximum size of the variable data.
4862306a36Sopenharmony_ci
4962306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/vars/<variable_name>/update
5062306a36Sopenharmony_ciDate:		August 2019
5162306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
5262306a36Sopenharmony_ciDescription:	A write-only file that is used to submit the new value for the
5362306a36Sopenharmony_ci		variable. The size of the file represents the maximum size of
5462306a36Sopenharmony_ci		the variable data that can be written.
5562306a36Sopenharmony_ci
5662306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config
5762306a36Sopenharmony_ciDate:		February 2023
5862306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
5962306a36Sopenharmony_ciDescription:	This optional directory contains read-only config attributes as
6062306a36Sopenharmony_ci		defined by the secure variable implementation.  All data is in
6162306a36Sopenharmony_ci		ASCII format. The directory is only created if the backing
6262306a36Sopenharmony_ci		implementation provides variables to populate it, which at
6362306a36Sopenharmony_ci		present is only PLPKS on the pseries platform.
6462306a36Sopenharmony_ci
6562306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/version
6662306a36Sopenharmony_ciDate:		February 2023
6762306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
6862306a36Sopenharmony_ciDescription:	Config version as reported by the hypervisor in ASCII decimal
6962306a36Sopenharmony_ci		format.
7062306a36Sopenharmony_ci
7162306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
7262306a36Sopenharmony_ci
7362306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/max_object_size
7462306a36Sopenharmony_ciDate:		February 2023
7562306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
7662306a36Sopenharmony_ciDescription:	Maximum allowed size of	objects in the keystore in bytes,
7762306a36Sopenharmony_ci		represented in ASCII decimal format.
7862306a36Sopenharmony_ci
7962306a36Sopenharmony_ci		This is not necessarily the same as the max size that can be
8062306a36Sopenharmony_ci		written to an update file as writes can contain more than
8162306a36Sopenharmony_ci		object data, you should use the size of the update file for
8262306a36Sopenharmony_ci		that purpose.
8362306a36Sopenharmony_ci
8462306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
8562306a36Sopenharmony_ci
8662306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/total_size
8762306a36Sopenharmony_ciDate:		February 2023
8862306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
8962306a36Sopenharmony_ciDescription:	Total size of the PLPKS in bytes, represented in ASCII decimal
9062306a36Sopenharmony_ci		format.
9162306a36Sopenharmony_ci
9262306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
9362306a36Sopenharmony_ci
9462306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/used_space
9562306a36Sopenharmony_ciDate:		February 2023
9662306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
9762306a36Sopenharmony_ciDescription:	Current space consumed by the key store, in bytes, represented
9862306a36Sopenharmony_ci		in ASCII decimal format.
9962306a36Sopenharmony_ci
10062306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
10162306a36Sopenharmony_ci
10262306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/supported_policies
10362306a36Sopenharmony_ciDate:		February 2023
10462306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
10562306a36Sopenharmony_ciDescription:	Bitmask of supported policy flags by the hypervisor,
10662306a36Sopenharmony_ci		represented as an 8 byte hexadecimal ASCII string. Consult the
10762306a36Sopenharmony_ci		hypervisor documentation for what these flags are.
10862306a36Sopenharmony_ci
10962306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
11062306a36Sopenharmony_ci
11162306a36Sopenharmony_ciWhat:		/sys/firmware/secvar/config/signed_update_algorithms
11262306a36Sopenharmony_ciDate:		February 2023
11362306a36Sopenharmony_ciContact:	Nayna Jain <nayna@linux.ibm.com>
11462306a36Sopenharmony_ciDescription:	Bitmask of flags indicating which algorithms the hypervisor
11562306a36Sopenharmony_ci		supports for signed update of objects, represented as a 16 byte
11662306a36Sopenharmony_ci		hexadecimal ASCII string. Consult the hypervisor documentation
11762306a36Sopenharmony_ci		for what these flags mean.
11862306a36Sopenharmony_ci
11962306a36Sopenharmony_ci		Currently only provided by PLPKS on the pseries platform.
120