[Skiboot] [PATCH v4 02/18] libstb/secureboot: OS Secure Boot is enabled only if FW secureboot is enabled

[Oliver O'Halloran]

On Mon, 2020-05-11 at 16:31 -0500, Eric Richter wrote:
> From: Nayna Jain <nayna at linux.ibm.com>
> 
> Secure variables are initialized and processed only if FW secureboot
> is enabled. This ensures that underlying verification chain is satisfied
> and secure variables cannot be faked by a malicious skiboot.

This doesn't make any sense.

> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
> Signed-off-by: Eric Richter <erichte at linux.ibm.com>
> ---
>  core/init.c         | 2 +-
>  libstb/secureboot.c | 5 +++++
>  libstb/secureboot.h | 1 +
>  3 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/core/init.c b/core/init.c
> index 63e3f97a..892b4740 100644
> --- a/core/init.c
> +++ b/core/init.c
> @@ -1263,7 +1263,7 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt)
>  	trustedboot_init();
>  
>  	/* Secure variables init, handled by platform */
> -	if (platform.secvar_init)
> +	if (platform.secvar_init && is_fw_secureboot())
>  		platform.secvar_init();
>  
>  	/*
> diff --git a/libstb/secureboot.c b/libstb/secureboot.c
> index 2a4b975e..f2892400 100644
> --- a/libstb/secureboot.c
> +++ b/libstb/secureboot.c
> @@ -61,6 +61,11 @@ bool secureboot_is_compatible(struct dt_node *node, int *version, const char **c
>  	return false;
>  }
>  
> +bool is_fw_secureboot(void)
> +{
> +	return secure_mode;
> +}
> +
>  void secureboot_init(void)
>  {
>  	struct dt_node *node;
> diff --git a/libstb/secureboot.h b/libstb/secureboot.h
> index 721b28de..74e93c84 100644
> --- a/libstb/secureboot.h
> +++ b/libstb/secureboot.h
> @@ -18,6 +18,7 @@ enum secureboot_version {
>  void secureboot_enforce(void);
>  bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat);
>  void secureboot_init(void);
> +bool is_fw_secureboot(void);
>  
>  /**
>   * secureboot_verify - verify a PNOR partition content