[Skiboot] [PATCH v4 07/18] hdata/spira: add physical presence flags

Eric Richter erichte at linux.ibm.com
Tue May 12 07:31:41 AEST 2020


From: Nayna Jain <nayna at linux.ibm.com>

This patch reads the hdata bits to check for physical presence
assertion, and creates device tree entries to be consumed later in the
boot.

Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
 hdata/spira.c | 11 +++++++++++
 hdata/spira.h |  7 ++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/hdata/spira.c b/hdata/spira.c
index 35d6109d..deb2dea4 100644
--- a/hdata/spira.c
+++ b/hdata/spira.c
@@ -921,6 +921,7 @@ static void dt_init_secureboot_node(const struct iplparams_sysparams *sysparams)
 	struct dt_node *node;
 	u16 sys_sec_setting;
 	u16 hw_key_hash_size;
+	u16 host_fw_key_clear;
 
 	node = dt_new(dt_root, "ibm,secureboot");
 	assert(node);
@@ -933,6 +934,16 @@ static void dt_init_secureboot_node(const struct iplparams_sysparams *sysparams)
 		dt_add_property(node, "secure-enabled", NULL, 0);
 	if (sys_sec_setting & SEC_HASHES_EXTENDED_TO_TPM)
 		dt_add_property(node, "trusted-enabled", NULL, 0);
+	if (sys_sec_setting & PHYSICAL_PRESENCE_ASSERTED)
+		dt_add_property(node, "physical-presence-asserted", NULL, 0);
+
+	host_fw_key_clear = be16_to_cpu(sysparams->host_fw_key_clear);
+	if (host_fw_key_clear & KEY_CLEAR_OS_KEYS)
+		dt_add_property(node, "clear-os-keys", NULL, 0);
+	if (host_fw_key_clear & KEY_CLEAR_MFG)
+		dt_add_property(node, "clear-mfg-keys", NULL, 0);
+	if (host_fw_key_clear & KEY_CLEAR_ALL)
+		dt_add_property(node, "clear-all-keys", NULL, 0);
 
 	hw_key_hash_size = be16_to_cpu(sysparams->hw_key_hash_size);
 
diff --git a/hdata/spira.h b/hdata/spira.h
index ffe53942..f7a1b823 100644
--- a/hdata/spira.h
+++ b/hdata/spira.h
@@ -364,10 +364,15 @@ struct iplparams_sysparams {
 	__be16		hv_disp_wheel;		/* >= 0x58 */
 	__be32		nest_freq_mhz;		/* >= 0x5b */
 	uint8_t		split_core_mode;	/* >= 0x5c */
-	uint8_t		reserved[3];
+	uint8_t		reserved[1];
+#define KEY_CLEAR_ALL     PPC_BIT16(0)
+#define KEY_CLEAR_OS_KEYS PPC_BIT16(1)
+#define KEY_CLEAR_MFG     PPC_BIT16(7)
+	__be16          host_fw_key_clear;
 	uint8_t		sys_vendor[64];		/* >= 0x5f */
 #define SEC_CONTAINER_SIG_CHECKING PPC_BIT16(0)
 #define SEC_HASHES_EXTENDED_TO_TPM PPC_BIT16(1)
+#define PHYSICAL_PRESENCE_ASSERTED PPC_BIT16(3)
 	__be16		sys_sec_setting;	/* >= 0x60 */
 	__be16		tpm_config_bit;		/* >= 0x60 */
 	__be16		tpm_drawer;		/* >= 0x60 */
-- 
2.21.1



More information about the Skiboot mailing list