[Skiboot] [PATCH 17/19] libstb: integrate changes made to support POWER9
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Nov 23 00:25:15 AEDT 2017
>> +void stb_init(void)
>> {
>> - int r;
>> - const char *name = NULL;
>> -
>> - if (!secure_mode) {
>> - prlog(PR_INFO, "STB: %s skipped resource %d, "
>> - "secure_mode=0\n", __func__, id);
>> - return STB_SECURE_MODE_DISABLED;
>> - }
>> - r = stb_resource_lookup(id);
>> - if (r == -1)
>> - /**
>> - * @fwts-label STBVerifyResourceNotMapped
>> - * @fwts-advice Unregistered resources can be verified, but not
>> - * measured. The resource should be registered in the
>> - * resource_map[] array, otherwise the resource cannot be
>> - * measured if trusted mode is on.
>> - */
>> - prlog(PR_WARNING, "STB: verifying the non-expected "
>> - "resource %d\n", id);
>> - else
>> - name = resource_map[r].name;
>> - if (!rom_driver || !rom_driver->verify) {
>> - prlog(PR_EMERG, "STB: secure boot not initialized\n");
>> - sb_enforce();
>> - }
>> - if (!buf || len < SECURE_BOOT_HEADERS_SIZE) {
>> - prlog(PR_EMERG, "STB: %s arg error: id %d, buf %p, len %zd\n",
>> - __func__, id, buf, len);
>> - sb_enforce();
>> - }
>> - if (rom_driver->verify(buf)) {
>> - prlog(PR_EMERG, "STB: %s failed: resource %s, "
>> - "eyecatcher 0x%016llx\n", __func__, name,
>> - *((uint64_t*)buf));
>> - sb_enforce();
>> - }
>> - prlog(PR_NOTICE, "STB: %s verified\n", name);
>> - return 0;
>> + secureboot_init();
>> + trustedboot_init();
> Can you put this at the call site(s?) of stb_init() and get rid of
> what's left here?
Yes, I will do it.
Claudio
More information about the Skiboot
mailing list