[Skiboot] [PATCH v2 12/12] witherspoon: enable secvar for witherspoon platform

Eric Richter erichte at linux.ibm.com
Mon Jan 20 13:37:00 AEDT 2020


Secure variable support needs to be enabled for each platform, and each
platform needs to select which storage and backend drivers to use (or
alternatively implement their own). This patch adds secure variable
support to the witherspoon platform.

NOTE: This patch includes commented out code to enable "Fake NV" mode,
intended for review purposes only. To review or test secure variables
on a non-witherspoon platform, replace this patch with a similar
one for your given platform with the Fake NV lines uncommented.

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
 platforms/astbmc/witherspoon.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c
index c576a176..cbaa9b97 100644
--- a/platforms/astbmc/witherspoon.c
+++ b/platforms/astbmc/witherspoon.c
@@ -17,6 +17,9 @@
 #include <npu2.h>
 #include <occ.h>
 #include <i2c.h>
+#include <secvar.h>
+#include "libstb/secvar/secvar_tpmnv.h"
+#include "libstb/secvar/storage/secboot_tpm.h"
 
 #include "astbmc.h"
 #include "ast.h"
@@ -506,6 +509,15 @@ static void witherspoon_finalise_dt(bool is_reboot)
 	}
 }
 
+static int witherspoon_secvar_init(void)
+{
+	// REMOVE THESE TO USE ACTUAL TPM
+//	tpm_fake_nv = 1;
+//	tpm_fake_nv_offset = sizeof(struct secboot);
+
+        return secvar_main(secboot_tpm_driver, edk2_compatible_v1);
+}
+
 /* The only difference between these is the PCI slot handling */
 
 DECLARE_PLATFORM(witherspoon) = {
@@ -527,4 +539,5 @@ DECLARE_PLATFORM(witherspoon) = {
 	.ocapi                  = &witherspoon_ocapi,
 	.npu2_device_detect	= witherspoon_npu2_device_detect,
 	.op_display		= op_display_lpc,
+	.secvar_init		= witherspoon_secvar_init,
 };
-- 
2.21.0



More information about the Skiboot mailing list