[PATCH v10 3/4] efi: Register efi_secret platform device if EFI secret area is declared
Dov Murik
dovmurik at linux.ibm.com
Tue Apr 12 21:21:26 UTC 2022
During efi initialization, check if coco_secret is defined in the EFI
configuration table; in such case, register platform device
"efi_secret". This allows udev to automatically load the efi_secret
module (platform driver), which in turn will populate the
<securityfs>/secrets/coco directory in guests into which secrets were
injected.
Note that a declared address of an EFI secret area doesn't mean that
secrets where indeed injected to that area; if the secret area is not
populated, the driver will not load (but the platform device will still
be registered).
Signed-off-by: Dov Murik <dovmurik at linux.ibm.com>
Reviewed-by: Gerd Hoffmann <kraxel at redhat.com>
---
drivers/firmware/efi/efi.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 378d044b2463..b8e68a121119 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -425,6 +425,11 @@ static int __init efisubsys_init(void)
if (efi_enabled(EFI_DBG) && efi_enabled(EFI_PRESERVE_BS_REGIONS))
efi_debugfs_init();
+#ifdef CONFIG_EFI_COCO_SECRET
+ if (efi.coco_secret != EFI_INVALID_TABLE_ADDR)
+ platform_device_register_simple("efi_secret", 0, NULL, 0);
+#endif
+
return 0;
err_remove_group:
--
2.25.1
More information about the Linux-security-module-archive
mailing list