powerpc/pseries: Turn PSERIES_PLPKS into a hidden option

It seems a bit unnecessary for the PLPKS code to have a user-visible
config option when it doesn't do anything on its own, and there's existing
options for enabling Secure Boot-related features.

It should be enabled by PPC_SECURE_BOOT, which will eventually be what
uses PLPKS to populate keyrings.

However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.

Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.

Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Russell Currey <ruscur@russell.cc>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20230210080401.345462-21-ajd@linux.ibm.com

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 006f019fde63850e95054c47260415492e9c18f5..2c9cdf1d8761204f18787566fb778ce77ac9931b 100644 (file)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -1042,6 +1042,7 @@ config PPC_SECURE_BOOT
        depends on PPC_POWERNV || PPC_PSERIES
        depends on IMA_ARCH_POLICY
        imply IMA_SECURE_AND_OR_TRUSTED_BOOT
+       select PSERIES_PLPKS if PPC_PSERIES
        help
          Systems with firmware secure boot enabled need to define security
          policies to extend secure boot to the OS. This config allows a user

diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index a3b4d99567cbec70bdfbc49e49a920269648561b..e51d659693185b9f73396e87229a188bb0f6a935 100644 (file)
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -151,16 +151,15 @@ config IBMEBUS
 
 config PSERIES_PLPKS
        depends on PPC_PSERIES
-       bool "Support for the Platform Key Storage"
-       help
-         PowerVM provides an isolated Platform Keystore(PKS) storage
-         allocation for each LPAR with individually managed access
-         controls to store sensitive information securely. It can be
-         used to store asymmetric public keys or secrets as required
-         by different usecases. Select this config to enable
-         operating system interface to hypervisor to access this space.
-
-         If unsure, select N.
+       bool
+       # PowerVM provides an isolated Platform Keystore (PKS) storage
+       # allocation for each LPAR with individually managed access
+       # controls to store sensitive information securely. It can be
+       # used to store asymmetric public keys or secrets as required
+       # by different usecases.
+       #
+       # This option is selected by in-kernel consumers that require
+       # access to the PKS.
 
 config PAPR_SCM
        depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM