[Skiboot] [RFC 6/6] secureboot: initialize secure variables on secureboot init
Eric Richter
erichte at linux.ibm.com
Fri Mar 29 09:17:54 AEDT 2019
The secure variable storage needs to be loaded on boot, as the kernel
or sysadmins may need to access the secure variables.
This is a somewhat temporary initialization spot; it may be better
initialized somewhere else. Secure variable access should be
independent of firmware secure boot.
Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
libstb/secureboot.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 4f6a301d..a6bc1712 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -24,6 +24,7 @@
#include <opal-api.h>
#include <inttypes.h>
#include "secureboot.h"
+#include "secvar.h"
static const void* hw_key_hash = NULL;
static size_t hw_key_hash_size;
@@ -83,6 +84,8 @@ void secureboot_init(void)
int version;
size_t size;
+ secvar_init();
+
node = dt_find_by_path(dt_root, "/ibm,secureboot");
if (!node) {
prlog(PR_NOTICE, "secure boot not supported\n");
--
2.17.2
More information about the Skiboot
mailing list