[Skiboot] [PATCH v2 09/14] libstb: clean up the force-secure-mode and force-trusted-mode from nvram

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Aug 31 17:24:40 AEST 2017


This just renames the ibm_secureboot variable to node and organize the
code that checks the force-secure-mode and force-trusted-mode from
nvram.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 libstb/stb.c | 34 ++++++++++++++--------------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/libstb/stb.c b/libstb/stb.c
index eb77038..a238378 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -90,41 +90,35 @@ static void sb_enforce(void)
 
 void stb_init(void)
 {
-	struct dt_node *ibm_secureboot;
-	/*
-	 * The ibm,secureboot device tree properties are documented in
-	 * 'doc/device-tree/ibm,secureboot.rst'
-	 */
-	ibm_secureboot = dt_find_by_path(dt_root, "/ibm,secureboot");
-	if (ibm_secureboot == NULL) {
+	struct dt_node *node;
+
+	node = dt_find_by_path(dt_root, "/ibm,secureboot");
+	if (!node) {
 		prlog(PR_NOTICE,"STB: secure and trusted boot not supported\n");
 		return;
 	}
 
-	secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled",
-					   NULL);
-
 	if (nvram_query_eq("force-secure-mode", "always")) {
-		prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n");
 		secure_mode = true;
-	} else if (secure_mode) {
-		prlog(PR_NOTICE, "STB: secure mode on.\n");
+		prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n");
 	} else {
-		prlog(PR_NOTICE, "STB: secure mode off\n");
+		secure_mode = dt_has_node_property(node, "secure-enabled", NULL);
+		prlog(PR_NOTICE, "STB: secure mode %s\n",
+		      secure_mode ? "on" : "off");
 	}
 
-	trusted_mode = dt_has_node_property(ibm_secureboot, "trusted-enabled",
-					    NULL);
 	if (nvram_query_eq("force-trusted-mode", "true")) {
-		prlog(PR_NOTICE, "STB: trusted mode ON (from NVRAM)\n");
 		trusted_mode = true;
+		prlog(PR_NOTICE, "STB: trusted mode on (FORCED by nvram)\n");
+	} else {
+		trusted_mode = dt_has_node_property(node, "trusted-enabled", NULL);
+		prlog(PR_NOTICE, "STB: trusted mode %s\n",
+		      trusted_mode ? "on" : "off");
 	}
-	prlog(PR_NOTICE, "STB: trusted mode %s\n",
-	      trusted_mode ? "on" : "off");
 
 	if (!secure_mode && !trusted_mode)
 		return;
-	c1vc = rom_init(ibm_secureboot);
+	c1vc = rom_init(node);
 	if (secure_mode && !c1vc) {
 		prlog(PR_EMERG, "STB: compatible romcode driver not found\n");
 		sb_enforce();
-- 
2.7.4



More information about the Skiboot mailing list