powerpc/pseries: Turn PSERIES_PLPKS into a hidden option

It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> Signed-off-by: Russell Currey <ruscur@russell.cc> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20230210080401.345462-21-ajd@linux.ibm.com

powerpc/pseries: Turn PSERIES_PLPKS into a hidden option
It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> Signed-off-by: Russell Currey <ruscur@russell.cc> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20230210080401.345462-21-ajd@linux.ibm.com
46b2cbeb · Andrew Donnellan · Michael Ellerman · 0cf2cc1f · 46b2cbeb · 46b2cbeb
Commit 46b2cbeb authored Feb 10, 2023 by Andrew Donnellan Committed by Michael Ellerman Feb 12, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 10 deletions

arch/powerpc/Kconfig arch/powerpc/Kconfig +1 -0

arch/powerpc/platforms/pseries/Kconfig arch/powerpc/platforms/pseries/Kconfig +9 -10

No files found.
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -1042,6 +1042,7 @@ config PPC_SECURE_BOOT
 	depends on PPC_POWERNV || PPC_PSERIES
 	depends on IMA_ARCH_POLICY
 	imply IMA_SECURE_AND_OR_TRUSTED_BOOT
+	select PSERIES_PLPKS if PPC_PSERIES
 	help
 	  Systems with firmware secure boot enabled need to define security
 	  policies to extend secure boot to the OS. This config allows a user

--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -151,16 +151,15 @@ config IBMEBUS
 config PSERIES_PLPKS
 	depends on PPC_PSERIES
-	bool "Support for the Platform Key Storage"
+	bool
-	help
+	# PowerVM provides an isolated Platform Keystore (PKS) storage
-	  PowerVM provides an isolated Platform Keystore(PKS) storage
+	# allocation for each LPAR with individually managed access
-	  allocation for each LPAR with individually managed access
+	# controls to store sensitive information securely. It can be
-	  controls to store sensitive information securely. It can be
+	# used to store asymmetric public keys or secrets as required
-	  used to store asymmetric public keys or secrets as required
+	# by different usecases.
-	  by different usecases. Select this config to enable
+	#
-	  operating system interface to hypervisor to access this space.
+	# This option is selected by in-kernel consumers that require
+	# access to the PKS.
-	  If unsure, select N.
 config PAPR_SCM
 	depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM