[PATCH v9 3/4] efi: Register efi_secret platform device if EFI secret area is declared

Gerd Hoffmann kraxel at redhat.com
Thu Apr 7 10:37:17 UTC 2022


On Thu, Mar 31, 2022 at 09:56:06PM +0000, Dov Murik wrote:
> During efi initialization, check if coco_secret is defined in the EFI
> configuration table; in such case, register platform device
> "efi_secret".  This allows udev to automatically load the efi_secret
> module (platform driver), which in turn will populate the
> <securityfs>/secrets/coco directory in guests into which secrets were
> injected.
> 
> Note that a declared address of an EFI secret area doesn't mean that
> secrets where indeed injected to that area; if the secret area is not
> populated, the driver will not load (but the platform device will still
> be registered).
> 
> Signed-off-by: Dov Murik <dovmurik at linux.ibm.com>

Reviewed-by: Gerd Hoffmann <kraxel at redhat.com>



More information about the Linux-security-module-archive mailing list