[Skiboot] [PATCH] libstb/secureboot: Disable secureboot in OPAL by nvram
Pridhiviraj Paidipeddi
ppaidipe at linux.vnet.ibm.com
Wed May 9 19:10:24 AEST 2018
Currently custom debug petitboot kernels failed to boot on secureboot
enabled systems as the key verification fails results in enforcing the
boot. Due to which debugging any problems in petitboot kernel in secure
boot enabled systems become hard.
This patch provides a way to disable secureboot in OPAL by using below
nvram command.
nvram -p ibm,skiboot --update-config force-secure-mode=false
Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe at linux.vnet.ibm.com>
---
libstb/secureboot.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 348acf5..8c8a9d6 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -107,6 +107,9 @@ void secureboot_init(void)
if (nvram_query_eq("force-secure-mode", "always")) {
secure_mode = true;
prlog(PR_NOTICE, "secure mode on (FORCED by nvram)\n");
+ } else if (nvram_query_eq("force-secure-mode", "false")) {
+ secure_mode = false;
+ prlog(PR_NOTICE, "secure mode off (FORCED by nvram)\n");
} else {
secure_mode = dt_has_node_property(node, "secure-enabled", NULL);
prlog(PR_NOTICE, "secure mode %s\n",
--
2.7.4
More information about the Skiboot
mailing list