Hi Thiago, > So even if not ideal, the solution above is desirable for powerpc. We would > like to preserve the ability of allowing userspace to pass parameters to the > OS via the DTB, even if secure boot is enabled. > > I would like to turn the above into a proposal: > > Extend the syscall as shown in this RFC from Takahiro AKASHI, but instead of > accepting a complete DTB from userspace, the syscall accepts a DTB > containing only a /chosen node. If the DTB contains any other node, the > syscall fails with EINVAL. If the DTB contains any subnode in /chosen, or if > there's a compatible or device_type property in /chosen, the syscall fails > with EINVAL as well. This works for me. We could even have it as just a DTB fragment that is merged *at* the /chosen/ node of the kernel-device tree - so would not contain a /chosen node itself, and it would be impossible to provide nodes outside of /chosen. Either is fine. Thanks! Jeremy