[Skiboot] [PATCH] libstb/stb.c: force skiboot to ignore the secure mode flag

Stewart Smith stewart at linux.vnet.ibm.com
Tue Oct 25 20:05:49 AEDT 2016


Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
> The secure ROM code must not be called to verify CAPP and BOOTKERNEL
> while the PNOR build process is not changed to add containers for these
> two partitions.
>
> This sets 'secure_mode=false' after the secure-enabled devtree property is
> read from the device tree.
>
> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>

So, seeing as we now have code to correctly parse the stb headers, I'm
not really wanting to merge this patch.

If we get the values in the device tree, then we should obey them.

If we're meant to *not* obey them, then I'd say the correct course of
action would be to have hostboot give us something else in the device
tree.

So... not going to merge this for 5.4.0-rc2, and if someone needs this
functionality, I'd suggest they patch hostboot instead, or use a
modified version of this patch but one that deletes the secure-boot
property from the device tree.

-- 
Stewart Smith
OPAL Architect, IBM.



More information about the Skiboot mailing list