[Skiboot] [PATCH 08/13] libstb: clean up the force-secure-mode and force-trusted-mode from nvram
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Aug 31 16:45:56 AEST 2017
This just renames the ibm_secureboot variable to node and organize the
code that checks the force-secure-mode and force-trusted-mode from
nvram.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
libstb/stb.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/libstb/stb.c b/libstb/stb.c
index eb77038..a238378 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -90,41 +90,35 @@ static void sb_enforce(void)
void stb_init(void)
{
- struct dt_node *ibm_secureboot;
- /*
- * The ibm,secureboot device tree properties are documented in
- * 'doc/device-tree/ibm,secureboot.rst'
- */
- ibm_secureboot = dt_find_by_path(dt_root, "/ibm,secureboot");
- if (ibm_secureboot == NULL) {
+ struct dt_node *node;
+
+ node = dt_find_by_path(dt_root, "/ibm,secureboot");
+ if (!node) {
prlog(PR_NOTICE,"STB: secure and trusted boot not supported\n");
return;
}
- secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled",
- NULL);
-
if (nvram_query_eq("force-secure-mode", "always")) {
- prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n");
secure_mode = true;
- } else if (secure_mode) {
- prlog(PR_NOTICE, "STB: secure mode on.\n");
+ prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n");
} else {
- prlog(PR_NOTICE, "STB: secure mode off\n");
+ secure_mode = dt_has_node_property(node, "secure-enabled", NULL);
+ prlog(PR_NOTICE, "STB: secure mode %s\n",
+ secure_mode ? "on" : "off");
}
- trusted_mode = dt_has_node_property(ibm_secureboot, "trusted-enabled",
- NULL);
if (nvram_query_eq("force-trusted-mode", "true")) {
- prlog(PR_NOTICE, "STB: trusted mode ON (from NVRAM)\n");
trusted_mode = true;
+ prlog(PR_NOTICE, "STB: trusted mode on (FORCED by nvram)\n");
+ } else {
+ trusted_mode = dt_has_node_property(node, "trusted-enabled", NULL);
+ prlog(PR_NOTICE, "STB: trusted mode %s\n",
+ trusted_mode ? "on" : "off");
}
- prlog(PR_NOTICE, "STB: trusted mode %s\n",
- trusted_mode ? "on" : "off");
if (!secure_mode && !trusted_mode)
return;
- c1vc = rom_init(ibm_secureboot);
+ c1vc = rom_init(node);
if (secure_mode && !c1vc) {
prlog(PR_EMERG, "STB: compatible romcode driver not found\n");
sb_enforce();
--
2.7.4
More information about the Skiboot
mailing list