[Skiboot] [PATCH v2 3/9] secureboot: initialize secure variables if supported by the platform
Eric Richter
erichte at linux.ibm.com
Wed Jun 26 08:02:09 AEST 2019
Platforms determine whether or not they support secure boot by implementing
a specific hook. After firmware secureboot has been initialized, if the
platform hook has been implemented, we increase the secureboot version to
"ibm,secureboot-v3" indicating secure variables are supported. The secure
variables are then initialized.
Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
libstb/secureboot.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 1578f52e..d8ed61b8 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -75,6 +75,24 @@ bool secureboot_is_compatible(struct dt_node *node, int *version, const char **c
return false;
}
+static int update_secureboot_compatible(void)
+{
+ struct dt_node *sb_node;
+ struct dt_property *sb_compat;
+
+ sb_node = dt_find_by_path(dt_root, "/ibm,secureboot/");
+ if (!sb_node)
+ return 1;
+
+ sb_compat = (struct dt_property*) dt_find_property(sb_node, "compatible");
+ if (!sb_compat)
+ return 2;
+
+ strcpy(sb_compat->prop, "ibm,secureboot-v3");
+
+ return 0;
+}
+
void secureboot_init(void)
{
struct dt_node *node;
@@ -170,6 +188,11 @@ void secureboot_init(void)
if (cvc_init())
secureboot_enforce();
+ if (platform.secvar_init) {
+ if (update_secureboot_compatible())
+ secureboot_enforce();
+ platform.secvar_init();
+ }
secure_init = true;
}
--
2.20.1
More information about the Skiboot
mailing list