On 05/20/2019 02:25 AM, Daniel Axtens wrote:
Hi all, As PowerNV moves towards secure boot, we need a place to put secure variables. One option that has been canvassed is to make our secure variables look like EFI variables. This is an early sketch of another approach where we create a generic firmware variable file system, fwvarfs, and an OPAL Secure Variable backend for it.
Is there a need of new filesystem ? I am wondering why can't these be exposed via sysfs / securityfs ? Probably, something like... /sys/firmware/secureboot or /sys/kernel/security/secureboot/ ?
Also, it sounds like this is needed only for secure firmware variables and does not include other firmware variables which are not security relevant ? Is that correct understanding ?
Thanks & Regards, - Nayna
