[Skiboot] [RFC 6/6] secureboot: initialize secure variables on secureboot init

Eric Richter erichte at linux.ibm.com
Fri Mar 29 09:17:54 AEDT 2019

The secure variable storage needs to be loaded on boot, as the kernel
or sysadmins may need to access the secure variables.

This is a somewhat temporary initialization spot; it may be better
initialized somewhere else. Secure variable access should be
independent of firmware secure boot.

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
 libstb/secureboot.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 4f6a301d..a6bc1712 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -24,6 +24,7 @@
 #include <opal-api.h>
 #include <inttypes.h>
 #include "secureboot.h"
+#include "secvar.h"
 static const void* hw_key_hash = NULL;
 static size_t hw_key_hash_size;
@@ -83,6 +84,8 @@ void secureboot_init(void)
 	int version;
 	size_t size;
+	secvar_init();
 	node = dt_find_by_path(dt_root, "/ibm,secureboot");
 	if (!node) {
 		prlog(PR_NOTICE, "secure boot not supported\n");

More information about the Skiboot mailing list